path: root/src/thread/pthread_cancel.c
AgeCommit message (Collapse)AuthorLines
2018-09-12reduce spurious inclusion of libc.hRich Felker-1/+0
libc.h was intended to be a header for access to global libc state and related interfaces, but ended up included all over the place because it was the way to get the weak_alias macro. most of the inclusions removed here are places where weak_alias was needed. a few were recently introduced for hidden. some go all the way back to when libc.h defined CANCELPT_BEGIN and _END, and all (wrongly implemented) cancellation points had to include it. remaining spurious users are mostly callers of the LOCK/UNLOCK macros and files that use the LFS64 macro to define the awful *64 aliases. in a few places, new inclusion of libc.h is added because several internal headers no longer implicitly include libc.h. declarations for __lockfile and __unlockfile are moved from libc.h to stdio_impl.h so that the latter does not need libc.h. putting them in libc.h made no sense at all, since the macros in stdio_impl.h are needed to use them correctly anyway.
2018-09-05define and use internal macros for hidden visibility, weak refsRich Felker-4/+2
this cleans up what had become widespread direct inline use of "GNU C" style attributes directly in the source, and lowers the barrier to increased use of hidden visibility, which will be useful to recovering some of the efficiency lost when the protected visibility hack was dropped in commit dc2f368e565c37728b0d620380b849c3a1ddd78f, especially on archs where the PLT ABI is costly.
2018-08-29fix async thread cancellation on sh-fdpicRich Felker-0/+3
if __cp_cancel was reached via __syscall_cp, r12 will necessarily still contain a GOT pointer (for or for the static-linked main program) valid for entering __cancel. however, in the case of async cancellation, r12 may contain any scratch value; it's not necessarily even a valid GOT pointer for the code that was interrupted. unlike in commit 0ec49dab6794166d67fae4764ce7fdea42ea6103 where the corresponding issue was fixed for powerpc64, there is fundamentally no way for fdpic code to recompute its GOT pointer. so a new mechanism is introduced for cancel_handler to write a GOT register value into the interrupted context on archs where it is needed.
2018-08-28fix deadlock in async thread self-cancellationRich Felker-1/+5
with async cancellation enabled, pthread_cancel(pthread_self()) deadlocked due to pthread_kill holding killlock which is needed by pthread_exit. this could be solved by making pthread_kill block signals around the critical section, at least when the target thread is itself, but the issue only arises for cancellation, and otherwise would just be imposing unnecessary cost. instead just have pthread_cancel explicitly check for async self-cancellation and call pthread_exit(PTHREAD_CANCELED) directly rather than going through the signal machinery.
2016-02-04avoid using signals when a thread attempts to cancel itselfRich Felker-0/+1
not only is pthread_kill expensive in this case; it also breaks testing under qemu app-level emulation.
2015-11-11eliminate use of SHARED macro to suppress visibility attributesRich Felker-4/+0
this is the first and simplest stage of removal of the SHARED macro, which will eventually allow libc.a and to be produced from the same object files. the original motivation for these #ifdefs which are now being removed was to allow building a static-only libc using a compiler that does not support visibility. however, SHARED was the wrong condition to test for this anyway; various assembly-language sources refer to hidden symbols and declare them with the .hidden directive, making it wrong to define the referenced symbols as non-hidden. if there is a need in the future to build libc using compilers that lack visibility, support could be moved to the build system or perhaps the __PIC__ macro could be checked instead of SHARED.
2015-11-02use explicit __cp_cancel label in cancellable syscall asm for all archsRich Felker-8/+2
previously, only archs that needed to do stack cleanup defined a __cp_cancel label for acting on cancellation in their syscall asm, and a default definition was provided by a weak alias to __cancel, the C function. this resulted in wrong codegen for arm on gcc versions affected by pr 68178 and possibly similar issues (like pr 66609) on other archs, and also created an inconsistency where the __cp_begin and __cp_end labels were treated as const data but __cp_cancel was treated as a function. this in turn caused incorrect code generation on archs where function pointers point to function descriptors rather than code (for now, only sh/fdpic).
2015-11-02properly access mcontext_t program counter in cancellation handlerRich Felker-3/+4
using the actual mcontext_t definition rather than an overlaid pointer array both improves correctness/readability and eliminates some ugly hacks for archs with 64-bit registers bit 32-bit program counter. also fix UB due to comparison of pointers not in a common array object.
2015-04-14cleanup use of visibility attributes in pthread_cancel.cRich Felker-8/+9
applying the attribute to a weak_alias macro was a hack. instead use a separate declaration to apply the visibility, and consolidate declarations together to avoid having visibility mess all over the file.
2015-04-14consistently use hidden visibility for cancellable syscall internalsRich Felker-3/+11
in a few places, non-hidden symbols were referenced from asm in ways that assumed ld-time binding. while these is no semantic reason these symbols need to be hidden, fixing the references without making them hidden was going to be ugly, and hidden reduces some bloat anyway. in the asm files, .global/.hidden directives have been moved to the top to unclutter the actual code.
