The use after free described in BZ#19951 is due the use of two different
PD fields, 'joinid' and 'cancelhandling', to describe the thread state
and to synchronize the calls of pthread_join, pthread_detach,
pthread_exit, and normal thread exit.
Any state change potentially requires to check for both field
atomically to handle partial state (such as pthread_join() with a
cancellation handler to issue a 'joinstate' field rollback).
This patch uses a different PD member with 4 possible states (JOINABLE,
DETACHED, EXITING, and EXITED) instead of pthread 'tid' field, with
the following logic:
1. On pthread_create the inital state is set either to JOINABLE or
DETACHED depending of the pthread attribute used.
2. On pthread_detach, a CAS is issued on the state. If the CAS
fails it means that thread is already detached (DETACHED) or is
being terminated (EXITING). For former an EINVAL is returned,
while for latter pthread_detach should be reponsible to join the
thread (and deallocate any internal resource).
3. In the exit phase of the wrapper function for the thread start
routine (reached either if the thread function has returned,
pthread_exit has being called, or cancellation handled has been
acted upon) we issue a CAS on state to set to EXITING mode. If the
thread is previously on DETACHED mode the thread itself is
responsible for arranging the deallocation of any resource,
otherwise the thread needs to be joined (detached threads cannot
immediately deallocate themselves).
4. The clear_tid_field on 'clone' call is changed to set the new
'state' field on thread exit (EXITED). This state is only
reached at thread termination.
5. The pthread_join implementation is now simpler: the futex wait
is done directly on thread state and there is no need to reset it
in case of timeout since the state is now set either by
pthread_detach() or by the kernel on process termination.
The race condition on pthread_detach is avoided with only one atomic
operation on PD state: once the mode is set to THREAD_STATE_DETACHED
it is up to thread itself to deallocate its memory (done on the exit
phase at pthread_create()).
Also, the INVALID_NOT_TERMINATED_TD_P is removed since a a negative
tid is not possible and the macro is not used anywhere.
This change trigger an invalid C11 thread tests: it crates a thread,
which detaches itself, and after a timeout the creating thread checks
if the join fails. The issue is once thrd_join() is called the thread
lifetime is not defined.
Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu,
arm-linux-gnueabihf, and powerpc64-linux-gnu.
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
We stopped adding "Contributed by" or similar lines in sources in 2012
in favour of git logs and keeping the Contributors section of the
glibc manual up to date. Removing these lines makes the license
header a bit more consistent across files and also removes the
possibility of error in attribution when license blocks or files are
copied across since the contributed-by lines don't actually reflect
reality in those cases.
Move all "Contributed by" and similar lines (Written by, Test by,
etc.) into a new file CONTRIBUTED-BY to retain record of these
contributions. These contributors are also mentioned in
manual/contrib.texi, so we just maintain this additional record as a
courtesy to the earlier developers.
The following scripts were used to filter a list of files to edit in
place and to clean up the CONTRIBUTED-BY file respectively. These
were not added to the glibc sources because they're not expected to be
of any use in future given that this is a one time task:
https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dchttps://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
The symbols pthread_clockjoin_np, pthread_join, pthread_timedjoin_np,
pthread_tryjoin_np, thrd_join were moved using
scripts/move-symbol-to-libc.py.
Moving the symbols at the same time avoids the need for temporary
exports.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
Introduce pthread_clockjoin_np as a version of pthread_timedjoin_np that
accepts a clockid_t parameter to indicate which clock the timeout should be
measured against. This mirrors the recently-added POSIX-proposed "clock"
wait functions.
Checked on x86_64-linux-gnu.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This patch consolidates the pthread_join and gnu extensions to avoid
code duplication. The function pthread_join, pthread_tryjoin_np, and
pthread_timedjoin_np are now based on pthread_timedjoin_ex.
It also fixes some inconsistencies on ESRCH, EINVAL, EDEADLK handling
(where each implementation differs from each other) and also on
clenup handler (which now always use a CAS).
Checked on i686-linux-gnu and x86_64-linux-gnu.
* nptl/pthreadP.h (__pthread_timedjoin_np): Define.
* nptl/pthread_join.c (pthread_join): Use __pthread_timedjoin_np.
* nptl/pthread_tryjoin.c (pthread_tryjoin): Likewise.
