summaryrefslogtreecommitdiffstats
path: root/contrib/ntp/libntp
diff options
context:
space:
mode:
authordim <dim@FreeBSD.org>2016-01-08 17:42:14 +0000
committerdim <dim@FreeBSD.org>2016-01-08 17:42:14 +0000
commitb5c238fc65c2ef8cd6e839857fe5cfd813cd2c59 (patch)
treeda8282d35996a372408778d38763fa68c3c354c5 /contrib/ntp/libntp
parentfa38d85e2c222400fa30c70e8a913e8a213a97a7 (diff)
parent368544f6729f740145f0b6572ec35ebe304692bf (diff)
downloadFreeBSD-src-b5c238fc65c2ef8cd6e839857fe5cfd813cd2c59.zip
FreeBSD-src-b5c238fc65c2ef8cd6e839857fe5cfd813cd2c59.tar.gz
Merge ^/head r293280 through r293429.
Diffstat (limited to 'contrib/ntp/libntp')
-rw-r--r--contrib/ntp/libntp/a_md5encrypt.c28
-rw-r--r--contrib/ntp/libntp/atolfp.c4
-rw-r--r--contrib/ntp/libntp/authkeys.c30
-rw-r--r--contrib/ntp/libntp/authreadkeys.c89
-rw-r--r--contrib/ntp/libntp/authusekey.c2
-rw-r--r--contrib/ntp/libntp/dolfptoa.c6
-rw-r--r--contrib/ntp/libntp/hextolfp.c10
-rw-r--r--contrib/ntp/libntp/mstolfp.c3
-rw-r--r--contrib/ntp/libntp/msyslog.c2
-rw-r--r--contrib/ntp/libntp/ntp_crypto_rnd.c3
-rw-r--r--contrib/ntp/libntp/ntp_lineedit.c3
-rw-r--r--contrib/ntp/libntp/ntp_rfc2553.c8
-rw-r--r--contrib/ntp/libntp/ntp_worker.c3
-rw-r--r--contrib/ntp/libntp/snprintf.c20
-rw-r--r--contrib/ntp/libntp/socktohost.c12
-rw-r--r--contrib/ntp/libntp/systime.c24
-rw-r--r--contrib/ntp/libntp/work_thread.c591
17 files changed, 534 insertions, 304 deletions
diff --git a/contrib/ntp/libntp/a_md5encrypt.c b/contrib/ntp/libntp/a_md5encrypt.c
index ffabc47..beaf6fd 100644
--- a/contrib/ntp/libntp/a_md5encrypt.c
+++ b/contrib/ntp/libntp/a_md5encrypt.c
@@ -16,12 +16,12 @@
*
* Returns length of MAC including key ID and digest.
*/
-int
+size_t
MD5authencrypt(
- int type, /* hash algorithm */
- u_char *key, /* key pointer */
- u_int32 *pkt, /* packet pointer */
- int length /* packet length */
+ int type, /* hash algorithm */
+ const u_char * key, /* key pointer */
+ u_int32 * pkt, /* packet pointer */
+ size_t length /* packet length */
)
{
u_char digest[EVP_MAX_MD_SIZE];
@@ -44,7 +44,7 @@ MD5authencrypt(
EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
#endif
EVP_DigestUpdate(&ctx, key, cache_secretsize);
- EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length);
+ EVP_DigestUpdate(&ctx, (u_char *)pkt, length);
EVP_DigestFinal(&ctx, digest, &len);
memmove((u_char *)pkt + length + 4, digest, len);
return (len + 4);
@@ -58,11 +58,11 @@ MD5authencrypt(
*/
int
MD5authdecrypt(
- int type, /* hash algorithm */
- u_char *key, /* key pointer */
- u_int32 *pkt, /* packet pointer */
- int length, /* packet length */
- int size /* MAC size */
+ int type, /* hash algorithm */
+ const u_char * key, /* key pointer */
+ u_int32 * pkt, /* packet pointer */
+ size_t length, /* packet length */
+ size_t size /* MAC size */
)
{
u_char digest[EVP_MAX_MD_SIZE];
@@ -85,14 +85,14 @@ MD5authdecrypt(
EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
#endif
EVP_DigestUpdate(&ctx, key, cache_secretsize);
- EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length);
+ EVP_DigestUpdate(&ctx, (u_char *)pkt, length);
EVP_DigestFinal(&ctx, digest, &len);
- if ((u_int)size != len + 4) {
+ if (size != (size_t)len + 4) {
msyslog(LOG_ERR,
"MAC decrypt: MAC length error");
return (0);
}
- return !memcmp(digest, (char *)pkt + length + 4, len);
+ return !memcmp(digest, (const char *)pkt + length + 4, len);
}
/*
diff --git a/contrib/ntp/libntp/atolfp.c b/contrib/ntp/libntp/atolfp.c
index 9a2f691..439194e 100644
--- a/contrib/ntp/libntp/atolfp.c
+++ b/contrib/ntp/libntp/atolfp.c
@@ -68,7 +68,7 @@ atolfp(
while (*cp != '\0' && (ind = strchr(digits, *cp)) != NULL) {
dec_i = (dec_i << 3) + (dec_i << 1); /* multiply by 10 */
- dec_i += (ind - digits);
+ dec_i += (u_long)(ind - digits);
cp++;
}
@@ -80,7 +80,7 @@ atolfp(
&& (ind = strchr(digits, *cp)) != NULL) {
ndec++;
dec_f = (dec_f << 3) + (dec_f << 1); /* *10 */
- dec_f += (ind - digits);
+ dec_f += (u_long)(ind - digits);
cp++;
}
diff --git a/contrib/ntp/libntp/authkeys.c b/contrib/ntp/libntp/authkeys.c
index 667ca29..f7462a2 100644
--- a/contrib/ntp/libntp/authkeys.c
+++ b/contrib/ntp/libntp/authkeys.c
@@ -63,7 +63,7 @@ symkey key_listhead; /* list of all in-use keys */;
* keyid. We make this fairly big for potentially busy servers.
*/
#define DEF_AUTHHASHSIZE 64
-//#define HASHMASK ((HASHSIZE)-1)
+/*#define HASHMASK ((HASHSIZE)-1)*/
#define KEYHASH(keyid) ((keyid) & authhashmask)
int authhashdisabled;
@@ -511,7 +511,17 @@ authistrusted(
return TRUE;
}
-
+/* Note: There are two locations below where 'strncpy()' is used. While
+ * this function is a hazard by itself, it's essential that it is used
+ * here. Bug 1243 involved that the secret was filled with NUL bytes
+ * after the first NUL encountered, and 'strlcpy()' simply does NOT have
+ * this behaviour. So disabling the fix and reverting to the buggy
+ * behaviour due to compatibility issues MUST also fill with NUL and
+ * this needs 'strncpy'. Also, the secret is managed as a byte blob of a
+ * given size, and eventually truncating it and replacing the last byte
+ * with a NUL would be a bug.
