librthread: validate timespec inputs with timespecisvalid(3)

ok millert@

Update my email address.

Remove duplicated header.

Rename 1-letter variables to be coherent with others futex(2) based
implementations.

ok pirofti@

New semaphore implementation making sem_post async-safe.

POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].

The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.

Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.

The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.

For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.

[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html

OK visa@, mpi@, guenther@

pthread_join() must not return EINTR
Simplify sem_trywait()

ok pirofti@ mpi@

Validate timespec and return ECANCELED when interrupted with SA_RESTART.

Discussing with mpi@ and guenther@, we decided to first fix the existing
semaphore implementation with regards to SA_RESTART and POSIX compliant
returns in the case where we deal with restartable signals.

Currently we return EINTR everywhere which is mostly incorrect as the
user can not know if she needs to recall the syscall or not. Return
ECANCELED to signal that SA_RESTART was set and EINTR otherwise.

Regression tests pass and so does the posixsuite. Timespec validation
bits are needed to pass the later.

OK mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

Get rid of ticket support, replace "struct _spinlock" with "_atomic_lock_t".

ok tedu@

Remove _USING_TICKETS, it's defined as 0. No functional change.

ok tedu@ mpi@

Use a Thread Information Block in both single and multi-threaded programs.
This stores errno, the cancelation flags, and related bits for each thread
and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable!

Make libpthread dlopen'able by moving the cancelation wrappers into libc
and doing locking and fork/errno handling via callbacks that libpthread
registers when it first initializes. 'errno' *must* be declared via
<errno.h> now!

Clean up libpthread's symbol exports like libc.

On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec.

Testing by various, particularly sthen@ and patrick@
ok kettenis@

Wrap <pthread.h> and <pthread_np.h> to eliminate PLT entries for internal
references. Use _thread_pagesize for the semaphore mmap size instead of
calling getpagesize() each time.

ok beck@

use geteuid to allow root to communicate with others.
report from Jeunder Yu

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther

Fix mmap() flag usage: explicitly specify MAP_PRIVATE and drop useless
MAP_FILE and MAP_HASSEMAPHORE flags.

Discussed with deraadt, tedu, and kettenis

revert to return EPERM for sem_init pshared until it really works
reported by zhuk

Reduce the random name length when sem_init is called with pshared
following what is recommended for mkstemp. This reduces the number of calls
to sched_yield considerably.
tedu@ ok.

Remove unused var and include. Fix errno values as per spec.
NULL semaphore in sem_close(). Minor cosmetic changes.
tedu@ zhuk@ ok

don't use PAGE_SIZE, it is not portable. Ted can polish this after
if he wants, but let us get the tree building.

handle the fourth vararg value to sem_open
ok zhuk and presumably fgsch who just sent me a similar diff

shared semaphore fixes. first, eliminate the sem inside a sem indirection.
it's not needed (mindless holdover from earlier prototype). everything is
simpler and sem_init shared semaphores even work now (confirmed by sthen).
correct the einval checks to not deref a pointer before the null check.
in sem_open, if we created the semaphore, we need to initialize the spinlock.

oops, forgot about unnamed shared sems

zhuk and i have slightly different styles. unify and consistify

interprocess semaphores ala sem_open. mostly following in the pattern
of shm_open. with some additions and fixes from zhuk.

something's not quite right yet. ticket locks result in more CPU usage
and spinning in kernel. partially back out, but in a way that makes going
forward again easy.
seen by ajacoutot

cleanup and consolidate the spinlock_lock (what a name!) code.
it's now atomic_lock to better reflect its usage, and librthread now
features a new spinlock that's really a ticket lock.
thrlseep can handle both types of lock via a flag in the clock arg.
(temp back compat hack)
remove some old stuff that's accumulated along the way and no longer used.
some feedback from dlg, who is concerned with all things ticket lock.
(you need to boot a new kernel before installing librthread)

sem_timedwait() should return ETIMEDOUT instead of EWOULDBLOCK on timeout

Add sem_timewait() and fix sem_wait()'s handling of signals, so
that it resumes waiting unless the thread was canceled. As part
of this, change the internal _sem_wait() function to return zero
on success and an errno value on failure instead of 1 on success
and zero on failure.