2015-04-13remove remnants of support for running in no-thread-pointer modeRich Felker-2/+1
since 1.1.0, musl has nominally required a thread pointer to be setup. most of the remaining code that was checking for its availability was doing so for the sake of being usable by the dynamic linker. as of commit 71f099cb7db821c51d8f39dfac622c61e54d794c, this is no longer necessary; the thread pointer is now valid before any libc code (outside of dynamic linker bootstrap functions) runs. this commit essentially concludes "phase 3" of the "transition path for removing lazy init of thread pointer" project that began during the 1.1.0 release cycle.
2015-03-16block all signals (even internal ones) in cancellation signal handlerRich Felker-1/+2
previously the implementation-internal signal used for multithreaded set*id operations was left unblocked during handling of the cancellation signal. however, on some archs, signal contexts are huge (up to 5k) and the possibility of nested signal handlers drastically increases the minimum stack requirement. since the cancellation signal handler will do its job and return in bounded time before possibly passing execution to application code, there is no need to allow other signals to interrupt it.
2015-02-21add new masked cancellation modeRich Felker-9/+15
this is a new extension which is presently intended only for experimental and internal libc use. interface and behavior details may change subject to feedback and experience from using it internally. the basic concept for the new PTHREAD_CANCEL_MASKED state is that the first cancellation point to observe the cancellation request fails with an errno value of ECANCELED rather than acting on cancellation, allowing the caller to process the status and choose whether/how to act upon it.
2015-02-20prepare cancellation syscall asm for possibility of __cancel returningRich Felker-0/+7
2015-02-16make pthread_exit responsible for disabling cancellationRich Felker-3/+0
this requirement is tucked away in XSH 2.9.5 Thread Cancellation under the heading Thread Cancellation Cleanup Handlers.
2015-02-03fix missing memory barrier in cancellation signal handlerRich Felker-0/+1
in practice this was probably a non-issue, because the necessary barrier almost certainly exists in kernel space -- implementing signal delivery without such a barrier seems impossible -- but for the sake of correctness, it should be done here too. in principle, without a barrier, it is possible that the thread to be cancelled does not see the store of its cancellation flag performed by another thread. this affects both the case where the signal arrives before entering the critical program counter range from __cp_begin to __cp_end (in which case both the signal handler and the inline check fail to see the value which was already stored) and the case where the signal arrives during the critical range (in which case the signal handler should be responsible for cancellation, but when it does not see the cancellation flag, it assumes the signal is spurious and refuses to act on it). in the fix, the barrier is placed only in the signal handler, not in the inline check at the beginning of the critical program counter range. if the signal handler runs before the critical range is entered, it will of course take no action, but its barrier will ensure that the inline check subsequently sees the store. if on the other hand the inline check runs first, it may miss seeing the store, but the subsequent signal handler in the critical range will act upon the cancellation request. this strategy avoids adding a memory barrier in the common, non-cancellation code path.
2014-07-06rework cancellation weak alias logic not to depend on archive orderRich Felker-0/+85
if the order of object files in the static archive libc.a was not respected by the linker, the old logic could wrongly cause POSIX symbols outside of the ISO C namespace to be pulled into pure C programs. this should not happen with well-behaved linkers, but relying on the link order was a bad idea anyway. files are renamed to better reflect their contents now that they don't need names to control their order as members in the archive file.
2011-04-17overhaul pthread cancellationRich Felker-7/+0
this patch improves the correctness, simplicity, and size of cancellation-related code. modulo any small errors, it should now be completely conformant, safe, and resource-leak free. the notion of entering and exiting cancellation-point context has been completely eliminated and replaced with alternative syscall assembly code for cancellable syscalls. the assembly is responsible for setting up execution context information (stack pointer and address of the syscall instruction) which the cancellation signal handler can use to determine whether the interrupted code was in a cancellable state. these changes eliminate race conditions in the previous generation of cancellation handling code (whereby a cancellation request received just prior to the syscall would not be processed, leaving the syscall to block, potentially indefinitely), and remedy an issue where non-cancellable syscalls made from signal handlers became cancellable if the signal handler interrupted a cancellation point. x86_64 asm is untested and may need a second try to get it right.
2011-04-01use a_store to set cancel flag in pthread_cancel, to ensure a barrierRich Felker-1/+1
2011-03-29major improvements to cancellation handlingRich Felker-0/+1
- there is no longer any risk of spoofing cancellation requests, since the cancel flag is set in pthread_cancel rather than in the signal handler. - cancellation signal is no longer unblocked when running the cancellation handlers. instead, pthread_create will cause any new threads created from a cancellation handler to unblock their own cancellation signal. - various tweaks in preparation for POSIX timer support.
2011-03-19syscall overhaul part two - unify public and internal syscall interfaceRich Felker-2/+1
with this patch, the syscallN() functions are no longer needed; a variadic syscall() macro allows syscalls with anywhere from 0 to 6 arguments to be made with a single macro name. also, manually casting each non-integer argument with (long) is no longer necessary; the casts are hidden in the macros. some source files which depended on being able to define the old macro SYSCALL_RETURNS_ERRNO have been modified to directly use __syscall() instead of syscall(). references to SYSCALL_SIGSET_SIZE and SYSCALL_LL have also been changed. x86_64 has not been tested, and may need a follow-up commit to fix any minor bugs/oversights.
2011-02-12initial check-in, version 0.5.0v0.5.0Rich Felker-0/+7