value for getcontext() in a preserved register rather than on the stack.
The second time around, the stack value would likely have changed so we
can't depend on it for the return value.
otherwise the return from the syscall stub for getcontext will pop off
the return value for the caller to the getcontext stub and it will appear
as though the setcontext() syscall returned instead of the getcontext().
The same bug exists on amd64, a fix is coming there too.
The bug can be demonstrated with this test code fragment:
main()
{
ucontext_t top;
if (getcontext(&top) == 0) {
write(2, "PING!\n", 6);
/* Cause a return value of 1 from getcontext this time */
top.uc_mcontext.mc_eax = 1;
setcontext(&top);
err(1, "setcontext() returned");
}
write(2, "PONG!\n", 6);
_exit(0);
}
instead of long types for low-level locks.
Add prototypes for some internal libc functions that are
wrapped by the library as cancellation points.
Add memory barriers to alpha atomic swap functions (submitted
by davidxu).
Requested by: bde
the default label support in /etc/mac.conf. Rather than maintain
each default label type in an explicit global variable in mac.c,
keep a list of defaults loaded from the configuration file.
Generalize the parsing so that we support both the older:
default_file_labels foo
default_ifnet_labels foo
default_process_labels foo
And also a new:
default_labels file foo
default_labels ifnet foo
default_labels process foo
We now accept arbitrary object classes in the first argument. If
the same object is specified more than once, we discard the
earlier definition in favor of the later one.
Add a new API, mac_prepare_type(), which accepts a mac_t to
prepare, as well as an object name in the second argument, which
will pull a default label set for the object out of the
configuration loaded by mac_init_internal(). This permits the libc
to adapt to new objects known about by applications but not by libc
at compile-time.
Also liberalize the error handling a bit: if we're using implicit
initialization (i.e., the application didn't explicitly initialize
the MAC code), ignore syntax errors and only use valid lines. In
the future, we may want to add explicit warnings and do this a
bit more consistently.
While here, add support for a MAC_CONFFILE environmental variable,
which may be used to specify an alternative mac.conf configuration
file if the application isn't running with modified privilege
(issetugid()).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
critical region, we wrap some syscalls for thread cancellation point, and
when syscalls returns, we call _thr_leave_cancellation_point, at the time
if a signal comes in, it would be buffered, and when the thread leaves
_thr_leave_cancellation_point, buffered signals will be processed, to avoid
messing up normal syscall errno, we should save and restore errno around
signal handling code.
gethostname()'s old and new signatures without requiring a library
bump. Note that programs which called gethostname() with a negative
argument were already broken, since the same type conversion was done
by the old implementation. Add a note in the Makefile so that whoever
next bumps the libc revision will delete the kluge at the same time
(as it will no longer be necessary). This is only operative on 64-bit
platforms.
Submitted by: marcel
when the buffer is not long enough to hold the current host name.
POSIX does not standardize error returns for gethostname(), so it
doesn't matter which one we use, but ENAMETOOLONG is at least a little
more intuitive, and mi suggests the existence of prior art. I've been
running with this change for a while on my home machine with no
effect. At the same time, I've updated the prototype for
gethostname() to use the correct standard type (size_t) for the
namelen argument.
All of the in-tree callers fall into one of the following categories:
1) Call perror() or equivalent when gethostname() fails.
2) Ignore gethostname()'s return value entirely, potentially resulting
in data corruption if the buffer is too small.
3) Fall back to a (possibly sensible) default value if gethostname()
fails.
Many of the callers I examined shows signs of confusion about the
correct sizing of the host name buffer. gethostname(3) now has more
information about this, as well as updated standards information.
PR: 48114
Submitted by: mi (in part)
yet, so we can protect some locking code from being interrupted by signal
handling. When KSE mode is turned on, reset the thread flag to scope process
except we are running in 1:1 mode which we needn't turn it off.
Also remove some unused member variables in structure kse.
Tested by: deischen
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.
have execute permissions. Run "perl verify" instead. Replace all
occurences of the hardcoding of ./verify with $(VERIFY) to allow
it to be overridden as well.
- All those diffs to syscalls.master for each architecture *are*
necessary. This needed clarification; the stub code generation for
mlockall() was disabled, which would prevent applications from
linking to this API (suggested by mux)
- Giant has been quoshed. It is no longer held by the code, as
the required locking has been pushed down within vm_map.c.
- Callers must specify VM_MAP_WIRE_HOLESOK or VM_MAP_WIRE_NOHOLES
to express their intention explicitly.
- Inspected at the vmstat, top and vm pager sysctl stats level.
Paging-in activity is occurring correctly, using a test harness.
