| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Fix NULL pointer dereference in futex_wake_op() in case when the same
address specified for arguments uaddr and uaddr2.
PR: 218987
|
| |
|
|
| |
Remove excess tv_nsec test as this is done by linux_to_native_timespec().
|
| |
|
|
|
|
| |
switch to the high resolution sbintime_t.
MFC after: 1 week
|
| |
|
|
|
|
| |
commit NPTL tests are ends in 1 minute faster.
MFC after: 1 week
|
| |
|
|
|
|
| |
while here.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The set_robust_list system call request the kernel to record the head
of the list of robust futexes owned by the calling thread. The head
argument is the list head to record.
The get_robust_list system call should return the head of the robust
list of the thread whose thread id is specified in pid argument.
The list head should be stored in the location pointed to by head
argument.
In contrast, our implemenattion of get_robust_list system call copies
the known portion of memory pointed by recorded in set_robust_list
system call pointer to the head of the robust list to the location
pointed by head argument.
So, it is possible for a local attacker to read portions of kernel
memory, which may result in a privilege escalation.
Submitted by: mjg
Security: SA-16:03.linux
|
| |
|
|
|
|
|
| |
an forgotten dtrace probe when return the same error.
MFC after: 3 days
XMFC with: r292743
|
| |
|
|
|
| |
Pointed out by: mjg@
Security: https://admbugs.freebsd.org/show_bug.cgi?id=679
|
| |
|
|
|
|
|
| |
args->timeout handling before acquiring the futex key at FUTEX_WAIT path.
Differential Revision: https://reviews.freebsd.org/D1520
Reviewed by: trasz
|
| |
|
|
|
| |
Differential Revision: https://reviews.freebsd.org/D1519
Reviewed by: trasz
|
| |
|
|
| |
Differential Revision: https://reviews.freebsd.org/D1498
|
| |
|
|
|
|
|
| |
Move M_FUTEX defines to the linux_common.ko.
Differential Revision: https://reviews.freebsd.org/D1077
Reviewed by: emaste
|
| |
|
|
|
|
|
|
|
|
| |
thread emuldata to proc emuldata as it was originally intended.
As we can have both 64 & 32 bit Linuxulator running any eventhandler
can be called twice for us. To prevent this move eventhandlers code
from linux_emul.c to the linux_common.ko module.
Differential Revision: https://reviews.freebsd.org/D1073
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The reasons:
1. Get rid of the stubs/quirks with process dethreading,
process reparent when the process group leader exits and close
to this problems on wait(), waitpid(), etc.
2. Reuse our kernel code instead of writing excessive thread
managment routines in Linuxulator.
Implementation details:
1. The thread is created via kern_thr_new() in the clone() call with
the CLONE_THREAD parameter. Thus, everything else is a process.
2. The test that the process has a threads is done via P_HADTHREADS
bit p_flag of struct proc.
3. Per thread emulator state data structure is now located in the
struct thread and freed in the thread_dtor() hook.
Mandatory holdig of the p_mtx required when referencing emuldata
from the other threads.
4. PID mangling has changed. Now Linux pid is the native tid
and Linux tgid is the native pid, with the exception of the first
thread in the process where tid and pid are one and the same.
Ugliness:
In case when the Linux thread is the initial thread in the thread
group thread id is equal to the process id. Glibc depends on this
magic (assert in pthread_getattr_np.c). So for system calls that
take thread id as a parameter we should use the special method
to reference struct thread.
Differential Revision: https://reviews.freebsd.org/D1039
|
| |
|
|
|
|
| |
converts between pointers to integer types with different sign.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
flag has been added instead of FUTEX_WAIT to replace the FUTEX_WAIT
logic which needs to do gettimeofday() calls before the futex syscall
to convert the absolute timeout to a relative timeout.
Before this the CLOCK_MONOTONIC used by the FUTEX_WAIT_BITSET op.
When the FUTEX_CLOCK_REALTIME is specified the timeout is an absolute
time, not a relative time. Rework futex_wait to handle this.
On the side fix the futex leak in error case and remove useless
parentheses.
Properly calculate the timeout for the CLOCK_MONOTONIC case.
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some Linux futex ops atomically verifies that the futex address uaddr
(uval) contains the value val. Comparing signed uval and unsigned val
may lead to an unexpected result, mostly to a deadlock.
So copyin uaddr to an unsigned int to compare the parameters correctly.
While here change ktr records to print parameters in more readable format.
Tested by eadler@
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
option, unbreak the lock tracing release semantic by embedding
calls to LOCKSTAT_PROFILE_RELEASE_LOCK() direclty in the inlined
version of the releasing functions for mutex, rwlock and sxlock.
Failing to do so skips the lockstat_probe_func invokation for
unlocking.
- As part of the LOCKSTAT support is inlined in mutex operation, for
kernel compiled without lock debugging options, potentially every
consumer must be compiled including opt_kdtrace.h.
Fix this by moving KDTRACE_HOOKS into opt_global.h and remove the
dependency by opt_kdtrace.h for all files, as now only KDTRACE_FRAMES
is linked there and it is only used as a compile-time stub [0].
[0] immediately shows some new bug as DTRACE-derived support for debug
in sfxge is broken and it was never really tested. As it was not
including correctly opt_kdtrace.h before it was never enabled so it
was kept broken for a while. Fix this by using a protection stub,
leaving sfxge driver authors the responsibility for fixing it
appropriately [1].