+ * perlinger@ntp.org 2015-10-10
+ */
void
MD5auth_setkey(
keyid_t keyno,
@@ -546,7 +556,8 @@ MD5auth_setkey(
#ifndef DISABLE_BUG1243_FIX
memcpy(sk->secret, key, secretsize);
#else
- strlcpy((char *)sk->secret, (const char *)key,
+ /* >MUST< use 'strncpy()' here! See above! */
+ strncpy((char *)sk->secret, (const char *)key,
secretsize);
#endif
if (cache_keyid == keyno) {
@@ -565,7 +576,8 @@ MD5auth_setkey(
#ifndef DISABLE_BUG1243_FIX
memcpy(secret, key, secretsize);
#else
- strlcpy((char *)secret, (const char *)key, secretsize);
+ /* >MUST< use 'strncpy()' here! See above! */
+ strncpy((char *)secret, (const char *)key, secretsize);
#endif
allocsymkey(bucket, keyno, 0, (u_short)keytype, 0,
(u_short)secretsize, secret);
@@ -641,13 +653,13 @@ auth_agekeys(void)
*
* Returns length of authenticator field, zero if key not found.
*/
-int
+size_t
authencrypt(
keyid_t keyno,
u_int32 * pkt,
- int length
+ size_t length
)
-{\
+{
/*
* A zero key identifier means the sender has not verified
* the last message was correctly authenticated. The MAC
@@ -675,8 +687,8 @@ int
authdecrypt(
keyid_t keyno,
u_int32 * pkt,
- int length,
- int size
+ size_t length,
+ size_t size
)
{
/*
diff --git a/contrib/ntp/libntp/authreadkeys.c b/contrib/ntp/libntp/authreadkeys.c
index 1c4c07c..95a357a 100644
--- a/contrib/ntp/libntp/authreadkeys.c
+++ b/contrib/ntp/libntp/authreadkeys.c
@@ -77,14 +77,23 @@ nexttok(
* data on global/static level.
*/
-static const size_t nerr_loglimit = 5u;
-static const size_t nerr_maxlimit = 15;
+static const u_int nerr_loglimit = 5u;
+static const u_int nerr_maxlimit = 15;
-static void log_maybe(size_t*, const char*, ...) NTP_PRINTF(2, 3);
+static void log_maybe(u_int*, const char*, ...) NTP_PRINTF(2, 3);
+
+typedef struct keydata KeyDataT;
+struct keydata {
+ KeyDataT *next; /* queue/stack link */
+ keyid_t keyid; /* stored key ID */
+ u_short keytype; /* stored key type */
+ u_short seclen; /* length of secret */
+ u_char secbuf[1]; /* begin of secret (formal only)*/
+};
static void
log_maybe(
- size_t *pnerr,
+ u_int *pnerr,
const char *fmt ,
...)
{
@@ -113,25 +122,24 @@ authreadkeys(
u_char keystr[32]; /* Bug 2537 */
size_t len;
size_t j;
- size_t nerr;
+ u_int nerr;
+ KeyDataT *list = NULL;
+ KeyDataT *next = NULL;
/*
* Open file. Complain and return if it can't be opened.
*/
fp = fopen(file, "r");
if (fp == NULL) {
- msyslog(LOG_ERR, "authreadkeys: file %s: %m",
+ msyslog(LOG_ERR, "authreadkeys: file '%s': %m",
file);
- return (0);
+ goto onerror;
}
INIT_SSL();
/*
- * Remove all existing keys
- */
- auth_delkeys();
-
- /*
- * Now read lines from the file, looking for key entries
+ * Now read lines from the file, looking for key entries. Put
+ * the data into temporary store for later propagation to avoid
+ * two-pass processing.
*/
nerr = 0;
while ((line = fgets(buf, sizeof buf, fp)) != NULL) {
@@ -216,11 +224,16 @@ authreadkeys(
"authreadkeys: no key for key %d", keyno);
continue;
}
+ next = NULL;
len = strlen(token);
if (len <= 20) { /* Bug 2537 */
- MD5auth_setkey(keyno, keytype, (u_char *)token, len);
+ next = emalloc(sizeof(KeyDataT) + len);
+ next->keyid = keyno;
+ next->keytype = keytype;
+ next->seclen = len;
+ memcpy(next->secbuf, token, len);
} else {
- char hex[] = "0123456789abcdef";
+ static const char hex[] = "0123456789abcdef";
u_char temp;
char *ptr;
size_t jlim;
@@ -242,19 +255,51 @@ authreadkeys(
keyno);
continue;
}
- MD5auth_setkey(keyno, keytype, keystr, jlim / 2);
+ len = jlim/2; /* hmmmm.... what about odd length?!? */
+ next = emalloc(sizeof(KeyDataT) + len);
+ next->keyid = keyno;
+ next->keytype = keytype;
+ next->seclen = len;
+ memcpy(next->secbuf, keystr, len);
}
+ INSIST(NULL != next);
+ next->next = list;
+ list = next;
}
fclose(fp);
if (nerr > nerr_maxlimit) {
msyslog(LOG_ERR,
- "authreadkeys: emergency break after %u errors",
- nerr);
- return (0);
- } else if (nerr > nerr_loglimit) {
+ "authreadkeys: rejecting file '%s' after %u errors (emergency break)",
+ file, nerr);
+ goto onerror;
+ }
+ if (nerr > 0) {
msyslog(LOG_ERR,
- "authreadkeys: found %u more error(s)",
- nerr - nerr_loglimit);
+ "authreadkeys: rejecting file '%s' after %u error(s)",
+ file, nerr);
+ goto onerror;
+ }
+
+ /* first remove old file-based keys */
+ auth_delkeys();
+ /* insert the new key material */
+ while (NULL != (next = list)) {
+ list = next->next;
+ MD5auth_setkey(next->keyid, next->keytype,
+ next->secbuf, next->seclen);
+ /* purge secrets from memory before free()ing it */
+ memset(next, 0, sizeof(*next) + next->seclen);
+ free(next);
}
return (1);
+
+ onerror:
+ /* Mop up temporary storage before bailing out. */
+ while (NULL != (next = list)) {
+ list = next->next;
+ /* purge secrets from memory before free()ing it */
+ memset(next, 0, sizeof(*next) + next->seclen);
+ free(next);
+ }
+ return (0);
}
diff --git a/contrib/ntp/libntp/authusekey.c b/contrib/ntp/libntp/authusekey.c
index c1d0813..0ccf522 100644
--- a/contrib/ntp/libntp/authusekey.c
+++ b/contrib/ntp/libntp/authusekey.c
@@ -23,7 +23,7 @@ authusekey(
const u_char *str
)
{
- int len;
+ size_t len;
len = strlen((const char *)str);
if (0 == len)
diff --git a/contrib/ntp/libntp/dolfptoa.c b/contrib/ntp/libntp/dolfptoa.c
index 07ead95..68f56e1 100644
--- a/contrib/ntp/libntp/dolfptoa.c
+++ b/contrib/ntp/libntp/dolfptoa.c
@@ -40,7 +40,7 @@ dolfptoa(
* including a possible rounding from the fractional part.