- The RES size for a process may appear to be greater than its SIZE.
This is believed to be due to mappings of the same shared library
page being wired twice. Further exploration is needed.
- Believed to back out of allocations and locks correctly
(tested with WITNESS, MUTEX_PROFILING, INVARIANTS and DIAGNOSTIC).
PR: kern/43426, standards/54223
Reviewed by: jake, alc
Approved by: jake (mentor)
MFC after: 2 weeks
otherwise masks all signals until fork() returns, in child process,
we reset library state before restoring signal masks until we reach
a safe to point.
Reviewed by: deischen
didn't provide a constant for one of them (non-IEEE denormal trap),
in an attempt to not support it probably, it's not we are left with
the lower 5 bits.
o Properly mask the passed or returned fp_except_t. Not doing so
causes instant core dumps by trying to write an invalid value to
ar.fpsr. Now that we're masking, stop using exclusive-or to invert
bits.
This fixes the illegal instruction fault encountered when building
mozilla.
o fix the len argument of memcmp(3) to be the size of the node field
of the uuid structure, not the size of the uuid structure itself.
We're comparing the node fields...
o uuid_compare(3) is specified to return -1, 0 or 1, depending on
the outcome of the comparison. memcmp(3) returns the difference
between the first differing bytes. Hence, we cannot ever return
the return value of memcmp(3) as-is.
PR: standards/55370
Submitted by: Konstantin Oznobihin <bork@rsu.ru>
happens, the context of the interrupted thread is exported to
userland. Unlike most contexts, it will be an async context and
we cannot easily use our existing functions to set such a
context.
To avoid a lot of complexity that may possibly interfere with
the common case, we simply let the kernel deal with it. However,
we don't use the EPC based syscall path to invoke setcontext(2).
No, we use the break-based syscall path. That way the trapframe
will be compatible with the context we're trying to restore and
we save the kernel a lot of trouble. The kind of trouble we did
not want to go though ourselves...
However, we also need to set the threads mailbox and there's no
syscall to help us out. To avoid creating a new syscall, we use
the context itself to pass the information to the kernel so that
the kernel can update the mailbox. This involves setting a flag
(_MC_FLAGS_KSE_SET_MBOX) and setting ifa (the address) and isr
(the value).
wctob() in terms of wcrtomb() instead of sputrune(). There should be
no functional differences, but there may be a small performance hit
because we make an extra function call.
The aim here is to have as few functions as possible calling
s{get,put}rune() to make it easier to remove them in the future.
TCB. We know that the thread pointer points to &tcb->tcb_tp, so all
we have to do is subtract offsetof(struct tcb, tcb_tp) from the
thread pointer to get to the TCB. Any reasonably smart compiler will
translate accesses to fields in the TCB as negative offsets from TP.
In _tcb_set() make sure the fake TCB gets a pointer to the current
KCB, just like any other TCB. This fixes a NULL-pointer dereference
in _thr_ref_add() when it tried to get the current KSE.
makecontext(). We only supply 3, not 4. This is mostly harmless,
except that on ia64 the garbage can include NaT bits, resulting
in NaT consumption faults.
that the TLS is 16-byte aligned, as well as guarantee that the thread
pointer is 16-byte aligned as it points to struct ia64_tp. Likewise,
struct tcb and struct ksd are also guaranteed to be 16-byte aligned
(if they weren't already).
archs that can (or are required to) have per-thread registers.
Tested on i386, amd64; marcel is testing on ia64 and will
have some follow-up commits.
Reviewed by: davidxu
context functions. We don't need to enter the kernel anymore. The
contexts are compatible (ie a context created by getcontext() can
be restored by _ia64_restore_context()).
While here, make the use of THR_ALIGNBYTES and THR_ALIGN a no-op.
They are going to be removed anyway.
We write 1 for r8 in the context so that _ia64_restore_context()
will return with a non-zero value. _ia64_save_context() always
return 0.
o In _ia64_restore_context(), don't restore the thread pointer. It
is not normally part of the context. Also, restore the return
registers. We get called for contexts created by getcontext(),
which means we have to restore all the syscall return values.
Also change "Auto mode" to use a "special" value
instead of 0, and define and document it.
I had thought libpthread had already been switched to use auto mode but
it appears that patch hasn't been committed yet.
Discussed with: Davidxu
First of all, it should be written as: tr 'a-z' 'A-Z'
ranges not encolosed in [] according to POSIX, so [] just included
in the replacement.
Second, it should be written: tr '[:lower:]' '[:upper:]'
since a-z and A-Z may have different length in some locales.
that we can flush the register stack prior to entering the kernel.
