This adds system call wrappers for pkey_alloc, pkey_free, pkey_mprotect,
and x86-64 implementations of pkey_get and pkey_set, which abstract over
the PKRU CPU register and hide the actual number of memory protection
keys supported by the CPU. pkey_mprotect with a -1 key is implemented
using mprotect, so it will work even if the kernel does not support the
pkey_mprotect system call.
The system call wrapers use unsigned int instead of unsigned long for
parameters, so that no special treatment for x32 is needed. The flags
argument is currently unused, and the access rights bit mask is limited
to two bits by the current PKRU register layout anyway.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
The requirement to write "deny" to /proc/<pid>/setgroups for a given user
namespace before being able to write a gid mapping was introduced in Linux
3.19. Before that this requirement including the file did not exist.
So don't fail when errno == ENOENT.
System defaults vary, and a mere unshare (CLONE_NEWNS) (which is part of
support_become_root) is no longer sufficient.
Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com>
create_temp_file automatically supplies the test directory and the
XXXXXX suffix. support_create_temp_directory required the caller to
specify them, which was confusing.
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Without UID/GID maps, file creation will file with EOVERFLOW.
This patch is based on DJ Delorie's work on container testing.
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
server_thread_udp_process_one already takes care of calling sendto()
instead of xsendto to be able to ignore the case where the client has
closed the socket. Depending on the TCP/IP stack behavior, this error
could be notified later through recvfrom(), so we need to ignore it
there too.
* support/resolv_test.c (server_thread_udp_process_one): Call recvfrom
instead of xrecvfrom, and ignore ECONNREFUSED errors.
Without this fix, the rwlock can fail to execute the explicit hand-over
in certain cases (e.g., empty critical sections that switch quickly between
read and write phases). This can then lead to errors in how __wrphase_futex
is accessed, which in turn can lead to deadlocks.
This patch adds an option to test to add small command line option
through CMDLINE_OPTSTRING define. For instance:
#define CMDLINE_OPTSTRING "vd"
static void
cmdline_process_function (int c)
{
switch (c):
'v':
/* process '-v' option. */
break;
'd':
/* process '-d' option. */
break;
}
#define CMDLINE_PROCESS cmdline_process_function
It will add both '-v' and '-d' along with already default long options.
* support/support_test_main.c (support_test_main): Use optstring
member for option string in getopt_long.
* support/test-driver.c: Add comment about CMDLINE_OPTSTRING.
(CMDLINE_OPTSTRING): New define.
* support/test-driver.h (test_config): Add optstring member.
Current allocate_stack logic for create stacks is to first mmap all
the required memory with the desirable memory and then mprotect the
guard area with PROT_NONE if required. Although it works as expected,
it pessimizes the allocation because it requires the kernel to actually
increase commit charge (it counts against the available physical/swap
memory available for the system).
The only issue is to actually check this change since side-effects are
really Linux specific and to actually account them it would require a
kernel specific tests to parse the system wide information. On the kernel
I checked /proc/self/statm does not show any meaningful difference for
vmm and/or rss before and after thread creation. I could only see
really meaningful information checking on system wide /proc/meminfo
between thread creation: MemFree, MemAvailable, and Committed_AS shows
large difference without the patch. I think trying to use these
kind of information on a testcase is fragile.
The BZ#18988 reports shows that the commit pages are easily seen with
mlockall (MCL_FUTURE) (with lock all pages that become mapped in the
process) however a more straighfoward testcase shows that pthread_create
could be faster using this patch:
--
static const int inner_count = 256;
static const int outer_count = 128;
static
void *thread1(void *arg)
{
return NULL;
}
static
void *sleeper(void *arg)
{
pthread_t ts[inner_count];
for (int i = 0; i < inner_count; i++)
pthread_create (&ts[i], &a, thread1, NULL);
for (int i = 0; i < inner_count; i++)
pthread_join (ts[i], NULL);
return NULL;
}
int main(void)
{
pthread_attr_init(&a);
pthread_attr_setguardsize(&a, 1<<20);
pthread_attr_setstacksize(&a, 1134592);
pthread_t ts[outer_count];
for (int i = 0; i < outer_count; i++)
pthread_create(&ts[i], &a, sleeper, NULL);
for (int i = 0; i < outer_count; i++)
pthread_join(ts[i], NULL);
assert(r == 0);
}
return 0;
}
--
On x86_64 (4.4.0-45-generic, gcc 5.4.0) running the small benchtests
I see:
$ time ./test
real 0m3.647s
user 0m0.080s
sys 0m11.836s
While with the patch I see:
$ time ./test
real 0m0.696s
user 0m0.040s
sys 0m1.152s
So I added a pthread_create benchtest (thread_create) which check
the thread creation latency. As for the simple benchtests, I saw
improvements in thread creation on all architectures I tested the
change.