*/
cp = cpend = cpdec = &cbuf[10];
- for (dec = cp - cbuf; dec > 0 && fpi != 0; dec--) {
+ for (dec = (int)(cp - cbuf); dec > 0 && fpi != 0; dec--) {
/* can add another digit */
u_int32 digit;
@@ -62,7 +62,7 @@ dolfptoa(
cpdec += 3;
}
if ((size_t)dec > sizeof(cbuf) - (cpend - cbuf))
- dec = sizeof(cbuf) - (cpend - cbuf);
+ dec = (int)(sizeof(cbuf) - (cpend - cbuf));
/*
* If there's a fraction to deal with, do so.
@@ -95,7 +95,7 @@ dolfptoa(
u_char *tp = cpend;
int carry = ((fpv & 0x80000000) != 0);
- for (dec = tp - cbuf; carry && dec > 0; dec--) {
+ for (dec = (int)(tp - cbuf); carry && dec > 0; dec--) {
*--tp += 1;
if (*tp == 10)
*tp = 0;
diff --git a/contrib/ntp/libntp/hextolfp.c b/contrib/ntp/libntp/hextolfp.c
index 2bff929..19a93cd 100644
--- a/contrib/ntp/libntp/hextolfp.c
+++ b/contrib/ntp/libntp/hextolfp.c
@@ -37,8 +37,9 @@ hextolfp(
while (*cp != '\0' && (cp - cpstart) < 8 &&
(ind = strchr(digits, *cp)) != NULL) {
dec_i = dec_i << 4; /* multiply by 16 */
- dec_i += ((ind - digits) > 15) ? (ind - digits) - 6
- : (ind - digits);
+ dec_i += ((ind - digits) > 15)
+ ? (u_long)(ind - digits - 6)
+ : (u_long)(ind - digits);
cp++;
}
@@ -51,8 +52,9 @@ hextolfp(
while (*cp != '\0' && (cp - cpstart) < 8 &&
(ind = strchr(digits, *cp)) != NULL) {
dec_f = dec_f << 4; /* multiply by 16 */
- dec_f += ((ind - digits) > 15) ? (ind - digits) - 6
- : (ind - digits);
+ dec_f += ((ind - digits) > 15)
+ ? (u_long)(ind - digits - 6)
+ : (u_long)(ind - digits);
cp++;
}
diff --git a/contrib/ntp/libntp/mstolfp.c b/contrib/ntp/libntp/mstolfp.c
index 828b14c..7da20dc 100644
--- a/contrib/ntp/libntp/mstolfp.c
+++ b/contrib/ntp/libntp/mstolfp.c
@@ -70,8 +70,7 @@ mstolfp(
*/
*bp++ = '.';
if ((cpdec - cp) < 3) {
- register int i = 3 - (cpdec - cp);
-
+ size_t i = 3 - (cpdec - cp);
do {
*bp++ = '0';
} while (--i > 0);
diff --git a/contrib/ntp/libntp/msyslog.c b/contrib/ntp/libntp/msyslog.c
index cc8868f..9682d30 100644
--- a/contrib/ntp/libntp/msyslog.c
+++ b/contrib/ntp/libntp/msyslog.c
@@ -331,7 +331,7 @@ msnprintf(
)
{
va_list ap;
- size_t rc;
+ int rc;
va_start(ap, fmt);
rc = mvsnprintf(buf, bufsiz, fmt, ap);
diff --git a/contrib/ntp/libntp/ntp_crypto_rnd.c b/contrib/ntp/libntp/ntp_crypto_rnd.c
index 96348f2..2a4f91a 100644
--- a/contrib/ntp/libntp/ntp_crypto_rnd.c
+++ b/contrib/ntp/libntp/ntp_crypto_rnd.c
@@ -16,6 +16,7 @@
#include <l_stdlib.h>
#include <ntp_random.h>
+#include "safecast.h"
#ifdef USE_OPENSSL_CRYPTO_RAND
#include <openssl/err.h>
@@ -93,7 +94,7 @@ ntp_crypto_random_buf(
#ifdef USE_OPENSSL_CRYPTO_RAND
int rc;
- rc = RAND_bytes(buf, nbytes);
+ rc = RAND_bytes(buf, size2int_chk(nbytes));
if (1 != rc) {
unsigned long err;
char *err_str;
diff --git a/contrib/ntp/libntp/ntp_lineedit.c b/contrib/ntp/libntp/ntp_lineedit.c
index a2b2d29..ebd456a 100644
--- a/contrib/ntp/libntp/ntp_lineedit.c
+++ b/contrib/ntp/libntp/ntp_lineedit.c
@@ -29,6 +29,7 @@
#include "ntp.h"
#include "ntp_stdlib.h"
#include "ntp_lineedit.h"
+#include "safecast.h"
#define MAXEDITLINE 512
@@ -213,7 +214,7 @@ ntp_readline(
line = fgets(line_buf, sizeof(line_buf), stdin);
if (NULL != line && *line) {
- *pcount = strlen(line);
+ *pcount = (int)strlen(line); /* cannot overflow here */
line = estrdup(line);
} else
line = NULL;
diff --git a/contrib/ntp/libntp/ntp_rfc2553.c b/contrib/ntp/libntp/ntp_rfc2553.c
index a9ebb4b..8409629 100644
--- a/contrib/ntp/libntp/ntp_rfc2553.c
+++ b/contrib/ntp/libntp/ntp_rfc2553.c
@@ -203,11 +203,12 @@ copy_addrinfo_common(
else
ai_nxt = ai_src->ai_next;
*ai_cpy = *ai_src;
- REQUIRE(ai_src->ai_addrlen <= sizeof(sockaddr_u));
+ DEBUG_INSIST(ai_cpy->ai_canonname == ai_src->ai_canonname);
+ INSIST(ai_src->ai_addrlen <= sizeof(sockaddr_u));
memcpy(psau, ai_src->ai_addr, ai_src->ai_addrlen);
ai_cpy->ai_addr = &psau->sa;
++psau;
- if (NULL != ai_cpy->ai_canonname) {
+ if (NULL != ai_src->ai_canonname) {
ai_cpy->ai_canonname = pcanon;
str_octets = 1 + strlen(ai_src->ai_canonname);
memcpy(pcanon, ai_src->ai_canonname, str_octets);
@@ -480,15 +481,16 @@ do_nodename(
* set elsewhere so that we can set the appropriate wildcard
*/
if (nodename == NULL) {
- ai->ai_addrlen = sizeof(struct sockaddr_storage);
if (ai->ai_family == AF_INET)
{
+ ai->ai_addrlen = sizeof(struct sockaddr_in);
sockin = (struct sockaddr_in *)ai->ai_addr;
sockin->sin_family = (short) ai->ai_family;
sockin->sin_addr.s_addr = htonl(INADDR_ANY);
}
else
{
+ ai->ai_addrlen = sizeof(struct sockaddr_in6);
sockin6 = (struct sockaddr_in6 *)ai->ai_addr;
sockin6->sin6_family = (short) ai->ai_family;
/*
diff --git a/contrib/ntp/libntp/ntp_worker.c b/contrib/ntp/libntp/ntp_worker.c
index 32970da..f5642e1 100644
--- a/contrib/ntp/libntp/ntp_worker.c
+++ b/contrib/ntp/libntp/ntp_worker.c
@@ -150,7 +150,8 @@ available_blocking_child_slot(void)
prev_octets);
blocking_children_alloc = new_alloc;
- return prev_alloc;
