| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Due to lack the priority propagation feature replace sx by mutex. WIth this
commit NPTL tests are ends in 1 minute faster.
MFC r300414:
For future use move futex timeout code to the separate function and
switch to the high resolution sbintime_t.
|
| |
|
|
|
| |
Add my copyright as I rewrote most of the futex code. Minor style(9) cleanup
while here.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux]
o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux]
o Fix TCP MD5 signature denial of service. [SA-16:05.tcp]
o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]
Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879
Security: FreeBSD-SA-16:03.linux, CVE-2016-1880
Security: FreeBSD-SA-16:04.linux, CVE-2016-1881
Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882
Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
------------------------------------------------------------------------
r292743 | dchagin | 2015-12-26 01:04:47 -0800 (сб, 26 дек. 2015) | 5 lines
Do not allow access to emuldata for non Linux processes.
------------------------------------------------------------------------
r293627 | dchagin | 2016-01-09 23:36:43 -0800 (сб, 09 янв. 2016) | 6 lines
Unlock process lock when return error from getrobustlist call and add
an forgotten dtrace probe when return the same error.
|
| |
|
|
|
| |
Do not use struct l_timespec without conversion. While here move
args->timeout handling before acquiring the futex key at FUTEX_WAIT path.
|
| |
|
|
| |
Add prototypes for static futex functions.
|
| |
|
|
| |
Print out unsupported futex operation message only once for the process.
|
| |
|
|
|
| |
Where possible we will use M_LINUX malloc(9) type.
Move M_FUTEX defines to the linux_common.ko.
|
| |
|
|
|
|
|
|
|
| |
Refund the proc emuldata struct for future use. For now move flags from
thread emuldata to proc emuldata as it was originally intended.
As we can have both 64 & 32 bit Linuxulator running any eventhandler
can be called twice for us. To prevent this move eventhandlers code
from linux_emul.c to the linux_common.ko module.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch linuxulator to use the native 1:1 threads.
The reasons:
1. Get rid of the stubs/quirks with process dethreading,
process reparent when the process group leader exits and close
to this problems on wait(), waitpid(), etc.
2. Reuse our kernel code instead of writing excessive thread
managment routines in Linuxulator.
Implementation details:
1. The thread is created via kern_thr_new() in the clone() call with
the CLONE_THREAD parameter. Thus, everything else is a process.
2. The test that the process has a threads is done via P_HADTHREADS
bit p_flag of struct proc.
3. Per thread emulator state data structure is now located in the
struct thread and freed in the thread_dtor() hook.
Mandatory holdig of the p_mtx required when referencing emuldata
from the other threads.
4. PID mangling has changed. Now Linux pid is the native tid
and Linux tgid is the native pid, with the exception of the first
thread in the process where tid and pid are one and the same.
Ugliness:
In case when the Linux thread is the initial thread in the thread
group thread id is equal to the process id. Glibc depends on this
magic (assert in pthread_getattr_np.c). So for system calls that
take thread id as a parameter we should use the special method
to reference struct thread.
|
| |
|
|
|
| |
Fix Clang warning: passing 'unsigned int *' to parameter of type 'int *'
converts between pointers to integer types with different sign.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Glibc was switched to the FUTEX_WAIT_BITSET op and CLOCK_REALTIME
flag has been added instead of FUTEX_WAIT to replace the FUTEX_WAIT
logic which needs to do gettimeofday() calls before the futex syscall
to convert the absolute timeout to a relative timeout.
Before this the CLOCK_MONOTONIC used by the FUTEX_WAIT_BITSET op.
When the FUTEX_CLOCK_REALTIME is specified the timeout is an absolute
time, not a relative time. Rework futex_wait to handle this.
On the side fix the futex leak in error case and remove useless
parentheses.
Properly calculate the timeout for the CLOCK_MONOTONIC case.
Tested by: Hans Petter Selasky
|
| |
|
|
|
|
|
|
|
|
|
| |
In r218101 I have not changed properly the futex syscall definition.
Some Linux futex ops atomically verifies that the futex address uaddr
(uval) contains the value val. Comparing signed uval and unsigned val
may lead to an unexpected result, mostly to a deadlock.
So copyin uaddr to an unsigned int to compare the parameters correctly.
While here change ktr records to print parameters in more readable format.
|
| |
|
|
|
|
| |
Reviewed by: rwatson (mac provider)
Approved by: re (glebius)
MFC after: 1 week
|
| |
|
|
|
|
| |
cast the pointer to avoid incorrect pointer scaling.
MFC after: 1 Week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- DTrace scripts to check for errors, performance, ...
they serve mostly as examples of what you can do with the static probe;s
with moderate load the scripts may be overwhelmed, excessive lock-tracing
may influence program behavior (see the last design decission)
Design decissions:
- use "linuxulator" as the provider for the native bitsize; add the
bitsize for the non-native emulation (e.g. "linuxuator32" on amd64)
- Add probes only for locks which are acquired in one function and released
in another function. Locks which are aquired and released in the same
function should be easy to pair in the code, inter-function
locking is more easy to verify in DTrace.
- Probes for locks should be fired after locking and before releasing to
prevent races (to provide data/function stability in DTrace, see the
man-page of "dtrace -v ..." and the corresponding DTrace docs).
|
| |
|
|
| |
This means that their use is restricted to a single C file.
|
| |
|
|
|
| |
Submitted by: netchild
MFC after: 1 week
|
| |
|
|
| |
MFC after: 1 Week
|
| |
|
|
|
|
|
|
| |
if page mapped MAP_ANON linux uses private algorithm too.
