summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorLines
2011-08-02unify and overhaul timed futex waitsRich Felker-53/+56
new features: - FUTEX_WAIT_BITSET op will be used for timed waits if available. this saves a call to clock_gettime. - error checking for the timespec struct is now inside __timedwait so it doesn't need to be duplicated everywhere. cond_timedwait still needs to duplicate it to avoid unlocking the mutex, though. - pushing and popping the cancellation handler is delegated to __timedwait, and cancellable/non-cancellable waits are unified.
2011-08-02avoid accessing mutex memory after atomic unlockRich Felker-34/+31
this change is needed to fix a race condition and ensure that it's possible to unlock and destroy or unmap the mutex as soon as pthread_mutex_lock succeeds. POSIX explicitly gives such an example in the rationale and requires an implementation to allow such usage.
2011-08-02fix breakage in cancellation due to signal functions overhaulRich Felker-1/+7
sigaddset was not accepting SIGCANCEL as a valid signal number.
2011-08-02overhaul posix semaphores to fix destructability raceRich Felker-27/+23
the race condition these changes address is described in glibc bug report number 12674: http://sourceware.org/bugzilla/show_bug.cgi?id=12674 up until now, musl has shared the bug, and i had not been able to figure out how to eliminate it. in short, the problem is that it's not valid for sem_post to inspect the waiters count after incrementing the semaphore value, because another thread may have already successfully returned from sem_wait, (rightly) deemed itself the only remaining user of the semaphore, and chosen to destroy and free it (or unmap the shared memory it's stored in). POSIX is not explicit in blessing this usage, but it gives a very explicit analogous example with mutexes (which, in musl and glibc, also suffer from the same race condition bug) in the rationale for pthread_mutex_destroy. the new semaphore implementation augments the waiter count with a redundant waiter indication in the semaphore value itself, representing the presence of "last minute" waiters that may have arrived after sem_post read the waiter count. this allows sem_post to read the waiter count prior to incrementing the semaphore value, rather than after incrementing it, so as to avoid accessing the semaphore memory whatsoever after the increment takes place. a similar, but much simpler, fix should be possible for mutexes and other locking primitives whose usage rules are stricter than semaphores.
2011-08-01fix wrong messages in gai_strerrorRich Felker-0/+2
i had missed the fact that a couple values were unassigned...
2011-08-01port numbers should always be interpreted as decimalRich Felker-1/+1
per POSIX and RFC 3493: If the specified address family is AF_INET, AF_INET6, or AF_UNSPEC, the service can be specified as a string specifying a decimal port number. 021 is a valid decimal number, therefore, interpreting it as octal seems to be non-conformant.
2011-08-01fix crash in dns code with new stdio locking codeRich Felker-0/+1
2011-07-30fix race condition in sigqueueRich Felker-2/+8
this race is fundamentally due to linux's bogus requirement that userspace, rather than kernelspace, fill in the siginfo structure. an intervening signal handler that calls fork could cause both the parent and child process to send signals claiming to be from the parent, which could in turn have harmful effects depending on what the recipient does with the signal. we simply block all signals for the interval between getuid and sigqueue syscalls (much like what raise() does already) to prevent the race and make the getuid/sigqueue pair atomic. this will be a non-issue if linux is fixed to validate the siginfo structure or fill it in from kernelspace.
2011-07-30clean up pthread_sigmask/sigprocmask dependency orderRich Felker-11/+7
it's nicer for the function that doesn't use errno to be independent, and have the other one call it. saves some time and avoids clobbering errno.
2011-07-30fix some bugs in setxid and update setrlimit to use __synccallRich Felker-10/+33
setrlimit is supposed to be per-process, not per-thread, but again linux gets it wrong. work around this in userspace. not only is it needed for correctness; setxid also depends on the resource limits for all threads being the same to avoid situations where temporarily unlimiting the limit succeeds in some threads but fails in others.