+ /* assume we'll never have enough workers to overflow u_int */
+ return (u_int)prev_alloc;
}
diff --git a/contrib/ntp/libntp/snprintf.c b/contrib/ntp/libntp/snprintf.c
index 2b6a374..f4685e1 100644
--- a/contrib/ntp/libntp/snprintf.c
+++ b/contrib/ntp/libntp/snprintf.c
@@ -889,19 +889,19 @@ rpl_vsnprintf(char *str, size_t size, const char *format, va_list args)
switch (cflags) {
case PRINT_C_CHAR:
charptr = va_arg(args, signed char *);
- *charptr = len;
+ *charptr = (signed char)len;
break;
case PRINT_C_SHORT:
shortptr = va_arg(args, short int *);
- *shortptr = len;
+ *shortptr = (short int)len;
break;
case PRINT_C_LONG:
longptr = va_arg(args, long int *);
- *longptr = len;
+ *longptr = (long int)len;
break;
case PRINT_C_LLONG:
llongptr = va_arg(args, LLONG *);
- *llongptr = len;
+ *llongptr = (LLONG)len;
break;
case PRINT_C_SIZE:
/*
@@ -912,19 +912,19 @@ rpl_vsnprintf(char *str, size_t size, const char *format, va_list args)
* size_t argument." (7.19.6.1, 7)
*/
sizeptr = va_arg(args, SSIZE_T *);
- *sizeptr = len;
+ *sizeptr = (SSIZE_T)len;
break;
case PRINT_C_INTMAX:
intmaxptr = va_arg(args, INTMAX_T *);
- *intmaxptr = len;
+ *intmaxptr = (INTMAX_T)len;
break;
case PRINT_C_PTRDIFF:
ptrdiffptr = va_arg(args, PTRDIFF_T *);
- *ptrdiffptr = len;
+ *ptrdiffptr = (PTRDIFF_T)len;
break;
default:
intptr = va_arg(args, int *);
- *intptr = len;
+ *intptr = (int)len;
break;
}
break;
@@ -1209,7 +1209,7 @@ again:
* Factor of ten with the number of digits needed for the fractional
* part. For example, if the precision is 3, the mask will be 1000.
*/
- mask = mypow10(precision);
+ mask = (UINTMAX_T)mypow10(precision);
/*
* We "cheat" by converting the fractional part to integer by
* multiplying by a factor of ten.
@@ -1461,7 +1461,7 @@ cast(LDOUBLE value)
if (value >= UINTMAX_MAX)
return UINTMAX_MAX;
- result = value;
+ result = (UINTMAX_T)value;
/*
* At least on NetBSD/sparc64 3.0.2 and 4.99.30, casting long double to
* an integer type converts e.g. 1.9 to 2 instead of 1 (which violates
diff --git a/contrib/ntp/libntp/socktohost.c b/contrib/ntp/libntp/socktohost.c
index 3d9ab960..fdf9adb 100644
--- a/contrib/ntp/libntp/socktohost.c
+++ b/contrib/ntp/libntp/socktohost.c
@@ -36,13 +36,18 @@ socktohost(
sockaddr_u addr;
size_t octets;
int a_info;
+ int saved_errno;
+
+ saved_errno = socket_errno();
/* reverse the address to purported DNS name */
LIB_GETBUF(pbuf);
gni_flags = NI_DGRAM | NI_NAMEREQD;
if (getnameinfo(&sock->sa, SOCKLEN(sock), pbuf, LIB_BUFLENGTH,
- NULL, 0, gni_flags))
+ NULL, 0, gni_flags)) {
+ errno = saved_errno;
return stoa(sock); /* use address */
+ }
TRACE(1, ("%s reversed to %s\n", stoa(sock), pbuf));
@@ -97,8 +102,10 @@ socktohost(
}
freeaddrinfo(alist);
- if (ai != NULL)
+ if (ai != NULL) {
+ errno = saved_errno;
return pbuf; /* forward check passed */
+ }
forward_fail:
TRACE(1, ("%s forward check lookup fail: %s\n", pbuf,
@@ -106,5 +113,6 @@ socktohost(
LIB_GETBUF(pliar);
snprintf(pliar, LIB_BUFLENGTH, "%s (%s)", stoa(sock), pbuf);
+ errno = saved_errno;
return pliar;
}
diff --git a/contrib/ntp/libntp/systime.c b/contrib/ntp/libntp/systime.c
index f5eabcd..c89d157 100644
--- a/contrib/ntp/libntp/systime.c
+++ b/contrib/ntp/libntp/systime.c
@@ -25,6 +25,8 @@
# include <utmpx.h>
#endif /* HAVE_UTMPX_H */
+int allow_panic = FALSE; /* allow panic correction (-g) */
+int enable_panic_check = TRUE; /* Can we check allow_panic's state? */
#ifndef USE_COMPILETIME_PIVOT
# define USE_COMPILETIME_PIVOT 1
@@ -295,8 +297,13 @@ adj_systime(
* EVNT_NSET adjtime() can be aborted by a tiny adjtime()
* triggered by sys_residual.
*/
- if (0. == now)
+ if (0. == now) {
+ if (enable_panic_check && allow_panic) {
+ msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!");
+ INSIST(!allow_panic);
+ }
return TRUE;
+ }
/*
* Most Unix adjtime() implementations adjust the system clock
@@ -333,9 +340,15 @@ adj_systime(
if (adjtv.tv_sec != 0 || adjtv.tv_usec != 0) {
if (adjtime(&adjtv, &oadjtv) < 0) {
msyslog(LOG_ERR, "adj_systime: %m");
+ if (enable_panic_check && allow_panic) {
+ msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!");
+ }
return FALSE;
}
}
+ if (enable_panic_check && allow_panic) {
+ msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!");
+ }
return TRUE;
}
#endif
@@ -419,6 +432,9 @@ step_systime(
/* now set new system time */
if (ntp_set_tod(&timetv, NULL) != 0) {
msyslog(LOG_ERR, "step-systime: %m");
+ if (enable_panic_check && allow_panic) {
+ msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
+ }
return FALSE;
}
@@ -445,7 +461,7 @@ step_systime(
* long ut_time;
* };
* and appends line="|", name="date", host="", time for the OLD
- * and appends line="{", name="date", host="", time for the NEW
+ * and appends line="{", name="date", host="", time for the NEW // }
* to _PATH_WTMP .
*
* Some OSes have utmp, some have utmpx.