_SPINLOCK_UNLOCKED isn't zero everywhere (*cough*hppa*cough*), so
sem_init() can't assume that calloc will leave the embedded spinlock
in the unlocked state

ok miod@ otto@

Reimplement mutexes, condvars, and rwlocks to eliminate bugs,
particularly the "consume the signal you just sent" hang, and putting
the wait queues in userspace.

Do cancellation handling in pthread_cond_*wait(), pthread_join(),
and sem_wait().

Add __ prefix to thr{sleep,wakeup,exit,sigdivert}() syscalls; add
'abort" argument to thrsleep to close cancellation race; make
thr{sleep,wakeup} return errno values via *retval to avoid touching
userspace errno.

Fix $OpenBSD tag

Add some sanity checks, set errno accordingly to POSIX and add the named
semaphore stubs already provided by libpthread. We may move them in their
own file in the future when we figure out a real implementation.

Discussed with and looks ok to guenther@

Split out the semaphore functions.

ok guenther@

Update my email address.

Remove duplicated header.

Rename 1-letter variables to be coherent with others futex(2) based
implementations.

ok pirofti@

New semaphore implementation making sem_post async-safe.

POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].

The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.

Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.

The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.

For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.

[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html

OK visa@, mpi@, guenther@

pthread_join() must not return EINTR
Simplify sem_trywait()

ok pirofti@ mpi@

Validate timespec and return ECANCELED when interrupted with SA_RESTART.

Discussing with mpi@ and guenther@, we decided to first fix the existing
semaphore implementation with regards to SA_RESTART and POSIX compliant
returns in the case where we deal with restartable signals.

Currently we return EINTR everywhere which is mostly incorrect as the
user can not know if she needs to recall the syscall or not. Return
ECANCELED to signal that SA_RESTART was set and EINTR otherwise.

Regression tests pass and so does the posixsuite. Timespec validation
bits are needed to pass the later.

OK mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

Get rid of ticket support, replace "struct _spinlock" with "_atomic_lock_t".

ok tedu@

Remove _USING_TICKETS, it's defined as 0. No functional change.

ok tedu@ mpi@

Use a Thread Information Block in both single and multi-threaded programs.
This stores errno, the cancelation flags, and related bits for each thread
and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable!

Make libpthread dlopen'able by moving the cancelation wrappers into libc
and doing locking and fork/errno handling via callbacks that libpthread
registers when it first initializes. 'errno' *must* be declared via
<errno.h> now!

Clean up libpthread's symbol exports like libc.

On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec.

Testing by various, particularly sthen@ and patrick@
ok kettenis@

Wrap <pthread.h> and <pthread_np.h> to eliminate PLT entries for internal
references. Use _thread_pagesize for the semaphore mmap size instead of
calling getpagesize() each time.

ok beck@

use geteuid to allow root to communicate with others.
report from Jeunder Yu

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther

Fix mmap() flag usage: explicitly specify MAP_PRIVATE and drop useless
MAP_FILE and MAP_HASSEMAPHORE flags.

Discussed with deraadt, tedu, and kettenis

revert to return EPERM for sem_init pshared until it really works
reported by zhuk

Reduce the random name length when sem_init is called with pshared
following what is recommended for mkstemp. This reduces the number of calls
to sched_yield considerably.
tedu@ ok.

Remove unused var and include. Fix errno values as per spec.
NULL semaphore in sem_close(). Minor cosmetic changes.
tedu@ zhuk@ ok

don't use PAGE_SIZE, it is not portable. Ted can polish this after
if he wants, but let us get the tree building.

handle the fourth vararg value to sem_open
ok zhuk and presumably fgsch who just sent me a similar diff

shared semaphore fixes. first, eliminate the sem inside a sem indirection.
it's not needed (mindless holdover from earlier prototype). everything is
simpler and sem_init shared semaphores even work now (confirmed by sthen).
correct the einval checks to not deref a pointer before the null check.
in sem_open, if we created the semaphore, we need to initialize the spinlock.

oops, forgot about unnamed shared sems

zhuk and i have slightly different styles. unify and consistify

interprocess semaphores ala sem_open. mostly following in the pattern
of shm_open. with some additions and fixes from zhuk.

