1. 23 2月, 2015 1 次提交
    • R
      fix pthread_cond_wait cancellation race · 8741ffe6
      Rich Felker 提交于
      it's possible that signaling a waiter races with cancellation of that
      same waiter. previously, cancellation was acted upon, causing the
      signal to be consumed with no waiter returning. by using the new
      masked cancellation state, it's possible to refuse to act on the
      cancellation request and instead leave it pending.
      
      to ease review and understanding of the changes made, this commit
      leaves the unwait function, which was previously the cancellation
      cleanup handler, in place. additional simplifications could be made by
      removing it.
      8741ffe6
  2. 22 2月, 2015 1 次提交
    • R
      add new masked cancellation mode · 102f6a01
      Rich Felker 提交于
      this is a new extension which is presently intended only for
      experimental and internal libc use. interface and behavior details may
      change subject to feedback and experience from using it internally.
      
      the basic concept for the new PTHREAD_CANCEL_MASKED state is that the
      first cancellation point to observe the cancellation request fails
      with an errno value of ECANCELED rather than acting on cancellation,
      allowing the caller to process the status and choose whether/how to
      act upon it.
      102f6a01
  3. 21 2月, 2015 2 次提交
  4. 17 2月, 2015 1 次提交
  5. 15 2月, 2015 1 次提交
    • R
      fix type error (arch-dependent) in new aio code · fd850de7
      Rich Felker 提交于
      a_store is only valid for int, but ssize_t may be defined as long or
      another type. since there is no valid way for another thread to acess
      the return value without first checking the error/completion status of
      the aiocb anyway, an atomic store is not necessary.
      fd850de7
  6. 13 2月, 2015 2 次提交
    • J
      refactor group file access code · 7c5f0a52
      Josiah Worcester 提交于
      this allows getgrnam and getgrgid to share code with the _r versions
      in preparation for alternate backend support.
      7c5f0a52
    • R
      overhaul aio implementation for correctness · 4e8a3561
      Rich Felker 提交于
      previously, aio operations were not tracked by file descriptor; each
      operation was completely independent. this resulted in non-conforming
      behavior for non-seekable/append-mode writes (which are required to be
      ordered) and made it impossible to implement aio_cancel, which in turn
      made closing file descriptors with outstanding aio operations unsafe.
      
      the new implementation is significantly heavier (roughly twice the
      size, and seems to be slightly slower) and presently aims mainly at
      correctness, not performance.
      
      most of the public interfaces have been moved into a single file,
      aio.c, because there is little benefit to be had from splitting them.
      whenever any aio functions are used, aio_cancel and the internal
      queue lifetime management and fd-to-queue mapping code must be linked,
      and these functions make up the bulk of the code size.
      
      the close function's interaction with aio is implemented with weak
      alias magic, to avoid pulling in heavy aio cancellation code in
      programs that don't use aio, and the expensive cancellation path
      (which includes signal blocking) is optimized out when there are no
      active aio queues.
      4e8a3561
  7. 11 2月, 2015 5 次提交
    • R
      fix bad character checking in wordexp · 594ffed8
      Rich Felker 提交于
      the character sequence '$((' was incorrectly interpreted as the
      opening of arithmetic even within single-quoted contexts, thereby
      suppressing the checks for bad characters after the closing quote.
      
      presently bad character checking is only performed when the WRDE_NOCMD
      is used; this patch only corrects checking in that case.
      594ffed8
    • J
      refactor passwd file access code · 700e0899
      Josiah Worcester 提交于
      this allows getpwnam and getpwuid to share code with the _r versions
      in preparation for alternate backend support.
      700e0899
    • D
      x86_64/memset: avoid performing final store twice · 74e334dc
      Denys Vlasenko 提交于
      The code does a potentially misaligned 8-byte store to fill the tail
      of the buffer. Then it fills the initial part of the buffer
      which is a multiple of 8 bytes.
      Therefore, if size is divisible by 8, we were storing last word twice.
      
      This patch decrements byte count before dividing it by 8,
      making one less store in "size is divisible by 8" case,
      and not changing anything in all other cases.
      All at the cost of replacing one MOV insn with LEA insn.
      Signed-off-by: NDenys Vlasenko <vda.linux@googlemail.com>
      74e334dc
    • D
      x86_64/memset: simple optimizations · bf2071ed
      Denys Vlasenko 提交于
      "and $0xff,%esi" is a six-byte insn (81 e6 ff 00 00 00), can use
      4-byte "movzbl %sil,%esi" (40 0f b6 f6) instead.
      