@@ -564,6 +580,10 @@ step_systime(
#endif /* UPDATE_WTMPX */
}
+ if (enable_panic_check && allow_panic) {
+ msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
+ INSIST(!allow_panic);
+ }
return TRUE;
}
diff --git a/contrib/ntp/libntp/work_thread.c b/contrib/ntp/libntp/work_thread.c
index 38d8747..49e90c1 100644
--- a/contrib/ntp/libntp/work_thread.c
+++ b/contrib/ntp/libntp/work_thread.c
@@ -32,16 +32,20 @@
#define THREAD_MINSTACKSIZE (64U * 1024)
#endif
-#ifndef DEVOLATILE
-#define DEVOLATILE(type, var) ((type)(uintptr_t)(volatile void *)(var))
-#endif
-
#ifdef SYS_WINNT
+
# define thread_exit(c) _endthreadex(c)
-# define tickle_sem SetEvent
+# define tickle_sem(sh) ReleaseSemaphore((sh->shnd), 1, NULL)
+u_int WINAPI blocking_thread(void *);
+static BOOL same_os_sema(const sem_ref obj, void * osobj);
+
#else
+
# define thread_exit(c) pthread_exit((void*)(size_t)(c))
# define tickle_sem sem_post
+void * blocking_thread(void *);
+static void block_thread_signals(sigset_t *);
+
#endif
#ifdef WORK_PIPE
@@ -54,18 +58,10 @@ static void start_blocking_thread(blocking_child *);
static void start_blocking_thread_internal(blocking_child *);
static void prepare_child_sems(blocking_child *);
static int wait_for_sem(sem_ref, struct timespec *);
-static void ensure_workitems_empty_slot(blocking_child *);
-static void ensure_workresp_empty_slot(blocking_child *);
+static int ensure_workitems_empty_slot(blocking_child *);
+static int ensure_workresp_empty_slot(blocking_child *);
static int queue_req_pointer(blocking_child *, blocking_pipe_header *);
static void cleanup_after_child(blocking_child *);
-#ifdef SYS_WINNT
-u_int WINAPI blocking_thread(void *);
-#else
-void * blocking_thread(void *);
-#endif
-#ifndef SYS_WINNT
-static void block_thread_signals(sigset_t *);
-#endif
void
@@ -76,7 +72,9 @@ exit_worker(
thread_exit(exitcode); /* see #define thread_exit */
}
-
+/* --------------------------------------------------------------------
+ * sleep for a given time or until the wakup semaphore is tickled.
+ */
int
worker_sleep(
blocking_child * c,
@@ -98,9 +96,7 @@ worker_sleep(
}
# endif
until.tv_sec += seconds;
- do {
- rc = wait_for_sem(c->wake_scheduled_sleep, &until);
- } while (-1 == rc && EINTR == errno);
+ rc = wait_for_sem(c->wake_scheduled_sleep, &until);
if (0 == rc)
return -1;
if (-1 == rc && ETIMEDOUT == errno)
@@ -110,6 +106,9 @@ worker_sleep(
}
+/* --------------------------------------------------------------------
+ * Wake up a worker that takes a nap.
+ */
void
interrupt_worker_sleep(void)
{
@@ -124,65 +123,79 @@ interrupt_worker_sleep(void)
}
}
-
-static void
+/* --------------------------------------------------------------------
+ * Make sure there is an empty slot at the head of the request
+ * queue. Tell if the queue is currently empty.
+ */
+static int
ensure_workitems_empty_slot(
blocking_child *c
)
{
- const size_t each = sizeof(blocking_children[0]->workitems[0]);
- size_t new_alloc;
- size_t old_octets;
- size_t new_octets;
- void * nonvol_workitems;
-
-
- if (c->workitems != NULL &&
- NULL == c->workitems[c->next_workitem])
- return;
-
- new_alloc = c->workitems_alloc + WORKITEMS_ALLOC_INC;
- old_octets = c->workitems_alloc * each;
- new_octets = new_alloc * each;
- nonvol_workitems = DEVOLATILE(void *, c->workitems);
- c->workitems = erealloc_zero(nonvol_workitems, new_octets,
- old_octets);
- if (0 == c->next_workitem)
- c->next_workitem = c->workitems_alloc;
- c->workitems_alloc = new_alloc;
+ /*
+ ** !!! PRECONDITION: caller holds access lock!
+ **
+ ** This simply tries to increase the size of the buffer if it
+ ** becomes full. The resize operation does *not* maintain the
+ ** order of requests, but that should be irrelevant since the
+ ** processing is considered asynchronous anyway.
+ **
+ ** Return if the buffer is currently empty.
+ */
+
+ static const size_t each =
+ sizeof(blocking_children[0]->workitems[0]);
+
+ size_t new_alloc;
+ size_t slots_used;
+
+ slots_used = c->head_workitem - c->tail_workitem;
+ if (slots_used >= c->workitems_alloc) {
+ new_alloc = c->workitems_alloc + WORKITEMS_ALLOC_INC;
+ c->workitems = erealloc(c->workitems, new_alloc * each);
+ c->tail_workitem = 0;
+ c->head_workitem = c->workitems_alloc;
+ c->workitems_alloc = new_alloc;
+ }
+ return (0 == slots_used);
}
-
-static void
+/* --------------------------------------------------------------------
+ * Make sure there is an empty slot at the head of the response
+ * queue. Tell if the queue is currently empty.
+ */
+static int
ensure_workresp_empty_slot(
blocking_child *c
)
{
- const size_t each = sizeof(blocking_children[0]->responses[0]);
- size_t new_alloc;
- size_t old_octets;
- size_t new_octets;
- void * nonvol_responses;
-
- if (c->responses != NULL &&
- NULL == c->responses[c->next_response])
- return;
-
- new_alloc = c->responses_alloc + RESPONSES_ALLOC_INC;
- old_octets = c->responses_alloc * each;
- new_octets = new_alloc * each;
- nonvol_responses = DEVOLATILE(void *, c->responses);
- c->responses = erealloc_zero(nonvol_responses, new_octets,
- old_octets);
- if (0 == c->next_response)
- c->next_response = c->responses_alloc;
- c->responses_alloc = new_alloc;
+ /*
+ ** !!! PRECONDITION: caller holds access lock!
+ **
+ ** Works like the companion function above.
+ */
+
+ static const size_t each =
+ sizeof(blocking_children[0]->responses[0]);
+
+ size_t new_alloc;
+ size_t slots_used;
+
+ slots_used = c->head_response - c->tail_response;
+ if (slots_used >= c->responses_alloc) {
+ new_alloc = c->responses_alloc + RESPONSES_ALLOC_INC;
+ c->responses = erealloc(c->responses, new_alloc * each);
+ c->tail_response = 0;
+ c->head_response = c->responses_alloc;
+ c->responses_alloc = new_alloc;
+ }
+ return (0 == slots_used);
}
-/*
+/* --------------------------------------------------------------------
* queue_req_pointer() - append a work item or idle exit request to
- * blocking_workitems[].
+ * blocking_workitems[]. Employ proper locking.
*/
static int
queue_req_pointer(
@@ -190,21 +203,28 @@ queue_req_pointer(
blocking_pipe_header * hdr
)
{
- c->workitems[c->next_workitem] = hdr;
- c->next_workitem = (1 + c->next_workitem) % c->workitems_alloc;
+ size_t qhead;
+
+ /* >>>> ACCESS LOCKING STARTS >>>> */
+ wait_for_sem(c->accesslock, NULL);
+ ensure_workitems_empty_slot(c);
+ qhead = c->head_workitem;
+ c->workitems[qhead % c->workitems_alloc] = hdr;
+ c->head_workitem = 1 + qhead;
+ tickle_sem(c->accesslock);
+ /* <<<< ACCESS LOCKING ENDS <<<< */
- /*
- * We only want to signal the wakeup event if the child is
- * blocking on it, which is indicated by setting the blocking
- * event. Wait with zero timeout to test.