Checked on x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu,
arm-linux-gnueabihf, powerpc64le-linux-gnu, sparc64-linux-gnu,
and sparcv9-linux-gnu.
[BZ #18988]
* benchtests/thread_create-inputs: New file.
* benchtests/thread_create-source.c: Likewise.
* support/xpthread_attr_setguardsize.c: Likewise.
* support/Makefile (libsupport-routines): Add
xpthread_attr_setguardsize object.
* support/xthread.h: Add xpthread_attr_setguardsize prototype.
* benchtests/Makefile (bench-pthread): Add thread_create.
* nptl/allocatestack.c (allocate_stack): Call mmap with PROT_NONE and
then mprotect the required area.
Previously, the implementation would conditionally exit based on the
status argument, which GCC did not know about. This leads to
false uninitialized variable warnings when data is accessed after a
TEST_VERIFY_EXIT failure (from code which would never execute).
This is intended as a type-safe alternative to obstacks and
hand-written realloc constructs. The implementation avoids
writing function pointers to the heap.
The address family splitting via format_ai_family made unpredictable
the place where the canonname field was printed. This commit adjusts
the implementation so that the ai_flags is checked for consistency
across the list, and ai_canonname must only be present on the first
list element.
Tests for AI_CANONNAME are added to resolv/tst-resolv-basic.
Otherwise, another user might recreate these files after the first
deletion. Particularly with temporary directories, this could result
in the removal of unintended files through symbol link attacks.
This is required to remove temporary directories which contain
temporary files. Previously, FIFO order meant that directory
removal was attempted when the directory still contained files,
which meant that temporary directory cleanup was essentially
unsupported.
sys/socket.h includes sys/uio.h to get the definition of the iovec
structure.
POSIX allows sys/socket.h to make all sys/uio.h symbols visible.
However, all of sys/uio.h is XSI-shaded, so for non-XSI POSIX this
results in conformtest failures (for sys/socket.h and other headers
that include it):
Namespace violation: "UIO_MAXIOV"
Namespace violation: "readv"
Namespace violation: "writev"
Now, there is some ambiguity in POSIX about what namespace
reservations apply in this case - see
http://austingroupbugs.net/view.php?id=1127 - but glibc convention
would still avoid declaring readv and writev, for example, for feature
test macros that don't include them (if only headers from the relevant
standard are included), even if such declarations are permitted, so
there is a bug here according to glibc conventions.
This patch moves the struct iovec definition to a new
bits/types/struct_iovec.h header and includes that from sys/socket.h
instead of including the whole of sys/uio.h. This fixes the namespace
issue; however, three files in glibc that were relying on the implicit
inclusion needed to be updated to include sys/uio.h explicitly. So
there is a question of whether sys/socket.h should continue to include
sys/uio.h under some conditions, such as __USE_XOPEN or __USE_MISC or
__USE_XOPEN || __USE_MISC, for greater compatibility with code that
(wrongly) expects this optional inclusion to be present there. (I
think the three affected files in glibc should still have explicit
sys/uio.h inclusions added in any case, however.)
Tested for x86_64.
[BZ #21426]
* misc/bits/types/struct_iovec.h: New file.
* misc/Makefile (headers): Add bits/types/struct_iovec.h.
* include/bits/types/struct_iovec.h: New file.
* bits/uio.h (struct iovec): Replace by inclusion of
<bits/types/struct_iovec.h>.