something's not quite right yet. ticket locks result in more CPU usage
and spinning in kernel. partially back out, but in a way that makes going
forward again easy.
seen by ajacoutot

cleanup and consolidate the spinlock_lock (what a name!) code.
it's now atomic_lock to better reflect its usage, and librthread now
features a new spinlock that's really a ticket lock.
thrlseep can handle both types of lock via a flag in the clock arg.
(temp back compat hack)
remove some old stuff that's accumulated along the way and no longer used.
some feedback from dlg, who is concerned with all things ticket lock.
(you need to boot a new kernel before installing librthread)

sem_timedwait() should return ETIMEDOUT instead of EWOULDBLOCK on timeout

Add sem_timewait() and fix sem_wait()'s handling of signals, so
that it resumes waiting unless the thread was canceled. As part
of this, change the internal _sem_wait() function to return zero
on success and an errno value on failure instead of 1 on success
and zero on failure.

_SPINLOCK_UNLOCKED isn't zero everywhere (*cough*hppa*cough*), so
sem_init() can't assume that calloc will leave the embedded spinlock
in the unlocked state

ok miod@ otto@

Reimplement mutexes, condvars, and rwlocks to eliminate bugs,
particularly the "consume the signal you just sent" hang, and putting
the wait queues in userspace.

Do cancellation handling in pthread_cond_*wait(), pthread_join(),
and sem_wait().

Add __ prefix to thr{sleep,wakeup,exit,sigdivert}() syscalls; add
'abort" argument to thrsleep to close cancellation race; make
thr{sleep,wakeup} return errno values via *retval to avoid touching
userspace errno.

Fix $OpenBSD tag

Add some sanity checks, set errno accordingly to POSIX and add the named
semaphore stubs already provided by libpthread. We may move them in their
own file in the future when we figure out a real implementation.

Discussed with and looks ok to guenther@

Split out the semaphore functions.

ok guenther@

Remove duplicated header.

Rename 1-letter variables to be coherent with others futex(2) based
implementations.

ok pirofti@

New semaphore implementation making sem_post async-safe.

POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].

The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.

Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.

The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.

For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.

[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html

OK visa@, mpi@, guenther@

pthread_join() must not return EINTR
Simplify sem_trywait()

ok pirofti@ mpi@

Validate timespec and return ECANCELED when interrupted with SA_RESTART.

Discussing with mpi@ and guenther@, we decided to first fix the existing
semaphore implementation with regards to SA_RESTART and POSIX compliant
returns in the case where we deal with restartable signals.

Currently we return EINTR everywhere which is mostly incorrect as the
user can not know if she needs to recall the syscall or not. Return
ECANCELED to signal that SA_RESTART was set and EINTR otherwise.

Regression tests pass and so does the posixsuite. Timespec validation
bits are needed to pass the later.

OK mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

Get rid of ticket support, replace "struct _spinlock" with "_atomic_lock_t".

ok tedu@

Remove _USING_TICKETS, it's defined as 0. No functional change.

ok tedu@ mpi@

Use a Thread Information Block in both single and multi-threaded programs.
This stores errno, the cancelation flags, and related bits for each thread
and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable!

Make libpthread dlopen'able by moving the cancelation wrappers into libc
and doing locking and fork/errno handling via callbacks that libpthread
registers when it first initializes. 'errno' *must* be declared via
<errno.h> now!

Clean up libpthread's symbol exports like libc.

On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec.

Testing by various, particularly sthen@ and patrick@
ok kettenis@

Wrap <pthread.h> and <pthread_np.h> to eliminate PLT entries for internal
references. Use _thread_pagesize for the semaphore mmap size instead of
calling getpagesize() each time.

ok beck@

use geteuid to allow root to communicate with others.
report from Jeunder Yu

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther

Fix mmap() flag usage: explicitly specify MAP_PRIVATE and drop useless
MAP_FILE and MAP_HASSEMAPHORE flags.

Discussed with deraadt, tedu, and kettenis

revert to return EPERM for sem_init pshared until it really works
reported by zhuk

Reduce the random name length when sem_init is called with pshared
following what is recommended for mkstemp. This reduces the number of calls
to sched_yield considerably.
tedu@ ok.