Disscussed with: jhb
MFC after: 3 Days
|
| |
|
|
|
|
|
|
|
|
|
|
| |
different processes that happen to use the same user address in the
separate processes will now be treated as distinct futexes rather than the
same futex. We can now honor shared futexes properly by mapping them to a
PROCESS_SHARED umtx_key. Private futexes use THREAD_SHARED umtx_key
objects.
In conjunction with: dchagin
Reviewed by: kib
MFC after: 1 week
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Otherwise, REQUEUE operations fails.
|
| |
|
|
| |
Reimplement used_requeue logic with LINUX_XDEPR_REQUEUEOP flag.
|
| |
|
|
|
| |
Submitted by: arundel
MFC after: 1 month.
|
| |
|
|
|
| |
Submitted by: arundel
MFC after: 1 month.
|
| |
|
|
|
|
|
| |
them consistent with the syscall and ipc messages.
Submitted by: arundel
MFC after: 3 days
|
| |
|
|
|
| |
Submitted by: arundel
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
unsupported futex operation
- for those futex operations which are known to be not supported,
print out which futex operation it is
- shortcut the error return of the unsupported FUTEX_CLOCK_REALTIME in
some cases:
FUTEX_CLOCK_REALTIME can be used to tell linux to use
CLOCK_REALTIME instead of CLOCK_MONOTONIC. FUTEX_CLOCK_REALTIME
however must only be set, if either FUTEX_WAIT_BITSET or
FUTEX_WAIT_REQUEUE_PI are set too. If that's not the case
we can die with ENOSYS right at the beginning.
Submitted by: arundel
Reviewed by: rdivacky (earlier iteration of the patch)
MFC after: 1 week
|
| |
|
|
|
| |
if the given timeout is invalid. Consistently use int type for timeout and
correct a format string in futex_sleep().
|
| |
|
|
|
|
| |
Submitted by: arundel
Found by: clang analysis (automatic service by uqs@)
Reviewed by: rdivacky
|
| |
|
|
|
| |
Submitted by: Marc Balmer <marc@msys.ch>
MFC after: 1 week
|
| |
|
|
|
|
| |
Tested by: Alexander Best <alexbestms at math uni-muenster de>
Approved by: kib (mentor)
MFC after: 3 days
|
| |
|
|
|
| |
Approved by: kib (mentor)
MFC after: 1 month
|
| |
|
|
|
| |
Approved by: kib (mentor)
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Old implemention used Giant to protect the kernel data structures,
but at the same time called malloc(M_WAITOK), that could cause the
calling thread to sleep and lost Giant protection. User-visible
result was the missed wakeup.
New implementation uses one sx lock per futex. The sx protects
the futex structures and allows to sleep while copyin or copyout
are performed.
Unlike linux, we return EINVAL when FUTEX_CMP_REQUEUE operation
is requested and either caller specified futexes are equial or
second futex already exists. This is acceptable since the situation
can only occur from the application error, and glibc falls back to
old FUTEX_WAKE operation when FUTEX_CMP_REQUEUE returns an error.
Approved by: kib (mentor)
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Glibc does not use this operation since 2.3.3 version (Jun 2004),
as it is racy and replaced by FUTEX_CMP_REQUEUE operation.
Glibc versions prior to 2.3.3 fall back to FUTEX_WAKE when
FUTEX_REQUEUE returned EINVAL.
Any application directly using FUTEX_REQUEUE without return
value checking are definitely broken.
Limit quantity of messages per process about unsupported
operation.
Approved by: kib (mentor)
MFC after: 1 month
|
| |
|
|
|
| |
Approved by: kib (mentor)
MFC after: 2 weeks
|
| |
|
|
|
| |
Approved by: kib (mentor)
MFC after: 2 weeks
|
| |
|
|
|
| |
Approved by: kib (mentor)
MFC after: 6 days
|
| |
|
|
|
|
| |
and glibc actually supplies negative offsets. Change l_ulong to l_long.
Submitted by: dchagin
|
| |
|
|
|
|
|
|
| |
user-mode pointers. Change types used in the structures definitions to
properly-sized architecture-specific types.
Submitted by: dchagin
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
| |
what Linux does. This is because robust futexes are mostly
userspace thing which we cannot alter. Two syscalls maintain
pointer to userspace list and when process exits a routine
walks this list waking up processes sleeping on futexes
from that list.
Reviewed by: kib (mentor)
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
so the annoying message is not printed.
o Don't warn about FUTEX_FD not being implemented
and return ENOSYS instead of 0 (eg. success).
o Clear FUTEX_PRIVATE_FLAG as we actually implement
only private futexes so there is no reason to
return ENOSYS when app asks for a private futex.
We don't reject shared futexes because they worked
just fine with our implementation so far.
Approved by: kib (mentor)
Tested by: bsam
MFC after: 1 week
|
| |
|
|
|
| |
Submitted by: rdivacky
Reported and tested by: Gary Stanley <gary velocity-servers net>
|
| |
|
|
|
|
|
|
|
|
| |
Implement all futex atomic operations in assembler to not depend on the
fuword() that does not allow to distinguish between -1 and failure return.
Correctly return 0 from atomic operations on success.
In collaboration with: rdivacky
Tested by: Scot Hetzel <swhetzel gmail com>, Milos Vyletel <mvyletel mzm cz>
Sponsored by: Google SoC 2007
|
| |
|
|
|
|
|
| |
Initial patch was submitted by kib and additional work was done
by Divacky Roman.
Tested by: emulation
|