Sponsored by: EMC / Isilon storage division
Discussed with: rstone
[0] Reported by: rstone
[1] Discussed with: philip
|
| |
|
|
|
|
| |
Reviewed by: rwatson (mac provider)
Approved by: re (glebius)
MFC after: 1 week
|
| |
|
|
|
|
| |
cast the pointer to avoid incorrect pointer scaling.
MFC after: 1 Week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- DTrace scripts to check for errors, performance, ...
they serve mostly as examples of what you can do with the static probe;s
with moderate load the scripts may be overwhelmed, excessive lock-tracing
may influence program behavior (see the last design decission)
Design decissions:
- use "linuxulator" as the provider for the native bitsize; add the
bitsize for the non-native emulation (e.g. "linuxuator32" on amd64)
- Add probes only for locks which are acquired in one function and released
in another function. Locks which are aquired and released in the same
function should be easy to pair in the code, inter-function
locking is more easy to verify in DTrace.
- Probes for locks should be fired after locking and before releasing to
prevent races (to provide data/function stability in DTrace, see the
man-page of "dtrace -v ..." and the corresponding DTrace docs).
|
| |
|
|
| |
This means that their use is restricted to a single C file.
|
| |
|
|
|
| |
Submitted by: netchild
MFC after: 1 week
|
| |
|
|
| |
MFC after: 1 Week
|
| |
|
|
|
|
|
|
| |
if page mapped MAP_ANON linux uses private algorithm too.
Disscussed with: jhb
MFC after: 3 Days
|
| |
|
|
|
|
|
|
|
|
|
|
| |
different processes that happen to use the same user address in the
separate processes will now be treated as distinct futexes rather than the
same futex. We can now honor shared futexes properly by mapping them to a
PROCESS_SHARED umtx_key. Private futexes use THREAD_SHARED umtx_key
objects.
In conjunction with: dchagin
Reviewed by: kib
MFC after: 1 week
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Otherwise, REQUEUE operations fails.
|
| |
|
|
| |
Reimplement used_requeue logic with LINUX_XDEPR_REQUEUEOP flag.
|
| |
|
|
|
| |
Submitted by: arundel
MFC after: 1 month.
|
| |
|
|
|
| |
Submitted by: arundel
MFC after: 1 month.
|
| |
|
|
|
|
|
| |
them consistent with the syscall and ipc messages.
Submitted by: arundel
MFC after: 3 days
|
| |
|
|
|
| |
Submitted by: arundel
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
unsupported futex operation
- for those futex operations which are known to be not supported,
print out which futex operation it is
- shortcut the error return of the unsupported FUTEX_CLOCK_REALTIME in
some cases:
FUTEX_CLOCK_REALTIME can be used to tell linux to use
CLOCK_REALTIME instead of CLOCK_MONOTONIC. FUTEX_CLOCK_REALTIME
however must only be set, if either FUTEX_WAIT_BITSET or
FUTEX_WAIT_REQUEUE_PI are set too. If that's not the case
we can die with ENOSYS right at the beginning.
Submitted by: arundel
Reviewed by: rdivacky (earlier iteration of the patch)
MFC after: 1 week
|
| |
|
|
|
| |
if the given timeout is invalid. Consistently use int type for timeout and
correct a format string in futex_sleep().
|
| |
|
|
|
|
| |
Submitted by: arundel
Found by: clang analysis (automatic service by uqs@)
Reviewed by: rdivacky
|
| |
|
|
|
| |
Submitted by: Marc Balmer <marc@msys.ch>
MFC after: 1 week
|
| |
|
|
|
|
| |
Tested by: Alexander Best <alexbestms at math uni-muenster de>
Approved by: kib (mentor)
MFC after: 3 days
|
| |
|
|
|
| |
Approved by: kib (mentor)
MFC after: 1 month
|
| |
|
|
|
| |
Approved by: kib (mentor)
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Old implemention used Giant to protect the kernel data structures,
but at the same time called malloc(M_WAITOK), that could cause the
calling thread to sleep and lost Giant protection. User-visible
result was the missed wakeup.
New implementation uses one sx lock per futex. The sx protects
the futex structures and allows to sleep while copyin or copyout
are performed.
Unlike linux, we return EINVAL when FUTEX_CMP_REQUEUE operation
is requested and either caller specified futexes are equial or
second futex already exists. This is acceptable since the situation
can only occur from the application error, and glibc falls back to
old FUTEX_WAKE operation when FUTEX_CMP_REQUEUE returns an error.
Approved by: kib (mentor)
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Glibc does not use this operation since 2.3.3 version (Jun 2004),
as it is racy and replaced by FUTEX_CMP_REQUEUE operation.
Glibc versions prior to 2.3.3 fall back to FUTEX_WAKE when
FUTEX_REQUEUE returned EINVAL.
Any application directly using FUTEX_REQUEUE without return
value checking are definitely broken.
Limit quantity of messages per process about unsupported
operation.
Approved by: kib (mentor)
MFC after: 1 month
|
| |
|
|
|
| |
Approved by: kib (mentor)
MFC after: 2 weeks
|
| |
|
|
|
| |
Approved by: kib (mentor)
MFC after: 2 weeks
|
| |
|
|
|
| |
Approved by: kib (mentor)
MFC after: 6 days
|
| |
|
|
|
|
| |
and glibc actually supplies negative offsets. Change l_ulong to l_long.
Submitted by: dchagin
|
| |
|
|
|
|
|
|
| |
user-mode pointers. Change types used in the structures definitions to
properly-sized architecture-specific types.
Submitted by: dchagin
MFC after: 1 week
|