Remove unused var and include. Fix errno values as per spec.
NULL semaphore in sem_close(). Minor cosmetic changes.
tedu@ zhuk@ ok

don't use PAGE_SIZE, it is not portable. Ted can polish this after
if he wants, but let us get the tree building.

handle the fourth vararg value to sem_open
ok zhuk and presumably fgsch who just sent me a similar diff

shared semaphore fixes. first, eliminate the sem inside a sem indirection.
it's not needed (mindless holdover from earlier prototype). everything is
simpler and sem_init shared semaphores even work now (confirmed by sthen).
correct the einval checks to not deref a pointer before the null check.
in sem_open, if we created the semaphore, we need to initialize the spinlock.

oops, forgot about unnamed shared sems

zhuk and i have slightly different styles. unify and consistify

interprocess semaphores ala sem_open. mostly following in the pattern
of shm_open. with some additions and fixes from zhuk.

something's not quite right yet. ticket locks result in more CPU usage
and spinning in kernel. partially back out, but in a way that makes going
forward again easy.
seen by ajacoutot

cleanup and consolidate the spinlock_lock (what a name!) code.
it's now atomic_lock to better reflect its usage, and librthread now
features a new spinlock that's really a ticket lock.
thrlseep can handle both types of lock via a flag in the clock arg.
(temp back compat hack)
remove some old stuff that's accumulated along the way and no longer used.
some feedback from dlg, who is concerned with all things ticket lock.
(you need to boot a new kernel before installing librthread)

sem_timedwait() should return ETIMEDOUT instead of EWOULDBLOCK on timeout

Add sem_timewait() and fix sem_wait()'s handling of signals, so
that it resumes waiting unless the thread was canceled. As part
of this, change the internal _sem_wait() function to return zero
on success and an errno value on failure instead of 1 on success
and zero on failure.

_SPINLOCK_UNLOCKED isn't zero everywhere (*cough*hppa*cough*), so
sem_init() can't assume that calloc will leave the embedded spinlock
in the unlocked state

ok miod@ otto@

Reimplement mutexes, condvars, and rwlocks to eliminate bugs,
particularly the "consume the signal you just sent" hang, and putting
the wait queues in userspace.

Do cancellation handling in pthread_cond_*wait(), pthread_join(),
and sem_wait().

Add __ prefix to thr{sleep,wakeup,exit,sigdivert}() syscalls; add
'abort" argument to thrsleep to close cancellation race; make
thr{sleep,wakeup} return errno values via *retval to avoid touching
userspace errno.

Fix $OpenBSD tag

Add some sanity checks, set errno accordingly to POSIX and add the named
semaphore stubs already provided by libpthread. We may move them in their
own file in the future when we figure out a real implementation.

Discussed with and looks ok to guenther@

Split out the semaphore functions.

ok guenther@

Rename 1-letter variables to be coherent with others futex(2) based
implementations.

ok pirofti@

New semaphore implementation making sem_post async-safe.

POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].

The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.

Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.

The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.

For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.

[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html

OK visa@, mpi@, guenther@

pthread_join() must not return EINTR
Simplify sem_trywait()

ok pirofti@ mpi@

Validate timespec and return ECANCELED when interrupted with SA_RESTART.

Discussing with mpi@ and guenther@, we decided to first fix the existing
semaphore implementation with regards to SA_RESTART and POSIX compliant
returns in the case where we deal with restartable signals.

Currently we return EINTR everywhere which is mostly incorrect as the
user can not know if she needs to recall the syscall or not. Return
ECANCELED to signal that SA_RESTART was set and EINTR otherwise.

Regression tests pass and so does the posixsuite. Timespec validation
bits are needed to pass the later.

OK mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

Get rid of ticket support, replace "struct _spinlock" with "_atomic_lock_t".

ok tedu@

Remove _USING_TICKETS, it's defined as 0. No functional change.

ok tedu@ mpi@

Use a Thread Information Block in both single and multi-threaded programs.
This stores errno, the cancelation flags, and related bits for each thread
and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable!

Make libpthread dlopen'able by moving the cancelation wrappers into libc
and doing locking and fork/errno handling via callbacks that libpthread
registers when it first initializes. 'errno' *must* be declared via
<errno.h> now!

Clean up libpthread's symbol exports like libc.

On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec.

Testing by various, particularly sthen@ and patrick@
ok kettenis@

Wrap <pthread.h> and <pthread_np.h> to eliminate PLT entries for internal
references. Use _thread_pagesize for the semaphore mmap size instead of
calling getpagesize() each time.

ok beck@

use geteuid to allow root to communicate with others.
report from Jeunder Yu

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther

Fix mmap() flag usage: explicitly specify MAP_PRIVATE and drop useless
MAP_FILE and MAP_HASSEMAPHORE flags.

