libc, librthread: _twait: subtraction is not comparison

Compare the current time with the absolute timeout before computing
the relative timeout to avoid arithmetic overflow. Fixes a bug where
large negative absolute timeouts are subtracted into large positive
relative timeouts and incorrectly cause the caller to block.

While here, use timespeccmp(3) and timespecsub(3) to simplify the
code.

Thread: https://marc.info/?l=openbsd-tech&m=169945962503129&w=2

libc, librthread: _twait: fully validate absolute timeout

Use timespecisvalid(3) to check both bounds for tv_nsec.

Link: https://marc.info/?l=openbsd-tech&m=169913314230496&w=2

ok miod@

Save and restore errno around FUTEX_WAIT futex(2) operations. While there
remove the unused _wait() function in librthread such that we don't have to
add the save/restore sequence there.

Fixed building Python as a race with another thread unlocking a futex(2)
would make futex(2) set errno to EAGAIN which would confuse Python in
beleiving that readdir(2) failed instead of reaching the end of the
directory.

Spotted and tested by tb@
ok bluhm@

The implementation of the FUTEX_WAIT option in futex(2) is subtly broken.
Unfortunately libc and libpthread rely on the broken behaviour. Adjust
the code in those libraries such that it works with both the old and the
proposed new behaviour. The kernel changes that fix the issue will be
committed in a week or so to give those who do their own builds a chance
to update these libraries before we make the change.

ok mpi@, deraadt@

Backout previous synch.h commit (r1.5, "Use process-private futexes to avoid
the uvm_map lookup overhead"). This causes hangs with Python, seen easily
by trying to build ports/graphics/py-Pillow.

Use process-private futexes to avoid the uvm_map lookup overhead.

While here kill unused _wait() function.

ok visa@

New semaphore implementation making sem_post async-safe.

POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].

The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.

Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.

The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.

For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.

[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html

OK visa@, mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

SPINLOCK_SPIN_HOOK is no more, define our own set of macros.

Prodded by kettenis@ and tedu@

New mutex and condvar implementations based on futex(2).

Not enabled yet, it needs some SPINLOCK_SPIN_HOOK love and
some bumps.

Tested by many including sthen@ in a bulk.

ok visa@, sthen@, kettenis@, tedu@

libc, librthread: _twait: fully validate absolute timeout

Use timespecisvalid(3) to check both bounds for tv_nsec.

Link: https://marc.info/?l=openbsd-tech&m=169913314230496&w=2

ok miod@

Save and restore errno around FUTEX_WAIT futex(2) operations. While there
remove the unused _wait() function in librthread such that we don't have to
add the save/restore sequence there.

Fixed building Python as a race with another thread unlocking a futex(2)
would make futex(2) set errno to EAGAIN which would confuse Python in
beleiving that readdir(2) failed instead of reaching the end of the
directory.

Spotted and tested by tb@
ok bluhm@

The implementation of the FUTEX_WAIT option in futex(2) is subtly broken.
Unfortunately libc and libpthread rely on the broken behaviour. Adjust
the code in those libraries such that it works with both the old and the
proposed new behaviour. The kernel changes that fix the issue will be
committed in a week or so to give those who do their own builds a chance
to update these libraries before we make the change.

ok mpi@, deraadt@

Backout previous synch.h commit (r1.5, "Use process-private futexes to avoid
the uvm_map lookup overhead"). This causes hangs with Python, seen easily
by trying to build ports/graphics/py-Pillow.

Use process-private futexes to avoid the uvm_map lookup overhead.

While here kill unused _wait() function.

ok visa@

New semaphore implementation making sem_post async-safe.

POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].

The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.

Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.

The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.

For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.

[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html

OK visa@, mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

SPINLOCK_SPIN_HOOK is no more, define our own set of macros.

Prodded by kettenis@ and tedu@

New mutex and condvar implementations based on futex(2).

Not enabled yet, it needs some SPINLOCK_SPIN_HOOK love and
some bumps.

Tested by many including sthen@ in a bulk.

ok visa@, sthen@, kettenis@, tedu@

Save and restore errno around FUTEX_WAIT futex(2) operations. While there
remove the unused _wait() function in librthread such that we don't have to
add the save/restore sequence there.