* nptl/pthread_timedjoin.c (cleanup): Use CAS on argument setting.
(pthread_timedjoin_np): Define internal symbol and common code from
pthread_join.
* sysdeps/unix/sysv/linux/i386/lowlevellock.h (__lll_timedwait_tid):
Remove superflous checks.
* sysdeps/unix/sysv/linux/x86_64/lowlevellock.h (__lll_timedwait_tid):
Likewise.
Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2006-08-12 Ulrich Drepper <drepper@redhat.com>
[BZ #2843]
* pthread_join.c (pthread_join): Account for self being canceled
when checking for deadlocks.
* tst-join5.c: Cleanups. Allow to be used in tst-join6.
(tf1): Don't print anything after pthread_join returns, this would be
another cancellation point.
(tf2): Likewise.
* tst-join6.c: New file.
* Makefile (tests): Add tst-join6.
* pthread_join.c (pthread_join): Set tid field of the joined
thread to -1. This isn't necessary but helps to recognize some
error conditions with almost no cost.
* allocatestack.c (FREE_P): Also negative values indicate an
unused stack.
* pthreadP.h: Mark declarations of __find_in_stack_list, __free_tcb,
and __deallocate_stack with internal_function.
* pthread_create.c: Adjust definitions appropriately.
* allocatestack.c: Likewise.
* pthread_join.c: Add one more __builtin_expect.
* pthread_timedjoin.c: Likewise.
* pthread_getspecific.c (__pthread_getspecific): Clear data->data
not data of sequence number does not match.
Add one __builtin_expect.
* descr.h: Define CANCELING_BIT and CANCELING_BITMASK. Introduce
after CANCELTYPE_BIT, move the other bits up. Update CANCEL_RESTMASK.
* init.c (sigcancel_handler): Also set CANCELING_BITMASK bit in newval.
* pthread_cancel.c (pthread_cancel): Likewise. Also set CANCELING_BIT
if asynchronous canceling is enabled.
* pthread_join.c (pthread_join): When recognizing circular joins,
take into account the other thread might be already canceled.
* Makefile (tests): Add tst-join5.
* tst-join5.c: New file.
2002-11-26 Ulrich Drepper <drepper@redhat.com>
* allocatestack.c (queue_stack): Don't remove stack from list here.
Do it in the caller. Correct condition to prematurely terminate
loop to free stacks.
(__deallocate_stack): Remove stack from list here.
2002-11-26 Ulrich Drepper <drepper@redhat.com>
* Makefile (tests): Add tst-stack1.
* tst-stack1.c: New file.
* allocatestack.c (allocate_stack): Initialize the TCB on a user
provided stack.
* pthread_attr_getstack.c: Return bottom of the thread area.
2002-11-25 Ulrich Drepper <drepper@redhat.com>
* Makefile (libpthread-routines): Add pt-allocrtsig and
pthread_kill_other_threads.
* pt-allocrtsig.c: New file.
* pthread_kill_other_threads.c: New file.
* sysdeps/unix/sysv/linux/allocrtsig.c: Add additional aliases for
all three functions.
* sysdeps/unix/sysv/linux/Makefile (sysdep_routines): Remove
allocrtsig.
* sysdeps/unix/sysv/linux/Versions (libc:GLIBC_PRIVATE): Export
__libc_current_sigrtmin_private, __libc_current_sigrtmax_private,
and __libc_allocate_rtsig_private.
* Versions (libpthread): Export pthread_kill_other_threads_np,
__libc_current_sigrtmin, and __libc_current_sigrtmax.
2002-11-24 Ulrich Drepper <drepper@redhat.com>
* allocatestack.c (allocate_stack): stackaddr in attribute points to
the end of the stack. Adjust computations.
When mprotect call fails dequeue stack and free it.
* pthread_attr_setstack.c: Store top of the stack in stackaddr
attribute.
* pthread_getattr_np.c: Likewise.
* descr.h (IS_DETACHED): Add some more parenthesis to prevent
surprises.
2002-11-23 Ulrich Drepper <drepper@redhat.com>
* sysdeps/pthread/pthread.h (pthread_self): __THROW must come before
attribute definitions. Patch by Luca Barbieri <ldb@ldb.ods.org>.
2002-11-22 Ulrich Drepper <drepper@redhat.com>
* pthread_getspecific.c: Optimize access to first 2nd-level array.
