The recently introduced TLS variables in the thread-local destructor
implementation (__cxa_thread_atexit_impl) used the default GD access
model, resulting in a call to __tls_get_addr. This causes a deadlock
with recent changes to the way TLS is initialized because DTV
allocations are delayed and hence despite knowing the offset to the
variable inside its TLS block, the thread has to take the global rtld
lock to safely update the TLS offset.
This causes deadlocks when a thread is instantiated and joined inside
a destructor of a dlopen'd DSO. The correct long term fix is to
somehow not take the lock, but that will need a lot deeper change set
to alter the way in which the big rtld lock is used.
Instead, this patch just eliminates the call to __tls_get_addr for the
thread-local variables inside libc.so, libpthread.so and rtld by
building all of their units with -mtls-model=initial-exec.
There were concerns that the static storage for TLS is limited and
hence we should not be using it. Additionally, dynamically loaded
modules may result in libc.so looking for this static storage pretty
late in static binaries. Both concerns are valid when using TLSDESC
since that is where one may attempt to allocate a TLS block from
static storage for even those variables that are not IE. They're not
very strong arguments for the traditional TLS model though, since it
assumes that the static storage would be used sparingly and definitely
not by default. Hence, for now this would only theoretically affect
ARM architectures.
The impact is hence limited to statically linked binaries that dlopen
modules that in turn load libc.so, all that on arm hardware. It seems
like a small enough impact to justify fixing the larger problem that
currently affects everything everywhere.
This still does not solve the original problem completely. That is,
it is still possible to deadlock on the big rtld lock with a small
tweak to the test case attached to this patch. That problem is
however not a regression in 2.22 and hence could be tackled as a
separate project. The test case is picked up as is from Alex's patch.
This change has been tested to verify that it does not cause any
issues on x86_64.
ChangeLog:
[BZ #18457]
* nptl/Makefile (tests): New test case tst-join7.
(modules-names): New test case module tst-join7mod.
* nptl/tst-join7.c: New file.
* nptl/tst-join7mod.c: New file.
* Makeconfig (tls-model): Pass -ftls-model=initial-exec for
all translation units in libc.so, libpthread.so and rtld.
The Linux kernel futex documentation now states that since Linux 2.6.22,
FUTEX_WAIT does return EINTR only when interrupted by a signal, and not
spuriously anymore. We only support more recent kernels, so clean up
EINTR handling in the semaphore and update the comments.
This adds new functions for futex operations, starting with wait,
abstimed_wait, reltimed_wait, wake. They add documentation and error
checking according to the current draft of the Linux kernel futex manpage.
Waiting with absolute or relative timeouts is split into separate functions.
This allows for removing a few cases of code duplication in pthreads code,
which uses absolute timeouts; also, it allows us to put platform-specific
code to go from an absolute to a relative timeout into the platform-specific
futex abstractions..
Futex operations that can be canceled are also split out into separate
functions suffixed by "_cancelable".
There are separate versions for both Linux and NaCl; while they currently
differ only slightly, my expectation is that the separate versions of
lowlevellock-futex.h will eventually be merged into futex-internal.h
when we get to move the lll_ functions over to the new futex API.
and also powerpc64 and powerpc64le. See the discussion in the thread
below for details. This change reverts the problematic bits leaving
the added test in place and marking XFAIL in anticipation of fixing
the bug in the near future.
https://sourceware.org/ml/libc-alpha/2015-07/msg00141.html
[BZ #18435]
* nptl/pthreadP.h (pthread_cleanup_push, pthread_cleanup_pop):
Revert commit ed225df3ad9cbac3c22ec3f0fbbed1f9c61d1c54.
* nptl/Makefile (test-xfail-tst-once5): Define.
the initialization routine to exit by throwing an exception.
Such an execution, termed exceptional, requires call_once to
propagate the exception to its caller. A program may contain
any number of exceptional executions but only one returning
execution (which, if it exists, must be the last execution
with the same once flag).