Discussed with deraadt, tedu, and kettenis

revert to return EPERM for sem_init pshared until it really works
reported by zhuk

Reduce the random name length when sem_init is called with pshared
following what is recommended for mkstemp. This reduces the number of calls
to sched_yield considerably.
tedu@ ok.

Remove unused var and include. Fix errno values as per spec.
NULL semaphore in sem_close(). Minor cosmetic changes.
tedu@ zhuk@ ok

don't use PAGE_SIZE, it is not portable. Ted can polish this after
if he wants, but let us get the tree building.

handle the fourth vararg value to sem_open
ok zhuk and presumably fgsch who just sent me a similar diff

shared semaphore fixes. first, eliminate the sem inside a sem indirection.
it's not needed (mindless holdover from earlier prototype). everything is
simpler and sem_init shared semaphores even work now (confirmed by sthen).
correct the einval checks to not deref a pointer before the null check.
in sem_open, if we created the semaphore, we need to initialize the spinlock.

oops, forgot about unnamed shared sems

zhuk and i have slightly different styles. unify and consistify

interprocess semaphores ala sem_open. mostly following in the pattern
of shm_open. with some additions and fixes from zhuk.

something's not quite right yet. ticket locks result in more CPU usage
and spinning in kernel. partially back out, but in a way that makes going
forward again easy.
seen by ajacoutot

cleanup and consolidate the spinlock_lock (what a name!) code.
it's now atomic_lock to better reflect its usage, and librthread now
features a new spinlock that's really a ticket lock.
thrlseep can handle both types of lock via a flag in the clock arg.
(temp back compat hack)
remove some old stuff that's accumulated along the way and no longer used.
some feedback from dlg, who is concerned with all things ticket lock.
(you need to boot a new kernel before installing librthread)

sem_timedwait() should return ETIMEDOUT instead of EWOULDBLOCK on timeout

Add sem_timewait() and fix sem_wait()'s handling of signals, so
that it resumes waiting unless the thread was canceled. As part
of this, change the internal _sem_wait() function to return zero
on success and an errno value on failure instead of 1 on success
and zero on failure.

_SPINLOCK_UNLOCKED isn't zero everywhere (*cough*hppa*cough*), so
sem_init() can't assume that calloc will leave the embedded spinlock
in the unlocked state

ok miod@ otto@

Reimplement mutexes, condvars, and rwlocks to eliminate bugs,
particularly the "consume the signal you just sent" hang, and putting
the wait queues in userspace.

Do cancellation handling in pthread_cond_*wait(), pthread_join(),
and sem_wait().

Add __ prefix to thr{sleep,wakeup,exit,sigdivert}() syscalls; add
'abort" argument to thrsleep to close cancellation race; make
thr{sleep,wakeup} return errno values via *retval to avoid touching
userspace errno.

Fix $OpenBSD tag

Add some sanity checks, set errno accordingly to POSIX and add the named
semaphore stubs already provided by libpthread. We may move them in their
own file in the future when we figure out a real implementation.

Discussed with and looks ok to guenther@

Split out the semaphore functions.

ok guenther@

New semaphore implementation making sem_post async-safe.

POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].

The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.

Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.

The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.

For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.

[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html

OK visa@, mpi@, guenther@

pthread_join() must not return EINTR
Simplify sem_trywait()

ok pirofti@ mpi@

Validate timespec and return ECANCELED when interrupted with SA_RESTART.

Discussing with mpi@ and guenther@, we decided to first fix the existing
semaphore implementation with regards to SA_RESTART and POSIX compliant
returns in the case where we deal with restartable signals.

Currently we return EINTR everywhere which is mostly incorrect as the
user can not know if she needs to recall the syscall or not. Return
ECANCELED to signal that SA_RESTART was set and EINTR otherwise.

Regression tests pass and so does the posixsuite. Timespec validation
bits are needed to pass the later.

OK mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

Get rid of ticket support, replace "struct _spinlock" with "_atomic_lock_t".

ok tedu@

Remove _USING_TICKETS, it's defined as 0. No functional change.

ok tedu@ mpi@

Use a Thread Information Block in both single and multi-threaded programs.
This stores errno, the cancelation flags, and related bits for each thread
and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable!