* pthread_setspecific.c: Likewise.
2002-11-21 Ulrich Drepper <drepper@redhat.com>
* sysdeps/unix/sysv/linux/i386/createthread.c: Remove CLONE_ flags
definitions. Get them from the official place.
* sysdeps/unix/sysv/linux/i386/fork.c: Likewise.
* sysdeps/unix/sysv/linux/i386/createthread.c: Update CLONE_* flags.
Use new CLONE_ flags in clone() calls.
* sysdeps/unix/sysv/linux/fork.c: Use ARCH_FORK to actually fork.
* sysdeps/unix/sysv/linux/i386/fork.c: New file.
* Versions: Add pthread_* functions for libc.
* forward.c: New file.
* sysdeps/pthread/Makefile (libpthread-sysdeps_routines): Add
errno-loc.
* herrno.c: New file.
* res.c: New file.
* Makefile (libpthread-routines): Remove sem_post, sem_wait,
sem_trywait, and sem_timedwait. Add herrno and res.
* sem_init.c: Don't initialize lock and waiters members.
* sem_open.c: Likewise.
* sem_post.c: Removed.
* sem_wait.c: Removed.
* sem_trywait.c: Removed.
* sem_timedwait.c: Removed.
* sysdeps/unix/sysv/linux/i386/i486/lowlevelsem.S: Complete rewrite.
Includes full implementations of sem_post, sem_wait, sem_trywait,
and sem_timedwait.
* sysdeps/unix/sysv/linux/i386/lowlevelsem.h (lll_sem_post): Adjust
for new implementation.
* sysdeps/unix/sysv/linux/internaltypes.h (struct sem): Remove lock
and waiters fields.
* tst-sem3.c: Improve error message.
* tst-signal3.c: Likewise.
* init.c (__pthread_initialize_minimal): Use set_tid_address syscall
to tell the kernel about the termination futex and to initialize tid
member. Don't initialize main_thread.
* descr.h (struct pthread): Remove main_thread member.
* cancelllation.c (__do_cancel): Remove code handling main thread.
The main thread is not special anymore.
* allocatestack.c (__reclaim_stacks): Mark stacks as unused. Add
size of the stacks to stack_cache_actsize.
* pt-readv.c: Add missing "defined".
* pt-sigwait.c: Likewise.
* pt-writev.c: Likewise.
2002-11-09 Ulrich Drepper <drepper@redhat.com>
* Versions: Export __connect from libpthread.
Patch by Luca Barbieri <ldb@ldb.ods.org>.
* Makefile (libpthread-routines): Add pt-raise.
* sysdeps/unix/sysv/linux/raise.c: New file.
* sysdeps/unix/sysv/linux/pt-raise.c: New file.
* sysdeps/generic/pt-raise.c: New file.
* pthread_cond_init.c: Initialize all data elements of the condvar
structure. Patch by Luca Barbieri <ldb@ldb.ods.org>.
* pthread_attr_init.c: Actually implement 2.0 compatibility version.
* pthread_create.c: Likewise.
* Makefile (tests): Add tst-key1, tst-key2, tst-key3.
* tst-key1.c: New file.
* tst-key2.c: New file.
* tst-key3.c: New file.
* Versions: Export pthread_detach for version GLIBC_2.0.
Reported by Saurabh Desai <sdesai@austin.ibm.com>.
2002-11-08 Ulrich Drepper <drepper@redhat.com>
* pthread_key_create.c: Terminate search after an unused key was found.
Patch by Luca Barbieri <ldb@ldb.ods.org>.
* sysdeps/unix/sysv/linux/i386/pthread_once.S: Return zero.
Patch by Luca Barbieri <ldb@ldb.ods.org>.
2002-10-10 Ulrich Drepper <drepper@redhat.com>
* sysdeps/unix/sysv/linux/i386/i486/lowlevelsem.S: Use slow generic
dynamic lookup for errno in PIC.
* allocatestack.c (get_cached_stack): Rearrange code slightly to
release the stack lock as soon as possible.
Call _dl_allocate_tls_init for TCB from the cache to re-initialize
the static TLS block.
(allocate_stack): Call _dl_allocate_tls_init for user-provided stack.
* cancellation.c: Renamed from cancelation.c.
