Home | History | Annotate | Download | only in gen
History log of /src/lib/libc/gen/pthread_atfork.c
RevisionDateAuthorComments
 1.28  06-May-2025  riastradh libc: Sprinkle #ifdef _REENTRANT around thr_sigsetmask.

Workaround -- temporary, I hope -- for:

PR lib/59401: libc: thr_sigsetmask definition is incoherent
 1.27  09-Apr-2025  kre Redo pthread_atfork to avoid malloc()

Allow as many calls to pthread_atfork() as are needed, without
ever doing a single malloc() so it can be called as much as
needed in constructors, etc.

This is the implementation mooted some weeks ago - there
were some alternative suggestions for a different solution,
but none of them have eventuated, so until something else
happens, this will do.

I have been running with this for a while now, no issues
observed, though I am not much of a user of threaded
applications, or anything that really needs constructors.

Feel free to revert (or fix) this if something breaks.
 1.26  04-Mar-2025  christos Explain the situation better and allocate 16 instead of 3 for now to cover
the known cases (from kre@). Still needs to be fixed properly.
 1.25  04-Mar-2025  riastradh Revert __libc_atfork addition.

This reverts the following revisions:

lib/libc/gen/arc4random.c 1.40-41 (but not 1.42 which is independent)
lib/libc/gen/pthread_atfork.c 1.24
lib/libc/include/atfork.h 1.1

This additionally updates the comments in arc4random.c to reflect the
current state.

Requested by kre:
https://mail-index.netbsd.org/source-changes-d/2025/03/03/msg014388.html

Since the new symbol __libc_atfork has not been used outside libc,
this poses no ABI compatibility issues.
 1.24  02-Mar-2025  riastradh libc: New __libc_atfork.

This uses caller-provided storage for the callback queues.

Use it in arc4random(3) in order to avoid possible failure modes.

This is a private symbol, not designed for use outside NetBSD, and
the API is not intended to be stable (yet) -- I just took the
existing purely internal structure (struct atfork_callback) and
reused it for this API without changing any of the calling-side
logic. We could change it, e.g. to use a single structure per call,
to make the API a little less unwieldy, at the cost of
microscopically more storage and runtime for the users that don't use
all three callbacks; to be considered in a future change.

We might reasonably use __libc_atfork in libpthread for use in the
pthread_tsd_init constructor, in order to be confident it never
attempts malloc(3), but let's do that in a separate commit just in
case anything goes awry with that plan.

PR lib/59112: libpthread constructors use malloc
PR lib/59117: arc4random has some failure modes it shouldn't
 1.23  01-Mar-2025  christos simplify af_free() (from kre@)
 1.22  01-Mar-2025  christos keep a cache of 3 entries so that we don't have to call malloc(3) from
libpthread which can't call malloc from a constructor.
 1.21  01-Mar-2025  christos Revert for now. There has been a report that arc4random breaks with it,
and the tests for arc4random set RLIMIT_AS to 0 so that mmap fails.
 1.20  28-Feb-2025  kre Specify MAP_ANON, the default (MAP_FILE) with a fd == -1 makes no sense.
 1.19  28-Feb-2025  christos PR/59112: Martin Husemann: switch to using mmap instead of malloc
 1.18  20-Jan-2024  christos Catch up with all the lint warnings since exit on warning was disabled.
Disable 'missing header declaration' and 'nested extern' warnings for now.
 1.17  13-Sep-2022  riastradh pthread_atfork(3): Block signals during the call to pthread_atfork.

This doesn't affect the calls to the atfork handlers -- it only
protects access to the lists of handlers from interruption by a
signal, in case the signal handler calls fork(2).
 1.16  31-May-2022  andvar fix various typos in comments, documentation and messages.
 1.15  15-May-2020  joerg Hook up proper fork lock handling for malloc:
- lock all relevant mutexes just before fork
- unlock all mutexes just after fork in the parent
- full reinit non-spinlocks in the child
This is not using the normal pthread_atfork interface to ensure order of
operation, malloc is used as implementation detail too often.
 1.14  19-Apr-2020  joerg Rename __atomic_fork to __locked_fork and give it &errno as argument.
rtld and libc use different storage, so the initial version would
incorrectly report the failure reason for fork().