Make libpthread dlopen'able by moving the cancelation wrappers into libc
and doing locking and fork/errno handling via callbacks that libpthread
registers when it first initializes. 'errno' *must* be declared via
<errno.h> now!

Clean up libpthread's symbol exports like libc.

On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec.

Testing by various, particularly sthen@ and patrick@
ok kettenis@

Wrap <pthread.h> and <pthread_np.h> to eliminate PLT entries for internal
references. Use _thread_pagesize for the semaphore mmap size instead of
calling getpagesize() each time.

ok beck@

use geteuid to allow root to communicate with others.
report from Jeunder Yu

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther

Fix mmap() flag usage: explicitly specify MAP_PRIVATE and drop useless
MAP_FILE and MAP_HASSEMAPHORE flags.

Discussed with deraadt, tedu, and kettenis

revert to return EPERM for sem_init pshared until it really works
reported by zhuk

Reduce the random name length when sem_init is called with pshared
following what is recommended for mkstemp. This reduces the number of calls
to sched_yield considerably.
tedu@ ok.

Remove unused var and include. Fix errno values as per spec.
NULL semaphore in sem_close(). Minor cosmetic changes.
tedu@ zhuk@ ok

don't use PAGE_SIZE, it is not portable. Ted can polish this after
if he wants, but let us get the tree building.

handle the fourth vararg value to sem_open
ok zhuk and presumably fgsch who just sent me a similar diff

shared semaphore fixes. first, eliminate the sem inside a sem indirection.
it's not needed (mindless holdover from earlier prototype). everything is
simpler and sem_init shared semaphores even work now (confirmed by sthen).
correct the einval checks to not deref a pointer before the null check.
in sem_open, if we created the semaphore, we need to initialize the spinlock.

oops, forgot about unnamed shared sems

zhuk and i have slightly different styles. unify and consistify

interprocess semaphores ala sem_open. mostly following in the pattern
of shm_open. with some additions and fixes from zhuk.

something's not quite right yet. ticket locks result in more CPU usage
and spinning in kernel. partially back out, but in a way that makes going
forward again easy.
seen by ajacoutot

cleanup and consolidate the spinlock_lock (what a name!) code.
it's now atomic_lock to better reflect its usage, and librthread now
features a new spinlock that's really a ticket lock.
thrlseep can handle both types of lock via a flag in the clock arg.
(temp back compat hack)
remove some old stuff that's accumulated along the way and no longer used.
some feedback from dlg, who is concerned with all things ticket lock.
(you need to boot a new kernel before installing librthread)

sem_timedwait() should return ETIMEDOUT instead of EWOULDBLOCK on timeout

Add sem_timewait() and fix sem_wait()'s handling of signals, so
that it resumes waiting unless the thread was canceled. As part
of this, change the internal _sem_wait() function to return zero
on success and an errno value on failure instead of 1 on success
and zero on failure.

_SPINLOCK_UNLOCKED isn't zero everywhere (*cough*hppa*cough*), so
sem_init() can't assume that calloc will leave the embedded spinlock
in the unlocked state

ok miod@ otto@

Reimplement mutexes, condvars, and rwlocks to eliminate bugs,
particularly the "consume the signal you just sent" hang, and putting
the wait queues in userspace.

Do cancellation handling in pthread_cond_*wait(), pthread_join(),
and sem_wait().

Add __ prefix to thr{sleep,wakeup,exit,sigdivert}() syscalls; add
'abort" argument to thrsleep to close cancellation race; make
thr{sleep,wakeup} return errno values via *retval to avoid touching
userspace errno.

Fix $OpenBSD tag

Add some sanity checks, set errno accordingly to POSIX and add the named
semaphore stubs already provided by libpthread. We may move them in their
own file in the future when we figure out a real implementation.

Discussed with and looks ok to guenther@

Split out the semaphore functions.

ok guenther@

pthread_join() must not return EINTR
Simplify sem_trywait()

ok pirofti@ mpi@

Validate timespec and return ECANCELED when interrupted with SA_RESTART.

Discussing with mpi@ and guenther@, we decided to first fix the existing
semaphore implementation with regards to SA_RESTART and POSIX compliant
returns in the case where we deal with restartable signals.