      64-bit imul is slow, move it as far up as possible so that the result
      (rax) has more time to be ready by the time we start using it
      in mem stores.
      
      There is no need to shuffle registers in preparation to "rep movs"
      if we are not going to take that code path. Thus, patch moves
      "jump if len < 16" instructions up, and changes alternate code path
      to use rdx and rdi instead of rcx and r8.
      Signed-off-by: NDenys Vlasenko <vda.linux@googlemail.com>
      bf2071ed
    • T
      6a5242e4
  8. 10 2月, 2015 4 次提交
    • S
      add syscall numbers for the new execveat syscall · f54c28cb
      Szabolcs Nagy 提交于
      this syscall allows fexecve to be implemented without /proc, it is new
      in linux v3.19, added in commit 51f39a1f0cea1cacf8c787f652f26dfee9611874
      (sh and microblaze do not have allocated syscall numbers yet)
      
      added a x32 fix as well: the io_setup and io_submit syscalls are no
      longer common with x86_64, so use the x32 specific numbers.
      f54c28cb
    • S
      add new socket options SO_INCOMING_CPU, SO_ATTACH_BPF, SO_DETACH_BPF · 70572dce
      Szabolcs Nagy 提交于
      these socket options are new in linux v3.19, introduced in commit
      2c8c56e15df3d4c2af3d656e44feb18789f75837 and commit
      89aa075832b0da4402acebd698d0411dcc82d03e
      
      with SO_INCOMING_CPU the cpu can be queried on which a socket is
      managed inside the kernel and optimize polling of large number of
      sockets accordingly.
      
      SO_ATTACH_BPF lets eBPF programs (created by the bpf syscall) to
      be attached to sockets.
      70572dce
    • S
      use the internal macro name FUTEX_PRIVATE in __wait · 339cc250
      Szabolcs Nagy 提交于
      the name was recently added for the setxid/synccall rework,
      so use the name now that we have it.
      339cc250
    • S
      add IEEE binary128 long double support to floatscan · f3f29795
      Szabolcs Nagy 提交于
      just defining the necessary constants:
      
       LD_B1B_MAX is 2^113 - 1 in base 10^9
       KMAX is 2048 so the x array can hold up to 18432 decimal digits
      
      (the worst case is converting 2^-16495 = 5^16495 * 10^-16495 to
      binary, it requires the processing of int(log10(5)*16495)+1 = 11530
      decimal digits after discarding the leading zeros, the conversion
      requires some headroom in x, but KMAX is more than enough for that)
      
      However this code is not optimal on archs with IEEE binary128
      long double because the arithmetics is software emulated (on
      all such platforms as far as i know) which means big and slow
      strtod.
      f3f29795
  9. 09 2月, 2015 5 次提交
  10. 08 2月, 2015 2 次提交
    • R
      make getaddrinfo support SOCK_RAW and other socket types · c63c98a6
      Rich Felker 提交于
      all socket types are accepted at this point, but that may be changed
      at a later time if the behavior is not meaningful for other types. as
      before, omitting type (a value of 0) gives both UDP and TCP results,
      and SOCK_DGRAM or SOCK_STREAM restricts to UDP or TCP, respectively.
      for other socket types, the service name argument is required to be a
      null pointer, and the protocol number provided by the caller is used.
      c63c98a6
    • S
      remove cruft from x86_64 syscall.h · e63833cd
      Szabolcs Nagy 提交于
      x86_64 syscall.h defined some musl internal syscall names and made
      them public. These defines were already moved to src/internal/syscall.h
      (except for SYS_fadvise which is added now) so the cruft in x86_64
      syscall.h is not needed.
      e63833cd
  11. 06 2月, 2015 1 次提交
    • R
      fix failure of fchmodat to report EOPNOTSUPP in the race path · 61b1d102
      Rich Felker 提交于
      in the case where a non-symlink file was replaced by a symlink during
      the fchmodat operation with AT_SYMLINK_NOFOLLOW, mode change on the
      new symlink target was successfully suppressed, but the error was not
      reported. instead, fchmodat simply returned 0.
      61b1d102
  12. 05 2月, 2015 1 次提交
  13. 03 2月, 2015 2 次提交
    • R
      make execvp continue PATH search on EACCES rather than issuing an errror · 14a01171
      Rich Felker 提交于
      the specification for execvp itself is unclear as to whether
      encountering a file that cannot be executed due to EACCES during the
      PATH search is a mandatory error condition; however, XBD 8.3's
      specification of the PATH environment variable clarifies that the
      search continues until a file with "appropriate execution permissions"
      is found.
      