On POSIX systems such as Linux, std::call_once is implemented
in terms of pthread_once. However, as discussed in libstdc++
bug 66146 - "call_once not C++11-compliant on ppc64le," GLIBC's
pthread_once hangs when the initialization function exits by
throwing an exception on at least arm and ppc64 (though
apparently not on x86_64). This effectively prevents call_once
from conforming to the C++ requirements since there doesn't
appear to be a thread-safe way to work around this problem in
libstdc++.
This patch changes pthread_once to handle gracefully init
functions that exit by throwing exceptions. It was successfully
tested on ppc64, ppc64le, and x86_64.
[BZ #18435]
* nptl/Makefile: Add tst-once5.cc.
* nptl/pthreadP.h (pthread_cleanup_push, pthread_cleanup_pop):
Remove macro redefinitions.
* nptl/tst-once5.cc: New test.
The probes are not provided on all architectures (and only partially by the
x86 assembly implementation), and we are not aware of actual uses of these
probes.
a need for them.
This patch combines BUSY_WAIT_NOP and atomic_delay into a new
atomic_spin_nop function and adjusts all clients. The new function is
put into atomic.h because what is best done in a spin loop is
architecture-specific, and atomics must be used for spinning. The
function name is meant to tell users that this has no effect on
synchronization semantics but is a performance aid for spinning.
mq_notify (present in POSIX by 1996) brings in references to
pthread_barrier_init and pthread_barrier_wait (new in the 2001 edition
of POSIX). This patch fixes this by making those functions into weak
aliases of __pthread_barrier_*, exporting the __pthread_barrier_*
names at version GLIBC_PRIVATE and using them in mq_notify.
Tested for x86_64 and x86 (testsuite, and comparison of installed
stripped shared libraries). Changes in addresses from dynamic symbol
table / PLT changes render most comparisons not particularly useful,
but when the addresses of subsequent code don't change there's no sign
of unexpected changes there. This patch does not remove any
linknamespace XFAILs because of other namespace issues remaining with
mqueue.h functions.
[BZ #18544]
* nptl/pthread_barrier_init.c (pthread_barrier_init): Rename to
__pthread_barrier_init and define as weak alias of
__pthread_barrier_init.
* sysdeps/sparc/nptl/pthread_barrier_init.c
(pthread_barrier_init): Likewise.
* nptl/pthread_barrier_wait.c (pthread_barrier_wait): Rename to
__pthread_barrier_wait and define as weak alias of
__pthread_barrier_wait.
* sysdeps/sparc/nptl/pthread_barrier_wait.c
(pthread_barrier_wait): Likewise.
* sysdeps/sparc/sparc32/pthread_barrier_wait.c
(pthread_barrier_wait): Likewise.
* sysdeps/unix/sysv/linux/i386/i486/pthread_barrier_wait.S
(pthread_barrier_wait): Likewise.
* sysdeps/unix/sysv/linux/x86_64/pthread_barrier_wait.S
(pthread_barrier_wait): Likewise.
* nptl/Versions (libpthread): Export __pthread_barrier_init and
__pthread_barrier_wait at version GLIBC_PRIVATE.
* include/pthread.h (__pthread_barrier_init): Declare.
(__pthread_barrier_wait): Likewise.
* sysdeps/unix/sysv/linux/mq_notify.c (notification_function):
Call __pthread_barrier_wait instead of pthread_barrier_wait.
(helper_thread): Likewise.
(init_mq_netlink): Call __pthread_barrier_init instead of
pthread_barrier_init.
The sem_* functions bring in references to tdelete, tfind, tsearch and
twalk. But the t* functions are XSI-shaded, while sem_* aren't. This
patch fixes this by using __t* instead, exporting those functions from
libc at version GLIBC_PRIVATE (since sem_* are in libpthread) and
using libc_hidden_* for the benefit of calls within libc.
Tested for x86_64 and x86 (testsuite, and comparison of disassembly of
installed stripped shared libraries). libpthread gets changes from
PLT reordering; addresses in libc change because of PLT / dynamic
symbol table changes.