- */
- /* !!!! if (WAIT_OBJECT_0 == WaitForSingleObject(c->child_is_blocking, 0)) */
- tickle_sem(c->blocking_req_ready);
+ /* queue consumer wake-up notification */
+ tickle_sem(c->workitems_pending);
return 0;
}
-
+/* --------------------------------------------------------------------
+ * API function to make sure a worker is running, a proper private copy
+ * of the data is made, the data eneterd into the queue and the worker
+ * is signalled.
+ */
int
send_blocking_req_internal(
blocking_child * c,
@@ -223,12 +243,8 @@ send_blocking_req_internal(
return 1; /* failure */
payload_octets = hdr->octets - sizeof(*hdr);
- ensure_workitems_empty_slot(c);
- if (NULL == c->thread_ref) {
- ensure_workresp_empty_slot(c);
+ if (NULL == c->thread_ref)
start_blocking_thread(c);
- }
-
threadcopy = emalloc(hdr->octets);
memcpy(threadcopy, hdr, sizeof(*hdr));
memcpy((char *)threadcopy + sizeof(*hdr), data, payload_octets);
@@ -236,43 +252,41 @@ send_blocking_req_internal(
return queue_req_pointer(c, threadcopy);
}
-
+/* --------------------------------------------------------------------
+ * Wait for the 'incoming queue no longer empty' signal, lock the shared
+ * structure and dequeue an item.
+ */
blocking_pipe_header *
receive_blocking_req_internal(
blocking_child * c
)
{
blocking_pipe_header * req;
- int rc;
+ size_t qhead, qtail;
- /*
- * Child blocks here when idle. SysV semaphores maintain a
- * count and release from sem_wait() only when it reaches 0.
- * Windows auto-reset events are simpler, and multiple SetEvent
- * calls before any thread waits result in a single wakeup.
- * On Windows, the child drains all workitems each wakeup, while
- * with SysV semaphores wait_sem() is used before each item.
- */
-#ifdef SYS_WINNT
- while (NULL == c->workitems[c->next_workeritem]) {
- /* !!!! SetEvent(c->child_is_blocking); */
- rc = wait_for_sem(c->blocking_req_ready, NULL);
- INSIST(0 == rc);
- /* !!!! ResetEvent(c->child_is_blocking); */
- }
-#else
+ req = NULL;
do {
- rc = wait_for_sem(c->blocking_req_ready, NULL);
- } while (-1 == rc && EINTR == errno);
- INSIST(0 == rc);
-#endif
+ /* wait for tickle from the producer side */
+ wait_for_sem(c->workitems_pending, NULL);
+
+ /* >>>> ACCESS LOCKING STARTS >>>> */
+ wait_for_sem(c->accesslock, NULL);
+ qhead = c->head_workitem;
+ do {
+ qtail = c->tail_workitem;
+ if (qhead == qtail)
+ break;
+ c->tail_workitem = qtail + 1;
+ qtail %= c->workitems_alloc;
+ req = c->workitems[qtail];
+ c->workitems[qtail] = NULL;
+ } while (NULL == req);
+ tickle_sem(c->accesslock);
+ /* <<<< ACCESS LOCKING ENDS <<<< */
+
+ } while (NULL == req);
- req = c->workitems[c->next_workeritem];
INSIST(NULL != req);
- c->workitems[c->next_workeritem] = NULL;
- c->next_workeritem = (1 + c->next_workeritem) %
- c->workitems_alloc;
-
if (CHILD_EXIT_REQ == req) { /* idled out */
send_blocking_resp_internal(c, CHILD_GONE_RESP);
req = NULL;
@@ -281,44 +295,74 @@ receive_blocking_req_internal(
return req;
}
-
+/* --------------------------------------------------------------------
+ * Push a response into the return queue and eventually tickle the
+ * receiver.
+ */
int
send_blocking_resp_internal(
blocking_child * c,
blocking_pipe_header * resp
)
{
- ensure_workresp_empty_slot(c);
-
- c->responses[c->next_response] = resp;
- c->next_response = (1 + c->next_response) % c->responses_alloc;
-
-#ifdef WORK_PIPE
- write(c->resp_write_pipe, "", 1);
-#else
- tickle_sem(c->blocking_response_ready);
-#endif
-
+ size_t qhead;
+ int empty;
+
+ /* >>>> ACCESS LOCKING STARTS >>>> */
+ wait_for_sem(c->accesslock, NULL);
+ empty = ensure_workresp_empty_slot(c);
+ qhead = c->head_response;
+ c->responses[qhead % c->responses_alloc] = resp;
+ c->head_response = 1 + qhead;
+ tickle_sem(c->accesslock);
+ /* <<<< ACCESS LOCKING ENDS <<<< */
+
+ /* queue consumer wake-up notification */
+ if (empty)
+ {
+# ifdef WORK_PIPE
+ write(c->resp_write_pipe, "", 1);
+# else
+ tickle_sem(c->responses_pending);
+# endif
+ }
return 0;
}
#ifndef WORK_PIPE
+
+/* --------------------------------------------------------------------
+ * Check if a (Windows-)hanndle to a semaphore is actually the same we
+ * are using inside the sema wrapper.
+ */
+static BOOL
+same_os_sema(
+ const sem_ref obj,
+ void* osh
+ )
+{
+ return obj && osh && (obj->shnd == (HANDLE)osh);
+}
+
+/* --------------------------------------------------------------------
+ * Find the shared context that associates to an OS handle and make sure
+ * the data is dequeued and processed.
+ */
void
handle_blocking_resp_sem(
void * context
)
{
- HANDLE ready;
blocking_child * c;
u_int idx;
- ready = (HANDLE)context;
c = NULL;
for (idx = 0; idx < blocking_children_alloc; idx++) {
c = blocking_children[idx];
- if (c != NULL && c->thread_ref != NULL &&
- ready == c->blocking_response_ready)
+ if (c != NULL &&
+ c->thread_ref != NULL &&
+ same_os_sema(c->responses_pending, context))
break;
}
if (idx < blocking_children_alloc)
@@ -326,26 +370,41 @@ handle_blocking_resp_sem(
}
#endif /* !WORK_PIPE */
-
+/* --------------------------------------------------------------------
+ * Fetch the next response from the return queue. In case of signalling
+ * via pipe, make sure the pipe is flushed, too.