Currently we return EINTR everywhere which is mostly incorrect as the
user can not know if she needs to recall the syscall or not. Return
ECANCELED to signal that SA_RESTART was set and EINTR otherwise.

Regression tests pass and so does the posixsuite. Timespec validation
bits are needed to pass the later.

OK mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

Get rid of ticket support, replace "struct _spinlock" with "_atomic_lock_t".

ok tedu@

Remove _USING_TICKETS, it's defined as 0. No functional change.

ok tedu@ mpi@

Use a Thread Information Block in both single and multi-threaded programs.
This stores errno, the cancelation flags, and related bits for each thread
and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable!

Make libpthread dlopen'able by moving the cancelation wrappers into libc
and doing locking and fork/errno handling via callbacks that libpthread
registers when it first initializes. 'errno' *must* be declared via
<errno.h> now!

Clean up libpthread's symbol exports like libc.

On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec.

Testing by various, particularly sthen@ and patrick@
ok kettenis@

Wrap <pthread.h> and <pthread_np.h> to eliminate PLT entries for internal
references. Use _thread_pagesize for the semaphore mmap size instead of
calling getpagesize() each time.

ok beck@

use geteuid to allow root to communicate with others.
report from Jeunder Yu

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther

Fix mmap() flag usage: explicitly specify MAP_PRIVATE and drop useless
MAP_FILE and MAP_HASSEMAPHORE flags.

Discussed with deraadt, tedu, and kettenis

revert to return EPERM for sem_init pshared until it really works
reported by zhuk

Reduce the random name length when sem_init is called with pshared
following what is recommended for mkstemp. This reduces the number of calls
to sched_yield considerably.
tedu@ ok.

Remove unused var and include. Fix errno values as per spec.
NULL semaphore in sem_close(). Minor cosmetic changes.
tedu@ zhuk@ ok

don't use PAGE_SIZE, it is not portable. Ted can polish this after
if he wants, but let us get the tree building.

handle the fourth vararg value to sem_open
ok zhuk and presumably fgsch who just sent me a similar diff

shared semaphore fixes. first, eliminate the sem inside a sem indirection.
it's not needed (mindless holdover from earlier prototype). everything is
simpler and sem_init shared semaphores even work now (confirmed by sthen).
correct the einval checks to not deref a pointer before the null check.
in sem_open, if we created the semaphore, we need to initialize the spinlock.

oops, forgot about unnamed shared sems

zhuk and i have slightly different styles. unify and consistify

interprocess semaphores ala sem_open. mostly following in the pattern
of shm_open. with some additions and fixes from zhuk.

something's not quite right yet. ticket locks result in more CPU usage
and spinning in kernel. partially back out, but in a way that makes going
forward again easy.
seen by ajacoutot

cleanup and consolidate the spinlock_lock (what a name!) code.
it's now atomic_lock to better reflect its usage, and librthread now
features a new spinlock that's really a ticket lock.
thrlseep can handle both types of lock via a flag in the clock arg.
(temp back compat hack)
remove some old stuff that's accumulated along the way and no longer used.
some feedback from dlg, who is concerned with all things ticket lock.
(you need to boot a new kernel before installing librthread)

sem_timedwait() should return ETIMEDOUT instead of EWOULDBLOCK on timeout

Add sem_timewait() and fix sem_wait()'s handling of signals, so
that it resumes waiting unless the thread was canceled. As part
of this, change the internal _sem_wait() function to return zero
on success and an errno value on failure instead of 1 on success
and zero on failure.

_SPINLOCK_UNLOCKED isn't zero everywhere (*cough*hppa*cough*), so
sem_init() can't assume that calloc will leave the embedded spinlock
in the unlocked state

ok miod@ otto@

Reimplement mutexes, condvars, and rwlocks to eliminate bugs,
particularly the "consume the signal you just sent" hang, and putting
the wait queues in userspace.

Do cancellation handling in pthread_cond_*wait(), pthread_join(),
and sem_wait().

Add __ prefix to thr{sleep,wakeup,exit,sigdivert}() syscalls; add
'abort" argument to thrsleep to close cancellation race; make
thr{sleep,wakeup} return errno values via *retval to avoid touching
userspace errno.

Fix $OpenBSD tag

Add some sanity checks, set errno accordingly to POSIX and add the named
semaphore stubs already provided by libpthread. We may move them in their
own file in the future when we figure out a real implementation.