[BZ #18536]
* misc/tsearch.c (__tsearch): Use libc_hidden_def.
(__tfind): Likewise.
(__tdelete): Likewise.
(__twalk): Likewise.
* misc/Versions (libc): Add __tdelete, __tfind, __tsearch and
__twalk to GLIBC_PRIVATE.
* include/search.h (__tsearch): Use libc_hidden_proto.
(__tfind): Likewise.
(__tdelete): Likewise.
(__twalk): Likewise.
* nptl/sem_close.c (sem_close): Call __twalk instead of twalk.
Call __tdelete instead of tdelete.
* nptl/sem_open.c (check_add_mapping): Call __tfind instead of
tfind. Call __tsearch instead of tsearch.
* sysdeps/sparc/sparc32/sem_open.c (check_add_mapping): Likewise.
* conform/Makefile (test-xfail-POSIX/semaphore.h/linknamespace):
Remove variable.
(test-xfail-POSIX2008/semaphore.h/linknamespace): Likewise.
The 2008 edition of POSIX removed h_errno, but some functions still
bring in references to the h_errno external symbol. As this symbol is
not a part of the public ABI (only __h_errno_location is), this patch
fixes this by renaming the GLIBC_PRIVATE TLS symbol to __h_errno.
Tested for x86_64 and x86 (testsuite, and comparison of installed
shared libraries). Disassembly of all shared libraries using h_errno
changes because of the renaming (and changes to associated TLS / GOT
offsets in some cases); disassembly of libpthread on x86_64 changes
more substantially because the enlargement of .dynsym affects
subsequent addresses.
[BZ #18520]
* inet/herrno.c (h_errno): Rename to __h_errno.
(__libc_h_errno): Define as alias of __h_errno not h_errno.
* include/netdb.h [IS_IN_LIB && !IS_IN (libc)] (h_errno): Define
to __h_errno instead of h_errno.
* nptl/herrno.c (h_errno): Rename to __h_errno.
(__h_errno_location): Refer to __h_errno not h_errno.
* resolv/Versions (h_errno): Rename to __h_errno.
* conform/Makefile (test-xfail-XOPEN2K8/grp.h/linknamespace):
Remove variable.
(test-xfail-XOPEN2K8/pwd.h/linknamespace): Likewise.
In commit 02657da2cf4457804ed938ee08b8316249126444, .interp section
was removed from libpthread.so. This led to an error:
$ /lib64/libpthread.so.0
Native POSIX Threads Library by Ulrich Drepper et al
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Forced unwind support included.
Segmentation fault
(gdb) bt
#0 0x00000000000055a6 in _exit@plt ()
Unfortunately, there is no way to add a regression test for the bug
because .interp specifies the path to dynamic linker of the target
system.
[BZ #18479]
* nptl/pt-interp.c: New file.
* nptl/Makefile (libpthread-routines, libpthread-shared-only-routines):
Add pt-interp.
[$(build-shared) = yes] ($(objpfx)pt-interp.os): Depend on
$(common-objpfx)runtime-linker.h.
This adds wake-ups that would be missing if assuming that for a
non-writer-preferring rwlock, if one thread has acquired a rdlock and
does not release it, another thread will eventually acquire a rdlock too
despite concurrent write lock acquisition attempts. BZ 14958 is about
supporting this assumption. Strictly speaking, this isn't a valid
test case, but nonetheless worth supporting (see comment 7 of BZ 14958).
If we set up a rwlock to prefer writers (and disallow recursive rdlock
acquisitions), then readers will block for writers that are blocked to
acquire the lock (otherwise, readers could constantly enter and exit,
and the writer would never get the lock). However, the existing
implementation did not wake such readers when the writer timed out.
This patch adds the missing wake-up.
There's no similar case for writers being blocked on readers.
This patch removes the socket.S implementation for all ports and replace
it by a C implementation using socketcall. For ports that implement
the syscall directly, there is no change.