* Makefile: Adjust accordingly.
* pthreadP.h (CANCELLATION_P): Renamed from CANCELATION_P.
* cleanup_defer.c: Use CANCELLATION_P.
* pthread_testcancel.c: Likewise.
* descr.h: Fix spelling in comments.
* init.c: Likewise.
* pthread_getattr_np.c: Likewise.
* pthread_getschedparam.c: Likewise.
* pthread_setschedparam.c: Likewise.
* Versions: Likewise.
* pt-pselect.c: New file.
* Makefile (libpthread-routines): Add pt-pselect.
* Versions: Add pselect.
* tst-cancel4.c: New file.
* Makefile (tests): Add tst-cancel4.
2002-10-09 Ulrich Drepper <drepper@redhat.com>
* pthread_mutex_lock.c: Always record lock ownership.
* pthread_mutex_timedlock.c: Likewise.
* pthread_mutex_trylock.c: Likewise.
* pt-readv.c: New file.
* pt-writev.c: New file.
* pt-creat.c: New file.
* pt-msgrcv.c: New file.
* pt-msgsnd.c: New file.
* pt-poll.c: New file.
* pt-select.c: New file.
* pt-sigpause.c: New file.
* pt-sigsuspend.c: New file.
* pt-sigwait.c: New file.
* pt-sigwaitinfo.c: New file.
* pt-waitid.c: New file.
* Makefile (libpthread-routines): Add pt-readv, pt-writev, pt-creat,
pt-msgrcv, pt-msgsnd, pt-poll, pt-select, pt-sigpause, pt-sigsuspend,
pt-sigwait, pt-sigwaitinfo, and pt-waitid.
* Versions: Add all the new functions.
* tst-exit1.c: New file.
* Makefile (tests): Add tst-exit1.
* sem_timedwait.c: Minor optimization for more optimal fastpath.
2002-10-08 Ulrich Drepper <drepper@redhat.com>
* pt-fcntl.c: Only enable asynchronous cancellation for F_SETLKW.
* pthread_join.c: Enable asynchronous cancellation around lll_wait_tid
call. pthread_join is an official cancellation point.
* pthread_timedjoin.c: Likewise.
* pthread_cond_wait.c: Revert order in which internal lock are dropped
and the condvar's mutex are retrieved.
* pthread_cond_timedwait.c: Likewise.
Reported by dice@saros.East.Sun.COM.
2002-10-07 Ulrich Drepper <drepper@redhat.com>
* pthreadP.h: Cut out all type definitions and move them...
* sysdeps/unix/sysv/linux/internaltypes.h: ...here. New file.
* pthreadP.h: Include <internaltypes.h>.
* sysdeps/unix/sysv/linux/i386/lowlevelsem.h (lll_sem_post): Little
performance tweaks.
* sem_trywait.c: Shuffle #includes around to get right order.
* sem_timedwait.c: Likewise.
* sem_post.c: Likewise.
* sem_wait.c: Likewise.
* nptl 0.3 released.
* Makefile (tests): Add tst-signal3.
* tst-signal3.c: New file.
2002-10-05 Ulrich Drepper <drepper@redhat.com>
* sysdeps/unix/sysv/linux/i386/lowlevelsem.h: Tell the compiler that
the asms modify the sem object.
(__lll_sem_timedwait): Now takes struct sem* as first parameter.
* sysdeps/unix/sysv/linux/i386/bits/semaphore.h (sem_t): Don't expose
the actual members.
* pthreadP.h (struct sem): New type. Actual semaphore type.
* semaphoreP.h: Include pthreadP.h.
* sem_getvalue.c: Adjust to sem_t change.
* sem_init.c: Likewise.
* sem_open.c: Likewise.
* sem_post.c: Likewise.
* sem_timedwait.c: Likewise.
* sem_trywait.c: Likewise.
* sem_wait.c: Likewise.
2002-10-04 Ulrich Drepper <drepper@redhat.com>
* Makefile (tests): Add tst-basic2, tst-exec1, tst-exec3, tst-exec3.
* tst-basic2.c: New file.
* tst-exec1.c: New file.
* tst-exec2.c: New file.
* tst-exec3.c: New file.
* tst-fork1.c: Remove extra */.
* nptl 0.2 released. The API for IA-32 is complete.