Fixed building Python as a race with another thread unlocking a futex(2)
would make futex(2) set errno to EAGAIN which would confuse Python in
beleiving that readdir(2) failed instead of reaching the end of the
directory.

Spotted and tested by tb@
ok bluhm@

The implementation of the FUTEX_WAIT option in futex(2) is subtly broken.
Unfortunately libc and libpthread rely on the broken behaviour. Adjust
the code in those libraries such that it works with both the old and the
proposed new behaviour. The kernel changes that fix the issue will be
committed in a week or so to give those who do their own builds a chance
to update these libraries before we make the change.

ok mpi@, deraadt@

Backout previous synch.h commit (r1.5, "Use process-private futexes to avoid
the uvm_map lookup overhead"). This causes hangs with Python, seen easily
by trying to build ports/graphics/py-Pillow.

Use process-private futexes to avoid the uvm_map lookup overhead.

While here kill unused _wait() function.

ok visa@

New semaphore implementation making sem_post async-safe.

POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].

The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.

Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.

The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.

For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.

[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html

OK visa@, mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

SPINLOCK_SPIN_HOOK is no more, define our own set of macros.

Prodded by kettenis@ and tedu@

New mutex and condvar implementations based on futex(2).

Not enabled yet, it needs some SPINLOCK_SPIN_HOOK love and
some bumps.

Tested by many including sthen@ in a bulk.

ok visa@, sthen@, kettenis@, tedu@

The implementation of the FUTEX_WAIT option in futex(2) is subtly broken.
Unfortunately libc and libpthread rely on the broken behaviour. Adjust
the code in those libraries such that it works with both the old and the
proposed new behaviour. The kernel changes that fix the issue will be
committed in a week or so to give those who do their own builds a chance
to update these libraries before we make the change.

ok mpi@, deraadt@

Backout previous synch.h commit (r1.5, "Use process-private futexes to avoid
the uvm_map lookup overhead"). This causes hangs with Python, seen easily
by trying to build ports/graphics/py-Pillow.

Use process-private futexes to avoid the uvm_map lookup overhead.

While here kill unused _wait() function.

ok visa@

New semaphore implementation making sem_post async-safe.

POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].

The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.

Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.

The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.

For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.

[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html

OK visa@, mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

SPINLOCK_SPIN_HOOK is no more, define our own set of macros.

Prodded by kettenis@ and tedu@

New mutex and condvar implementations based on futex(2).

Not enabled yet, it needs some SPINLOCK_SPIN_HOOK love and
some bumps.

Tested by many including sthen@ in a bulk.

ok visa@, sthen@, kettenis@, tedu@

Backout previous synch.h commit (r1.5, "Use process-private futexes to avoid
the uvm_map lookup overhead"). This causes hangs with Python, seen easily
by trying to build ports/graphics/py-Pillow.

Use process-private futexes to avoid the uvm_map lookup overhead.

While here kill unused _wait() function.

ok visa@

New semaphore implementation making sem_post async-safe.

POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].

The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.

Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.

The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.

For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.

[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html

OK visa@, mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

SPINLOCK_SPIN_HOOK is no more, define our own set of macros.

Prodded by kettenis@ and tedu@

New mutex and condvar implementations based on futex(2).

Not enabled yet, it needs some SPINLOCK_SPIN_HOOK love and
some bumps.

Tested by many including sthen@ in a bulk.

ok visa@, sthen@, kettenis@, tedu@

Use process-private futexes to avoid the uvm_map lookup overhead.

While here kill unused _wait() function.

ok visa@

New semaphore implementation making sem_post async-safe.

POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].

The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.

Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.

The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.

For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.

[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html

OK visa@, mpi@, guenther@

Move mutex, condvar, and thread-specific data routes, pthread_once, and
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.

Requested by libressl team. Ports testing by naddy@
ok kettenis@

SPINLOCK_SPIN_HOOK is no more, define our own set of macros.

Prodded by kettenis@ and tedu@

New mutex and condvar implementations based on futex(2).

Not enabled yet, it needs some SPINLOCK_SPIN_HOOK love and
some bumps.

Tested by many including sthen@ in a bulk.

ok visa@, sthen@, kettenis@, tedu@