The patch idea is to simplify the socket function implementation that
uses the socketcall to be based on C implemetation instead of a pseudo
assembly implementation with arch specific parts. The patch then remove
the assembly implementatation for the ports which uses socketcall
(i386, microblaze, mips, powerpc, sparc, m68k, s390 and sh).
I have cross-build GLIBC for afore-mentioned ports and tested on both
i386 and ppc32 without regressions.
While trying to get nptl/tst-initializers1.c to include the test skeleton, I
came across a couple of speed bumps. Firstly: after making the appropriate
changes to the test, running `make check' led to this error:
> In file included from ../malloc/malloc.h:24:0,
..
> from tst-initializers1.c:60:
> ../include/stdio.h:111:1: error: unknown type name `wint_t'
> extern wint_t __getwc_unlocked (FILE *__fp);
So, `wint_t' is used before being defined. Question: Why did test-skeleton.c
not cause this error in any of the other tests that include it?
Anyway, I noticed include/stdio.h includes stddef.h, which in turn defines
`wint_t', but only if `__need_wint_t' is defined. So I put in a
`#define __need_wint_t' before the include to get rid of the error. Is that
the correct fix?
A subsequent `make && make check' led to this second error:
> from tst-initializers1-c89.c:1:
> ../test-skeleton.c: In function `main':
> ../test-skeleton.c:356:11: error: `for' loop initial declarations are only
> allowed in C99 mode
> for (struct temp_name_list *n = temp_name_list;
Although there seem to be several other C89 no-noes in test-skeleton.c, I
needed only to fix this specific one for gcc-4.8.3 to stop complaining.
sem_timedwait converts absolute timeouts to relative to pass them to
the futex syscall. (Before the recent reimplementation, on x86_64 it
used FUTEX_CLOCK_REALTIME, but not on other architectures.)
Correctly implementing POSIX requirements, however, requires use of
FUTEX_CLOCK_REALTIME; passing a relative timeout to the kernel does
not conform to POSIX. The POSIX specification for sem_timedwait says
"The timeout shall be based on the CLOCK_REALTIME clock.". The POSIX
specification for clock_settime says "If the value of the
CLOCK_REALTIME clock is set via clock_settime(), the new value of the
clock shall be used to determine the time of expiration for absolute
time services based upon the CLOCK_REALTIME clock. This applies to the
time at which armed absolute timers expire. If the absolute time
requested at the invocation of such a time service is before the new
value of the clock, the time service shall expire immediately as if
the clock had reached the requested time normally.". If a relative
timeout is passed to the kernel, it is interpreted according to the
CLOCK_MONOTONIC clock, and so fails to meet that POSIX requirement in
the event of clock changes.
This patch makes sem_timedwait use lll_futex_timed_wait_bitset with
FUTEX_CLOCK_REALTIME when possible, as done in some other places in
NPTL. FUTEX_CLOCK_REALTIME is always available for supported Linux
kernel versions; unavailability of lll_futex_timed_wait_bitset is only
an issue for hppa (an issue noted in
<https://sourceware.org/glibc/wiki/PortStatus>, and fixed by the
unreviewed
<https://sourceware.org/ml/libc-alpha/2014-12/msg00655.html> that
removes the hppa lowlevellock.h completely).
In the FUTEX_CLOCK_REALTIME case, the glibc code still needs to check
for negative tv_sec and handle that as timeout, because the Linux
kernel returns EINVAL not ETIMEDOUT for that case, so resulting in
failures of nptl/tst-abstime and nptl/tst-sem13 in the absence of that
check. If we're trying to distinguish between Linux-specific and
generic-futex NPTL code, I suppose having this in an nptl/ file isn't
ideal, but there doesn't seem to be any better place at present.
It's not possible to add a testcase for this issue to the testsuite
because of the requirement to change the system clock as part of a
test (this is a case where testing would require some form of
container, with root in that container, and one whose CLOCK_REALTIME
is isolated from that of the host; I'm not sure what forms of
containers, short of a full virtual machine, provide that clock
isolation).
Tested for x86_64. Also tested for powerpc with the testcase included
in the bug.
[BZ #18138]
* nptl/sem_waitcommon.c: Include <kernel-features.h>.