      since it seems undesirable/erroneous to report ENOENT rather than
      EACCES when an early path element has a non-executable file and all
      later path elements lack any file by the requested name, the new code
      stores a flag indicating that EACCES was seen and sets errno back to
      EACCES in this case.
      14a01171
    • R
      fix missing memory barrier in cancellation signal handler · 3559f0b8
      Rich Felker 提交于
      in practice this was probably a non-issue, because the necessary
      barrier almost certainly exists in kernel space -- implementing signal
      delivery without such a barrier seems impossible -- but for the sake
      of correctness, it should be done here too.
      
      in principle, without a barrier, it is possible that the thread to be
      cancelled does not see the store of its cancellation flag performed by
      another thread. this affects both the case where the signal arrives
      before entering the critical program counter range from __cp_begin to
      __cp_end (in which case both the signal handler and the inline check
      fail to see the value which was already stored) and the case where the
      signal arrives during the critical range (in which case the signal
      handler should be responsible for cancellation, but when it does not
      see the cancellation flag, it assumes the signal is spurious and
      refuses to act on it).
      
      in the fix, the barrier is placed only in the signal handler, not in
      the inline check at the beginning of the critical program counter
      range. if the signal handler runs before the critical range is
      entered, it will of course take no action, but its barrier will ensure
      that the inline check subsequently sees the store. if on the other
      hand the inline check runs first, it may miss seeing the store, but
      the subsequent signal handler in the critical range will act upon the
      cancellation request. this strategy avoids adding a memory barrier in
      the common, non-cancellation code path.
      3559f0b8
  14. 02 2月, 2015 1 次提交
  15. 31 1月, 2015 5 次提交
  16. 22 1月, 2015 3 次提交
    • R
      fix erroneous return of partial username matches by getspnam[_r] · ecb60819
      Rich Felker 提交于
      when using /etc/shadow (rather than tcb) as its backend, getspnam_r
      matched any username starting with the caller-provided string rather
      than requiring an exact match. in practice this seems to have affected
      only systems where one valid username is a prefix for another valid
      username, and where the longer username appears first in the shadow
      file.
      ecb60819
    • R
      simplify part of getopt_long · 63cac4e2
      Rich Felker 提交于
      as a result of commit e8e4e56a,
      the later code path for setting optarg to a null pointer is no longer
      necessary, and removing it eliminates an indention level and arguably
      makes the code more readable.
      63cac4e2
    • R
      always set optarg in getopt_long · e8e4e56a
      Rich Felker 提交于
      the standard getopt does not touch optarg unless processing an option
      with an argument. however, programs using the GNU getopt API, which we
      attempt to provide in getopt_long, expect optarg to be a null pointer
      after processing an option without an argument.
      
      before argument permutation support was added, such programs typically
      detected its absence and used their own replacement getopt_long,
      masking the discrepency in behavior.
      e8e4e56a
  17. 16 1月, 2015 2 次提交
    • R
      overhaul __synccall and fix AS-safety and other issues in set*id · 78a8ef47
      Rich Felker 提交于
      multi-threaded set*id and setrlimit use the internal __synccall
      function to work around the kernel's wrongful treatment of these
      process properties as thread-local. the old implementation of
      __synccall failed to be AS-safe, despite POSIX requiring setuid and
      setgid to be AS-safe, and was not rigorous in assuring that all
      threads were caught. in a worst case, threads late in the process of
      exiting could retain permissions after setuid reported success, in
      which case attacks to regain dropped permissions may have been
      possible under the right conditions.
      
      the new implementation of __synccall depends on the presence of
      /proc/self/task and will fail if it can't be opened, but is able to
      determine that it has caught all threads, and does not use any locks
      except its own. it thereby achieves AS-safety simply by blocking
      signals to preclude re-entry in the same thread.
      
      with this commit, all known conformance and safety issues in set*id
      functions should be fixed.
      78a8ef47
    • R
      add FUTEX_PRIVATE macro to internal futex.h · 7152a61a
      Rich Felker 提交于
      7152a61a
  18. 15 1月, 2015 1 次提交
    • R
      suppress EINTR in sem_wait and sem_timedwait · c0ed5a20
      Rich Felker 提交于
      per POSIX, the EINTR condition is an optional error for these
      functions, not a mandatory one. since old kernels (pre-2.6.22) failed
      to honor SA_RESTART for the futex syscall, it's dangerous to trust
      EINTR from the kernel. thankfully POSIX offers an easy way out.
      c0ed5a20