This avoids having dirty registers and saves us from having to
manually write them to the backing store from within the kernel.
In that respect, flushing the RSE is both functionally required as
well as performance optimal.
On average we had 18 dirty registers when getcontext(2) was called
from libthr. Since libthr does not switch back to a context created
by getcontext(2), not having dealt with the dirty registers was
harmless.
on the corresponding .proc directive, or the .endp must not have a
name at all.
While here, remove an artificial dependency in Ovfork.S by performing
manual register renaming.
the userland version of [gs]etcontext to switch between a thread
and the UTS scheduler (and back again). This also fixes a bug
in i386 _thr_setcontext() which wasn't properly restoring the
context.
Reviewed by: davidxu
almost identical.
* Merge strchr(3) and strrchr(3) to strchr(3) since the two functions
are almost identical.
* Make the wording of index(3) and strchr(3) more similar.
* mdoc(7) cleanup.
Submitted by: SUZUKI Koichi <metal@gc5.so-net.ne.jp>, keramida, myself
PR: docs/32054
Reviewed by: ru
Approved by: ceri (mentor)
switching anymore, so there's no need to save and restore GP. This
change breaks threaded applications linked against libc_r. Pull the
tier 2 card again: relink. This will link against libthr instead.
do not also provide a __generic_XXX version as well. This is how we
used to runtime select the generic vs i387 versions on the i386 platform.
This saves a pile of #defines in the src/math_private.h file to undo the
__generic_XXX renames in some of the *.c files.
fp emulator, stop doing the runtime selection of hardware or emulated
floating point operations on i386. Note that I have not suppressed the
duplicate compiles yet.
While here, fix the alpha. It has provided specific copysign/copysignf
functions since the beginning of time, but they have never been used.
This eliminates ping-ponging of locks, where the idle KSE wakes
up only to find the lock it needs is being held. This gives
little or no gain to M:N mode but greatly speeds up 1:1 mode.
Reviewed & Tested by: davidxu
on that platform, invert the test for the platforms on
which libthr is built. Amd64 and powerpc are the only
platforms excluded.
Compile tested on: amd64, alpha
don't probe the server at all for passwd.by* maps. This fixes
interoperability with the Services For UNIX NIS server (which is
really a front end to Captive^WActiveDirectory). This server
incorrectly returns success for all YPPROC_MASTER requests,
even for maps that don't exist, which makes it impossible to
(ab)use it to probe for the existence of the master.passwd.by*
maps.
This is a little kludgey, but basically restores the original
behavior of getpwent.c as it is in -stable, and works around both
the lack of YPPROC_ORDER on NIS+ servers as well as the broken
YPPROC_MASTER on Services For UNIX servers.
handed-off/signaled to a higher priority thread. Note that when
there are idle KSEs that could run the higher priority thread,
we still add the preemption point because it seems to take the
kernel a while to schedule an idle KSE. The drawbacks are that
threads will be swapped more often between CPUs (KSEs) and
that there will be an extra userland context switch (the idle
KSE is still woken and will probably resume the preempted
thread). We'll revisit this if and when idle CPU/KSE wakeup
times improve.
Inspired by: Petri Helenius <pete@he.iki.fi>
Reviewed by: davidxu
is system bound thread and when it is blocked, no upcall is generated.
o Add ability to libkse to allow it run in pure 1:1 threading mode,
defining SYSTEM_SCOPE_ONLY in Makefile can turn on this option.
o Eliminate code for installing dummy signal handler for sigwait call.
o Add hash table to find thread.
Reviewed by: deischen
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".
As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).
Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
don't call it according to the runtime specification and especially
WRT to gp this can cause trouble. The gcc 3.3.1 import broke the
ia64 runtime because the compiler saved gp prior to us being able
to set it properly. Restoring gp after the calls would then invalidate
gp and cause segmentation faults later on.
By rewriting _start() as an assembly function, we also avoided even
more gcc dependences, by trying to use gcc specific features to work
around the problem.
This version of _start() does not reference _DYNAMIC. We register the
cleanup function when it's a non-NULL pointer. The kernel will always
pass a NULL pointer and dynamic linkers may pass a non-NULL pointer.
The machine independent code to set __progname now unfortunately is
written in assembly. So be it.
its waitset, but if the signal is not masked by the thread, the signal
can interrupt the thread and signal action can be invoked by the thread,
sigwait should return with errno set to EINTR.
Also save and restore thread internal state(timeout and interrupted)
around signal handler invoking.
by sizeof(wchar_t) to get the number of wide characters it contains.
Remove the !hardway micro-optimisation from the CT_INT case to avoid
having to fix it for wide characters.