(futex_abstimed_wait)
[__ASSUME_FUTEX_CLOCK_REALTIME && lll_futex_timed_wait_bitset]:
Use lll_futex_timed_wait_bitset with FUTEX_CLOCK_REALTIME instead
of lll_futex_timed_wait.
for ChangeLog
[BZ #17090]
[BZ #17620]
[BZ #17621]
[BZ #17628]
* NEWS: Update.
* elf/dl-tls.c (_dl_update_slotinfo): Clean up outdated DTV
entries with Static TLS too. Skip entries past the end of the
allocated DTV, from Alan Modra.
(tls_get_addr_tail): Update to glibc_likely/unlikely. Move
Static TLS DTV entry set up from...
(_dl_allocate_tls_init): ... here (fix modid assertion), ...
* elf/dl-reloc.c (_dl_nothread_init_static_tls): ... here...
* nptl/allocatestack.c (init_one_static_tls): ... and here...
* elf/dlopen.c (dl_open_worker): Drop l_tls_modid upper bound
for Static TLS.
* elf/tlsdeschtab.h (map_generation): Return size_t. Check
that the slot we find is associated with the given map before
using its generation count.
* nptl_db/db_info.c: Include ldsodefs.h.
(rtld_global, dtv_slotinfo_list, dtv_slotinfo): New typedefs.
* nptl_db/structs.def (DB_RTLD_VARIABLE): New macro.
(DB_MAIN_VARIABLE, DB_RTLD_GLOBAL_FIELD): Likewise.
(link_map::l_tls_offset): New struct field.
(dtv_t::counter): Likewise.
(rtld_global): New struct.
(_rtld_global): New rtld variable.
(dl_tls_dtv_slotinfo_list): New rtld global field.
(dtv_slotinfo_list): New struct.
(dtv_slotinfo): Likewise.
* nptl_db/td_symbol_list.c: Drop gnu/lib-names.h include.
(td_lookup): Rename to...
(td_mod_lookup): ... this. Use new mod parameter instead of
LIBPTHREAD_SO.
* nptl_db/td_thr_tlsbase.c: Include link.h.
(dtv_slotinfo_list, dtv_slotinfo): New functions.
(td_thr_tlsbase): Check DTV generation. Compute Static TLS
addresses even if the DTV is out of date or missing them.
* nptl_db/fetch-value.c (_td_locate_field): Do not refuse to
index zero-length arrays.
* nptl_db/thread_dbP.h: Include gnu/lib-names.h.
(td_lookup): Make it a macro implemented in terms of...
(td_mod_lookup): ... this declaration.
* nptl_db/db-symbols.awk (DB_RTLD_VARIABLE): Override.
(DB_MAIN_VARIABLE): Likewise.
pthread_mutexattr_settype adds PTHREAD_MUTEX_NO_ELISION_NP to kind,
which is an internal flag that pthread_mutexattr_gettype shouldn't
expose, since pthread_mutexattr_settype wouldn't accept it.
This patch replaces unsigned long int and 1UL with uint64_t and
(uint64_t) 1 to support ILP32 targets like x32.
[BZ #17870]
* nptl/sem_post.c (__new_sem_post): Replace unsigned long int
with uint64_t.
* nptl/sem_waitcommon.c (__sem_wait_cleanup): Replace 1UL with
(uint64_t) 1.
(__new_sem_wait_slow): Replace unsigned long int with uint64_t.
Replace 1UL with (uint64_t) 1.
* sysdeps/nptl/internaltypes.h (new_sem): Replace unsigned long
int with uint64_t.
This commit fixes semaphore destruction by either using 64b atomic
operations (where available), or by using two separate fields when only
32b atomic operations are available. In the latter case, we keep a
conservative estimate of whether there are any waiting threads in one
bit of the field that counts the number of available tokens, thus
allowing sem_post to atomically both add a token and determine whether
it needs to call futex_wake.
See:
https://sourceware.org/ml/libc-alpha/2014-12/msg00155.html