+ */
blocking_pipe_header *
receive_blocking_resp_internal(
blocking_child * c
)
{
blocking_pipe_header * removed;
+ size_t qhead, qtail, slot;
+
#ifdef WORK_PIPE
int rc;
char scratch[32];
- do {
+ do
rc = read(c->resp_read_pipe, scratch, sizeof(scratch));
- } while (-1 == rc && EINTR == errno);
+ while (-1 == rc && EINTR == errno);
#endif
- removed = c->responses[c->next_workresp];
+
+ /* >>>> ACCESS LOCKING STARTS >>>> */
+ wait_for_sem(c->accesslock, NULL);
+ qhead = c->head_response;
+ qtail = c->tail_response;
+ for (removed = NULL; !removed && (qhead != qtail); ++qtail) {
+ slot = qtail % c->responses_alloc;
+ removed = c->responses[slot];
+ c->responses[slot] = NULL;
+ }
+ c->tail_response = qtail;
+ tickle_sem(c->accesslock);
+ /* <<<< ACCESS LOCKING ENDS <<<< */
+
if (NULL != removed) {
- c->responses[c->next_workresp] = NULL;
- c->next_workresp = (1 + c->next_workresp) %
- c->responses_alloc;
DEBUG_ENSURE(CHILD_GONE_RESP == removed ||
BLOCKING_RESP_MAGIC == removed->magic_sig);
}
@@ -357,7 +416,9 @@ receive_blocking_resp_internal(
return removed;
}
-
+/* --------------------------------------------------------------------
+ * Light up a new worker.
+ */
static void
start_blocking_thread(
blocking_child * c
@@ -370,40 +431,45 @@ start_blocking_thread(
start_blocking_thread_internal(c);
}
-
+/* --------------------------------------------------------------------
+ * Create a worker thread. There are several differences between POSIX
+ * and Windows, of course -- most notably the Windows thread is no
+ * detached thread, and we keep the handle around until we want to get
+ * rid of the thread. The notification scheme also differs: Windows
+ * makes use of semaphores in both directions, POSIX uses a pipe for
+ * integration with 'select()' or alike.
+ */
static void
start_blocking_thread_internal(
blocking_child * c
)
#ifdef SYS_WINNT
{
- thr_ref blocking_child_thread;
- u_int blocking_thread_id;
BOOL resumed;
- (*addremove_io_semaphore)(c->blocking_response_ready, FALSE);
- blocking_child_thread =
+ c->thread_ref = NULL;
+ (*addremove_io_semaphore)(c->responses_pending->shnd, FALSE);
+ c->thr_table[0].thnd =
(HANDLE)_beginthreadex(
NULL,
0,
&blocking_thread,
c,
CREATE_SUSPENDED,
- &blocking_thread_id);
+ NULL);
- if (NULL == blocking_child_thread) {
+ if (NULL == c->thr_table[0].thnd) {
msyslog(LOG_ERR, "start blocking thread failed: %m");
exit(-1);
}
- c->thread_id = blocking_thread_id;
- c->thread_ref = blocking_child_thread;
/* remember the thread priority is only within the process class */
- if (!SetThreadPriority(blocking_child_thread,
+ if (!SetThreadPriority(c->thr_table[0].thnd,
THREAD_PRIORITY_BELOW_NORMAL))
msyslog(LOG_ERR, "Error lowering blocking thread priority: %m");
- resumed = ResumeThread(blocking_child_thread);
+ resumed = ResumeThread(c->thr_table[0].thnd);
DEBUG_INSIST(resumed);
+ c->thread_ref = &c->thr_table[0];
}
#else /* pthreads start_blocking_thread_internal() follows */
{
@@ -419,6 +485,8 @@ start_blocking_thread_internal(
size_t stacksize;
sigset_t saved_sig_mask;
+ c->thread_ref = NULL;
+
# ifdef NEED_PTHREAD_INIT
/*
* from lib/isc/unix/app.c:
@@ -475,7 +543,7 @@ start_blocking_thread_internal(
#endif
c->thread_ref = emalloc_zero(sizeof(*c->thread_ref));
block_thread_signals(&saved_sig_mask);
- rc = pthread_create(c->thread_ref, &thr_attr,
+ rc = pthread_create(&c->thr_table[0], &thr_attr,
&blocking_thread, c);
saved_errno = errno;
pthread_sigmask(SIG_SETMASK, &saved_sig_mask, NULL);
@@ -485,11 +553,11 @@ start_blocking_thread_internal(
msyslog(LOG_ERR, "pthread_create() blocking child: %m");
exit(1);
}
+ c->thread_ref = &c->thr_table[0];
}
#endif
-
-/*
+/* --------------------------------------------------------------------
* block_thread_signals()
*
* Temporarily block signals used by ntpd main thread, so that signal
@@ -538,61 +606,101 @@ block_thread_signals(
#endif /* !SYS_WINNT */
-/*
+/* --------------------------------------------------------------------
+ * Create & destroy semaphores. This is sufficiently different between
+ * POSIX and Windows to warrant wrapper functions and close enough to
+ * use the concept of synchronization via semaphore for all platforms.
+ */
+static sem_ref
+create_sema(
+ sema_type* semptr,
+ u_int inival,
+ u_int maxval)
+{
+#ifdef SYS_WINNT
+
+ long svini, svmax;
+ if (NULL != semptr) {
+ svini = (inival < LONG_MAX)
+ ? (long)inival : LONG_MAX;
+ svmax = (maxval < LONG_MAX && maxval > 0)
+ ? (long)maxval : LONG_MAX;
+ semptr->shnd = CreateSemaphore(NULL, svini, svmax, NULL);
+ if (NULL == semptr->shnd)
+ semptr = NULL;
+ }
+
+#else
+
+ (void)maxval;
+ if (semptr && sem_init(semptr, FALSE, inival))
+ semptr = NULL;
+
+#endif
+
+ return semptr;
+}
+
+/* ------------------------------------------------------------------ */
+static sem_ref
+delete_sema(
+ sem_ref obj)
+{
+
+# ifdef SYS_WINNT
+
+ if (obj) {
+ if (obj->shnd)
+ CloseHandle(obj->shnd);
+ obj->shnd = NULL;
+ }
+
+# else
+
+ if (obj)
+ sem_destroy(obj);
+
+# endif
+
+ return NULL;
+}
+
+/* --------------------------------------------------------------------
* prepare_child_sems()
*
- * create sync events (semaphores)
- * child_is_blocking initially unset
- * blocking_req_ready initially unset
+ * create sync & access semaphores
*
- * Child waits for blocking_req_ready to be set after
- * setting child_is_blocking. blocking_req_ready and
- * blocking_response_ready are auto-reset, so wake one
- * waiter and become unset (unsignalled) in one operation.
+ * All semaphores are cleared, only the access semaphore has 1 unit.
+ * Childs wait on 'workitems_pending', then grabs 'sema_access'
+ * and dequeues jobs. When done, 'sema_access' is given one unit back.
+ *
+ * The producer grabs 'sema_access', manages the queue, restores
+ * 'sema_access' and puts one unit into 'workitems_pending'.
+ *
+ * The story goes the same for the response queue.