There is still a small race condition inside ld.elf_so as it doesn't use
thread-safe errno internally, but that's a more contained internal
issue.
 1.13  16-Apr-2020  joerg Introduce intermediate locking for fork, so that the dynamic linker is
in a consistent state. This most importantly avoids races between dlopen
and friends and fork, potentially resulting in dead locks in the child
when it itself tries to acquire locks.
 1.12  01-Feb-2020  kamil Revert previous

'git grep' breaks now.
 1.11  01-Feb-2020  kamil Switch atform allocations from malloc()+free() to mmap()+munmap()

This avoid bootstrapping malloc too early when libc+libpthread are not
ready. It is called through pthread__init() -> _pthread_atfork().

This also helps LLVM Leak Sanitizer to pacify false positive reports.
 1.10  20-Jan-2015  christos branches: 1.10.16; 1.10.18;
Fix non _REENTRANT build.
 1.9  20-Mar-2012  matt Use C89 definitions.
Remove use of __P
 1.8  28-Apr-2008  martin branches: 1.8.4; 1.8.8;
Remove clause 3 and 4 from TNF licenses
 1.7  07-Mar-2008  ad branches: 1.7.2;
Keep one builtin slot so that pthread initialization doesn't need to use
malloc().
 1.6  14-Dec-2007  yamt branches: 1.6.2;
fix indentation.
 1.5  13-Sep-2005  christos branches: 1.5.10;
compat core reorg.
 1.4  01-Jun-2005  lukem Ensure that we don't try to free random memory when another malloc fails,
by initializing newprepare, newparent, and newchild to NULL.
Detected by gcc -Wuninitialized.
 1.3  21-Oct-2004  lukem branches: 1.3.2;
minor KNF, making it easier to find where fork() is implemented
 1.2  07-Apr-2003  nathanw Oops, make the atfork queues static so they don't pollute the
namespace.
 1.1  13-Feb-2003  nathanw Implement pthread_atfork() (in libc, because the required threadlib
stub behavior is exactly the same as the usual behavior).
 1.3.2.1  11-Jun-2005  tron Pull up revision 1.4 (requested by lukem in ticket #394):
Ensure that we don't try to free random memory when another malloc fails,
by initializing newprepare, newparent, and newchild to NULL.
Detected by gcc -Wuninitialized.
 1.5.10.2  23-Mar-2008  matt sync with HEAD
 1.5.10.1  09-Jan-2008  matt sync with HEAD
 1.6.2.1  24-Mar-2008  keiichi sync with head.
 1.7.2.1  18-May-2008  yamt sync with head.
 1.8.8.2  28-Apr-2008  martin Remove clause 3 and 4 from TNF licenses
 1.8.8.1  28-Apr-2008  martin file pthread_atfork.c was added on branch christos-time_t on 2008-04-28 20:23:00 +0000
 1.8.4.1  17-Apr-2012  yamt sync with head
 1.10.18.1  13-May-2020  martin Pull up following revision(s) (requested by chs in ticket #907):

libexec/ld.elf_so/rtld.c: revision 1.205
libexec/ld.elf_so/rtld.h: revision 1.140
libexec/ld.elf_so/symbols.map: revision 1.3
libexec/ld.elf_so/symbols.map: revision 1.4
lib/libc/gen/pthread_atfork.c: revision 1.13
lib/libc/gen/pthread_atfork.c: revision 1.14
libexec/ld.elf_so/rtld.h: revision 1.139
libexec/ld.elf_so/rtld.c: revision 1.204

Introduce intermediate locking for fork, so that the dynamic linker is
in a consistent state. This most importantly avoids races between dlopen
and friends and fork, potentially resulting in dead locks in the child
when it itself tries to acquire locks.

Rename __atomic_fork to __locked_fork and give it &errno as argument.
rtld and libc use different storage, so the initial version would
incorrectly report the failure reason for fork().

There is still a small race condition inside ld.elf_so as it doesn't use
thread-safe errno internally, but that's a more contained internal
issue.
 1.10.16.1  21-Apr-2020  martin Sync with HEAD

RSS XML Feed