2011-07-30add proper fuxed-based locking for stdioRich Felker-46/+71
previously, stdio used spinlocks, which would be unacceptable if we ever add support for thread priorities, and which yielded pathologically bad performance if an application attempted to use flockfile on a key file as a major/primary locking mechanism. i had held off on making this change for fear that it would hurt performance in the non-threaded case, but actually support for recursive locking had already inflicted that cost. by having the internal locking functions store a flag indicating whether they need to perform unlocking, rather than using the actual recursive lock counter, i was able to combine the conditionals at unlock time, eliminating any additional cost, and also avoid a nasty corner case where a huge number of calls to ftrylockfile could cause deadlock later at the point of internal locking. this commit also fixes some issues with usage of pthread_self conflicting with __attribute__((const)) which resulted in crashes with some compiler versions/optimizations, mainly in flockfile prior to pthread_create.
2011-07-30eliminate dependence of perror on printfRich Felker-10/+5
2011-07-30fix bug in synccall with no threads: lock was taken but never releasedRich Felker-4/+4
2011-07-29add setxid.c for new set*id() framework. missed in last commit.Rich Felker-0/+49
2011-07-29new attempt at making set*id() safe and robustRich Felker-130/+130
changing credentials in a multi-threaded program is extremely difficult on linux because it requires synchronizing the change between all threads, which have their own thread-local credentials on the kernel side. this is further complicated by the fact that changing the real uid can fail due to exceeding RLIMIT_NPROC, making it possible that the syscall will succeed in some threads but fail in others. the old __rsyscall approach being replaced was robust in that it would report failure if any one thread failed, but in this case, the program would be left in an inconsistent state where individual threads might have different uid. (this was not as bad as glibc, which would sometimes even fail to report the failure entirely!) the new approach being committed refuses to change real user id when it cannot temporarily set the rlimit to infinity. this is completely POSIX conformant since POSIX does not require an implementation to allow real-user-id changes for non-privileged processes whatsoever. still, setting the real uid can fail due to memory allocation in the kernel, but this can only happen if there is not already a cached object for the target user. thus, we forcibly serialize the syscalls attempts, and fail the entire operation on the first failure. this *should* lead to an all-or-nothing success/failure result, but it's still fragile and highly dependent on kernel developers not breaking things worse than they're already broken. ideally linux will eventually add a CLONE_USERCRED flag that would give POSIX conformant credential changes without any hacks from userspace, and all of this code would become redundant and could be removed ~10 years down the line when everyone has abandoned the old broken kernels. i'm not holding my breath...
2011-07-28remove ugly prng from mk*temp and just re-poll time on retryRich Felker-6/+5
2011-07-28eliminate mk*temp dependency on snprintfRich Felker-3/+4
this helps some tiny programs be even more tiny, and barly increases code size even if both are used.
2011-07-28fix for setenv bogus var argument handlingRich Felker-1/+1
thanks to mikachu per POSIX: The setenv() function shall fail if: [EINVAL] The name argument is a null pointer, points to an empty string, or points to a string containing an '=' character.
2011-07-25when resolving symbols with only weak defs, use first def, not last defRich Felker-0/+1
2011-07-25comment non-obvious de bruijn sequence code in int parserRich Felker-0/+2
2011-07-24fix resolution of weak symbols (hopefully right now) and vdsoRich Felker-3/+9
2011-07-24workaround for gcc's optimizer breaking dynamic symbol resolutionRich Felker-1/+2
2011-07-24load vdso, if present, into the dso listRich Felker-2/+31
2011-07-24const correctness on function pointerRich Felker-1/+1
2011-07-24simplify dynamic linker startupRich Felker-23/+17
instead of creating temp dso objects on the stack and moving them to the heap if dlopen/dlsym are used, use static objects to begin with, and just donate them to malloc if we no longer need them.
2011-07-23some preliminaries for vdso clock supportRich Felker-7/+35
these changes also make it so clock_gettime(CLOCK_REALTIME, &ts) works even on pre-2.6 kernels, emulated via the gettimeofday syscall. there is no cost for the fallback check, as it falls under the error case that already must be checked for storing the error code in errno, but which would normally be hidden inside __syscall_ret.