*/
static void
prepare_child_sems(
blocking_child *c
)
-#ifdef SYS_WINNT
-{
- if (NULL == c->blocking_req_ready) {
- /* manual reset using ResetEvent() */
- /* !!!! c->child_is_blocking = CreateEvent(NULL, TRUE, FALSE, NULL); */
- /* auto reset - one thread released from wait each set */
- c->blocking_req_ready = CreateEvent(NULL, FALSE, FALSE, NULL);
- c->blocking_response_ready = CreateEvent(NULL, FALSE, FALSE, NULL);
- c->wake_scheduled_sleep = CreateEvent(NULL, FALSE, FALSE, NULL);
- } else {
- /* !!!! ResetEvent(c->child_is_blocking); */
- /* ResetEvent(c->blocking_req_ready); */
- /* ResetEvent(c->blocking_response_ready); */
- /* ResetEvent(c->wake_scheduled_sleep); */
- }
-}
-#else /* pthreads prepare_child_sems() follows */
{
- size_t octets;
-
- if (NULL == c->blocking_req_ready) {
- octets = sizeof(*c->blocking_req_ready);
- octets += sizeof(*c->wake_scheduled_sleep);
- /* !!!! octets += sizeof(*c->child_is_blocking); */
- c->blocking_req_ready = emalloc_zero(octets);;
- c->wake_scheduled_sleep = 1 + c->blocking_req_ready;
- /* !!!! c->child_is_blocking = 1 + c->wake_scheduled_sleep; */
- } else {
- sem_destroy(c->blocking_req_ready);
- sem_destroy(c->wake_scheduled_sleep);
- /* !!!! sem_destroy(c->child_is_blocking); */
- }
- sem_init(c->blocking_req_ready, FALSE, 0);
- sem_init(c->wake_scheduled_sleep, FALSE, 0);
- /* !!!! sem_init(c->child_is_blocking, FALSE, 0); */
+ c->accesslock = create_sema(&c->sem_table[0], 1, 1);
+ c->workitems_pending = create_sema(&c->sem_table[1], 0, 0);
+ c->wake_scheduled_sleep = create_sema(&c->sem_table[2], 0, 1);
+# ifndef WORK_PIPE
+ c->responses_pending = create_sema(&c->sem_table[3], 0, 0);
+# endif
}
-#endif
-
+/* --------------------------------------------------------------------
+ * wait for semaphore. Where the wait can be interrupted, it will
+ * internally resume -- When this function returns, there is either no
+ * semaphore at all, a timeout occurred, or the caller could
+ * successfully take a token from the semaphore.
+ *
+ * For untimed wait, not checking the result of this function at all is
+ * definitely an option.
+ */
static int
wait_for_sem(
sem_ref sem,
@@ -605,6 +713,11 @@ wait_for_sem(
DWORD msec;
DWORD rc;
+ if (!(sem && sem->shnd)) {
+ errno = EINVAL;
+ return -1;
+ }
+
if (NULL == timeout) {
msec = INFINITE;
} else {
@@ -619,7 +732,7 @@ wait_for_sem(
msec += delta.tv_nsec / (1000 * 1000);
}
}
- rc = WaitForSingleObject(sem, msec);
+ rc = WaitForSingleObject(sem->shnd, msec);
if (WAIT_OBJECT_0 == rc)
return 0;
if (WAIT_TIMEOUT == rc) {
@@ -632,24 +745,28 @@ wait_for_sem(
}
#else /* pthreads wait_for_sem() follows */
{
- int rc;
-
- if (NULL == timeout)
- rc = sem_wait(sem);
+ int rc = -1;
+
+ if (sem) do {
+ if (NULL == timeout)
+ rc = sem_wait(sem);
+ else
+ rc = sem_timedwait(sem, timeout);
+ } while (rc == -1 && errno == EINTR);
else
- rc = sem_timedwait(sem, timeout);
-
+ errno = EINVAL;
+
return rc;
}
#endif
-
-/*
- * blocking_thread - thread functions have WINAPI calling convention
+/* --------------------------------------------------------------------
+ * blocking_thread - thread functions have WINAPI (aka 'stdcall')
+ * calling conventions under Windows and POSIX-defined signature
+ * otherwise.
*/
#ifdef SYS_WINNT
-u_int
-WINAPI
+u_int WINAPI
#else
void *
#endif
@@ -666,20 +783,28 @@ blocking_thread(
return 0;
}
-
-/*
+/* --------------------------------------------------------------------
* req_child_exit() runs in the parent.
+ *
+ * This function is called from from the idle timer, too, and possibly
+ * without a thread being there any longer. Since we have folded up our
+ * tent in that case and all the semaphores are already gone, we simply
+ * ignore this request in this case.
+ *
+ * Since the existence of the semaphores is controlled exclusively by
+ * the parent, there's no risk of data race here.
*/
int
req_child_exit(
blocking_child *c
)
{
- return queue_req_pointer(c, CHILD_EXIT_REQ);
+ return (c->accesslock)
+ ? queue_req_pointer(c, CHILD_EXIT_REQ)
+ : 0;
}
-
-/*
+/* --------------------------------------------------------------------
* cleanup_after_child() runs in parent.
*/
static void
@@ -687,17 +812,27 @@ cleanup_after_child(
blocking_child * c
)
{
- u_int idx;
-
DEBUG_INSIST(!c->reusable);
-#ifdef SYS_WINNT
- INSIST(CloseHandle(c->thread_ref));
-#else
- free(c->thread_ref);
-#endif
+
+# ifdef SYS_WINNT
+ /* The thread was not created in detached state, so we better
+ * clean up.
+ */
+ if (c->thread_ref && c->thread_ref->thnd) {
+ WaitForSingleObject(c->thread_ref->thnd, INFINITE);
+ INSIST(CloseHandle(c->thread_ref->thnd));
+ c->thread_ref->thnd = NULL;
+ }
+# endif
c->thread_ref = NULL;
- c->thread_id = 0;
-#ifdef WORK_PIPE
+
+ /* remove semaphores and (if signalling vi IO) pipes */
+
+ c->accesslock = delete_sema(c->accesslock);
+ c->workitems_pending = delete_sema(c->workitems_pending);
+ c->wake_scheduled_sleep = delete_sema(c->wake_scheduled_sleep);
+
+# ifdef WORK_PIPE
DEBUG_INSIST(-1 != c->resp_read_pipe);
DEBUG_INSIST(-1 != c->resp_write_pipe);
(*addremove_io_fd)(c->resp_read_pipe, c->ispipe, TRUE);
@@ -705,18 +840,22 @@ cleanup_after_child(
close(c->resp_read_pipe);
c->resp_write_pipe = -1;
c->resp_read_pipe = -1;
-#else
- DEBUG_INSIST(NULL != c->blocking_response_ready);
- (*addremove_io_semaphore)(c->blocking_response_ready, TRUE);
-#endif
- for (idx = 0; idx < c->workitems_alloc; idx++)
- c->workitems[idx] = NULL;
- c->next_workitem = 0;
- c->next_workeritem = 0;
- for (idx = 0; idx < c->responses_alloc; idx++)
- c->responses[idx] = NULL;
- c->next_response = 0;
- c->next_workresp = 0;
+# else
+ DEBUG_INSIST(NULL != c->responses_pending);
+ (*addremove_io_semaphore)(c->responses_pending->shnd, TRUE);
+ c->responses_pending = delete_sema(c->responses_pending);
+# endif
+
+ /* Is it necessary to check if there are pending requests and
+ * responses? If so, and if there are, what to do with them?
+ */
+
+ /* re-init buffer index sequencers */
+ c->head_workitem = 0;
+ c->tail_workitem = 0;
+ c->head_response = 0;
+ c->tail_response = 0;
+
c->reusable = TRUE;
}
OpenPOWER on IntegriCloud