* sysdeps/unix/sysv/linux/bits/uio.h (struct iovec): Likewise.
* socket/sys/socket.h: Include <bits/types/struct_iovec.h> instead
of <sys/uio.h>.
* nptl/tst-cancel4.c: Include <sys/uio.h>
* posix/test-errno.c: Likewise.
* support/resolv_test.c: Likewise.
* conform/Makefile (test-xfail-POSIX2008/arpa/inet.h/conform):
Remove.
(test-xfail-POSIX2008/netdb.h/conform): Likewise.
(test-xfail-POSIX2008/netinet/in.h/conform): Likewise.
(test-xfail-POSIX2008/sys/socket.h/conform): Likewise.
Simplify the Linux accept4 implementation based on the assumption
that it is available in some way. __ASSUME_ACCEPT4_SOCKETCALL was
previously unused, so remove it.
For ia64, the accept4 system call (and socket call) were backported
in kernel version 3.2.18. Reflect this in the installation
instructions.
* stdio-common/bug25.c: Include stdlib.h.
* support/tst-support_format_dns_packet.c: Include stdio.h,
stdlib.h, and string.h.
* support/tst-support_record_failure.c: Include string.h.
* support/tst-support_record_failure-2.sh: Adjust line number
expectations and correct a typo in an error message.
Before this change, the loop iterating over RRs in the answer
section stopped at the first CNAME record, never printing them.
The CNAME and PTR record contents was extracted from the wrong
buffer (whole packet instead RDATA). This desynced the parsing
after the first CNAME or PTR record.
Also fix the AAAA record parsing by checking their sizes.
The commit documents the ownership rules around 'struct pthread' and
when a thread can read or write to the descriptor. With those ownership
rules in place it becomes obvious that pd->stopped_start should not be
touched in several of the paths during thread startup, particularly so
for detached threads. In the case of detached threads, between the time
the thread is created by the OS kernel and the creating thread checks
pd->stopped_start, the detached thread might have already exited and the
memory for pd unmapped. As a regression test we add a simple test which
exercises this exact case by quickly creating detached threads with
large enough stacks to ensure the thread stack cache is bypassed and the
stacks are unmapped. Before the fix the testcase segfaults, after the
fix it works correctly and completes without issue.
For a detailed discussion see:
https://www.sourceware.org/ml/libc-alpha/2017-01/msg00505.html
This causes more test programs to link in the support_record_failure
function, which triggers an early call to mmap from an ELF
constructor, but this should not have side effects intefering
with the functionality actually under test (unlike, say, a call
to malloc).
The support/tst-support_record_failure-2.out test attempts to run
built code even if run-built-tests = no, so failing with
build-many-glibcs.py for all architectures whose code cannot be run on
the system running the script. This patch disables the test in that
case.
Tested for x86_64 (native), and for aarch64 with build-many-glibcs.py.
* support/Makefile (tests-special): Make definition conditional on
[$(run-built-tests) = yes].
($(objpfx)tst-support_record_failure-2.out): Make rule conditional
on [$(run-built-tests) = yes].
This patch adds a simple SYSV message queue test to check for correct
argument passing on kernel. The idea is neither to be an extensive
testing nor to check for any specific Linux test.
* sysvipc/Makefile (tests): Add test-sysvmsg.
* sysvipc/test-sysvmsg.c: New file.
* test-skeleton.c (FAIL_UNSUPPORTED): New define.
The new functions support_record_failure records a test failure,
but does not terminate the process. The macros TEST_VERIFY
and TEST_VERIFY_EXIT check that a condition is true.
The new test driver in <support/test-driver.c> has feature parity with
the old one. The main difference is that its hooking mechanism is
based on functions and function pointers instead of macros. This
commit also implements a new environment variable, TEST_COREDUMPS,
which disables the code which disables coredumps (that is, it enables
them if the invocation environment has not disabled them).
<test-skeleton.c> defines wrapper functions so that it is possible to
use existing macros with the new-style hook functionality.
This commit changes only a few test cases to the new test driver, to
make sure that it works as expected.