2011-07-22check for fd exhaustion in forkptyRich Felker-2/+15
we cannot report failure after forking, so the idea is to ensure prior to fork that fd 0,1,2 exist. this will prevent dup2 from possibly hitting a resource limit and failing in the child process. fcntl rather than dup2 is used prior to forking to avoid race conditions.
2011-07-22incorrect check for open failure in openpty functionRich Felker-1/+1
-1, not 0, indicates failure
2011-07-21fix errno value when fdopendir is given an invalid file descriptorRich Felker-1/+4
this resolves an issue reported by Vasiliy Kulikov
2011-07-16ensure in fork that child gets its own new robust mutex listRich Felker-0/+1
2011-07-16fix logic error in freadRich Felker-6/+1
fread was calling f->read without checking that the file was in reading mode. this could: 1. crash, if f->read was a null pointer 2. cause unwanted blocking on a terminal already at eof 3. allow reading on a write-only file
2011-07-14fix various bugs in new integer parser frameworkRich Felker-10/+15
1. my interpretation of subject sequence definition was wrong. adjust parser to conform to the standard. 2. some code for handling tail overflow case was missing (forgot to finish writing it). 3. typo (= instead of ==) caused ERANGE to wrongly behave like EINVAL
2011-07-14fix wcsto[iu]max with high charactersRich Felker-4/+2
stopping without letting the parser see a stop character prevented getting a result. so treat all high chars as the null character and pass them into the parser. also eliminated ugly tmp var using compound literals.
2011-07-14new restartable integer parsing framework.Rich Felker-156/+197
this fixes a number of bugs in integer parsing due to lazy haphazard wrapping, as well as some misinterpretations of the standard. the new parser is able to work character-at-a-time or on whole strings, making it easy to support the wide functions without unbounded space for conversion. it will also be possible to update scanf to use the new parser.
2011-07-12gb18030 support in iconv (only from, not to)Rich Felker-2/+1887
also support (and restrict to subsets) older chinese sets, and explicitly refuse to convert to cjk (since there's no code for it yet)
2011-07-12"implement" getnetbyaddr and getnetbynameRich Felker-0/+12
these are useless legacy functions but some old software contains cruft that expects them to exist...
2011-07-12legacy japanese charset support in iconv (only from, not to)Rich Felker-0/+597
2011-07-12simplify iconv and support more legacy codepagesRich Felker-352/+331
2011-07-04printf: "if a precision is specified, the '0' flag shall be ignored."Rich Felker-1/+1
2011-07-04zero precision with zero value should not inhibit prefix/width printingRich Felker-1/+4
2011-07-04printf("%#x",0) should print 0 not 0x0Rich Felker-1/+1
2011-07-03iconv was not returning -1 on most failureRich Felker-0/+2
this broke most uses of iconv in real-world programs, especially glib's iconv wrappers.
2011-07-01fix dlopen UB due to longjmp/volatile rules violationRich Felker-1/+1
2011-06-30res_search symbol, aliased to res_query for now (better than nothing)Rich Felker-0/+3
2011-06-30simple rpath support (no token expansion yet) for dynamic linkerRich Felker-2/+8
2011-06-30fix error in previous ld80 fpclassify commitRich Felker-1/+1
2011-06-30catch invalid ld80 bit patterns and treat them as nanRich Felker-2/+2
this should not be necessary - the invalid bit patterns cannot be created except through type punning. however, some broken gnu software is passing them to printf and triggering dangerous stack-smashing, so let's catch them anyway...
2011-06-30fix logic in __fwritingRich Felker-1/+1
2011-06-30add and consolidate nasty stdio_ext junkRich Felker-17/+57
hopefully this resolves the rest of the issues with hideously nonportable hacks in programs that use gnulib.
2011-06-30implement the nonstandard GNU function fpurgeRich Felker-0/+11
this is a really ugly and backwards function, but its presence will prevent lots of broken gnulib software from trying to define its own version of fpurge and thereby failing to build or worse.