Discussed with and looks ok to guenther@

Split out the semaphore functions.

ok guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

Get rid of ticket support, replace "struct _spinlock" with "_atomic_lock_t".

ok tedu@

Remove _USING_TICKETS, it's defined as 0. No functional change.

ok tedu@ mpi@

Use a Thread Information Block in both single and multi-threaded programs.
This stores errno, the cancelation flags, and related bits for each thread
and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable!

Make libpthread dlopen'able by moving the cancelation wrappers into libc
and doing locking and fork/errno handling via callbacks that libpthread
registers when it first initializes. 'errno' *must* be declared via
<errno.h> now!

Clean up libpthread's symbol exports like libc.

On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec.

Testing by various, particularly sthen@ and patrick@
ok kettenis@

Wrap <pthread.h> and <pthread_np.h> to eliminate PLT entries for internal
references. Use _thread_pagesize for the semaphore mmap size instead of
calling getpagesize() each time.

ok beck@

use geteuid to allow root to communicate with others.
report from Jeunder Yu

Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther

Fix mmap() flag usage: explicitly specify MAP_PRIVATE and drop useless
MAP_FILE and MAP_HASSEMAPHORE flags.

Discussed with deraadt, tedu, and kettenis

revert to return EPERM for sem_init pshared until it really works
reported by zhuk

Reduce the random name length when sem_init is called with pshared
following what is recommended for mkstemp. This reduces the number of calls
to sched_yield considerably.
tedu@ ok.

Remove unused var and include. Fix errno values as per spec.
NULL semaphore in sem_close(). Minor cosmetic changes.
tedu@ zhuk@ ok

don't use PAGE_SIZE, it is not portable. Ted can polish this after
if he wants, but let us get the tree building.

handle the fourth vararg value to sem_open
ok zhuk and presumably fgsch who just sent me a similar diff

shared semaphore fixes. first, eliminate the sem inside a sem indirection.
it's not needed (mindless holdover from earlier prototype). everything is
simpler and sem_init shared semaphores even work now (confirmed by sthen).
correct the einval checks to not deref a pointer before the null check.
in sem_open, if we created the semaphore, we need to initialize the spinlock.

oops, forgot about unnamed shared sems

zhuk and i have slightly different styles. unify and consistify

interprocess semaphores ala sem_open. mostly following in the pattern
of shm_open. with some additions and fixes from zhuk.

something's not quite right yet. ticket locks result in more CPU usage
and spinning in kernel. partially back out, but in a way that makes going
forward again easy.
seen by ajacoutot

cleanup and consolidate the spinlock_lock (what a name!) code.
it's now atomic_lock to better reflect its usage, and librthread now
features a new spinlock that's really a ticket lock.
thrlseep can handle both types of lock via a flag in the clock arg.
(temp back compat hack)
remove some old stuff that's accumulated along the way and no longer used.
some feedback from dlg, who is concerned with all things ticket lock.
(you need to boot a new kernel before installing librthread)

sem_timedwait() should return ETIMEDOUT instead of EWOULDBLOCK on timeout

Add sem_timewait() and fix sem_wait()'s handling of signals, so
that it resumes waiting unless the thread was canceled. As part
of this, change the internal _sem_wait() function to return zero
on success and an errno value on failure instead of 1 on success
and zero on failure.

_SPINLOCK_UNLOCKED isn't zero everywhere (*cough*hppa*cough*), so
sem_init() can't assume that calloc will leave the embedded spinlock
in the unlocked state

ok miod@ otto@

Reimplement mutexes, condvars, and rwlocks to eliminate bugs,
particularly the "consume the signal you just sent" hang, and putting
the wait queues in userspace.

Do cancellation handling in pthread_cond_*wait(), pthread_join(),
and sem_wait().

Add __ prefix to thr{sleep,wakeup,exit,sigdivert}() syscalls; add
'abort" argument to thrsleep to close cancellation race; make
thr{sleep,wakeup} return errno values via *retval to avoid touching
userspace errno.

Fix $OpenBSD tag

Add some sanity checks, set errno accordingly to POSIX and add the named
semaphore stubs already provided by libpthread. We may move them in their
own file in the future when we figure out a real implementation.

Discussed with and looks ok to guenther@

Split out the semaphore functions.

ok guenther@