sortix-mirror/kernel/include/sortix/kernel/thread.h

/*
 * Copyright (c) 2011-2016, 2018, 2021-2022 Jonas 'Sortie' Termansen.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * sortix/kernel/thread.h
 * Describes a thread belonging to a process.
 */

#ifndef _INCLUDE_SORTIX_KERNEL_THREAD_H
#define _INCLUDE_SORTIX_KERNEL_THREAD_H

#include <stdint.h>

#include <sortix/sigaction.h>
#include <sortix/signal.h>
#include <sortix/sigset.h>
#include <sortix/stack.h>

#include <sortix/kernel/clock.h>
#include <sortix/kernel/kthread.h>
#include <sortix/kernel/registers.h>
#include <sortix/kernel/scheduler.h>
#include <sortix/kernel/signal.h>

namespace Sortix {

class Process;
class Thread;

// These functions create a new kernel process but doesn't start it.
Thread* CreateKernelThread(Process* process, struct thread_registers* regs,
                           const char* name);
Thread* CreateKernelThread(Process* process, void (*entry)(void*), void* user,
                           const char* name, size_t stacksize = 0);
Thread* CreateKernelThread(void (*entry)(void*), void* user, const char* name,
                           size_t stacksize = 0);

// This function can be used to start a thread from the above functions.
void StartKernelThread(Thread* thread);

// Alternatively, these functions both create and start the thread.
Thread* RunKernelThread(Process* process, struct thread_registers* regs,
                        const char* name);
Thread* RunKernelThread(Process* process, void (*entry)(void*), void* user,
                        const char* name, size_t stacksize = 0);
Thread* RunKernelThread(void (*entry)(void*), void* user, const char* name,
                        size_t stacksize = 0);

enum yield_operation
{
	YIELD_OPERATION_NONE,
	YIELD_OPERATION_WAIT_FUTEX,
	YIELD_OPERATION_WAIT_FUTEX_SIGNAL,
};

class Thread
{
public:
	Thread();
	~Thread();

public:
	const char* name;
	uintptr_t system_tid;
	uintptr_t yield_to_tid;
	struct thread_registers registers;
	size_t id;
	Process* process;
	Thread* prevsibling;
	Thread* nextsibling;
	Thread* scheduler_list_prev;
	Thread* scheduler_list_next;
	volatile ThreadState state;
	sigset_t signal_pending;
	sigset_t signal_mask;
	sigset_t saved_signal_mask;
	stack_t signal_stack;
	addr_t kernelstackpos;
	size_t kernelstacksize;
	size_t signal_count;
	uintptr_t signal_single_frame;
	uintptr_t signal_canary;
	bool kernelstackmalloced;
	bool pledged_destruction;
	bool force_no_signals;
	bool signal_single;
	bool has_saved_signal_mask;
	Clock execute_clock;
	Clock system_clock;
	uintptr_t futex_address;
	bool futex_woken;
	bool timer_woken;
	Thread* futex_prev_waiting;
	Thread* futex_next_waiting;
	enum yield_operation yield_operation;

public:
	void HandleSignal(struct interrupt_context* intctx);
	void HandleSigreturn(struct interrupt_context* intctx);
	bool DeliverSignal(int signum);
	bool DeliverSignalUnlocked(int signum);
	void DoUpdatePendingSignal();

};

Thread* CurrentThread();

} // namespace Sortix

#endif
Relicense Sortix to the ISC license. I hereby relicense all my work on Sortix under the ISC license as below. All Sortix contributions by other people are already under this license, are not substantial enough to be copyrightable, or have been removed. All imported code from other projects is compatible with this license. All GPL licensed code from other projects had previously been removed. Copyright 2011-2016 Jonas 'Sortie' Termansen and contributors. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 2016-03-02 22:38:16 +00:00			`/*`
Remove kernel thread alignment since malloc is already 16-byte aligned. 2022-04-25 22:09:06 +00:00			`* Copyright (c) 2011-2016, 2018, 2021-2022 Jonas 'Sortie' Termansen.`
Relicense Sortix to the ISC license. I hereby relicense all my work on Sortix under the ISC license as below. All Sortix contributions by other people are already under this license, are not substantial enough to be copyrightable, or have been removed. All imported code from other projects is compatible with this license. All GPL licensed code from other projects had previously been removed. Copyright 2011-2016 Jonas 'Sortie' Termansen and contributors. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 2016-03-02 22:38:16 +00:00			`*`
			`* Permission to use, copy, modify, and distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES`
			`* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF`
			`* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR`
			`* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES`
			`* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN`
			`* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF`
			`* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.`
			`*`
			`* sortix/kernel/thread.h`
			`* Describes a thread belonging to a process.`
			`*/`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00
Standardize header include guards. This change makes all the standard library and kernel headers use header guards with a consistent scheme within the reserved namespace to avoid conflicts with non-standard-library-implementation code. 2022-07-07 23:09:15 +00:00			`#ifndef _INCLUDE_SORTIX_KERNEL_THREAD_H`
			`#define _INCLUDE_SORTIX_KERNEL_THREAD_H`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00
Implement yielding a timeslice to another thread. 2014-10-02 13:38:06 +00:00			`#include <stdint.h>`

Implement signals. Note: This is an incompatible ABI change. 2013-08-04 18:24:59 +00:00			`#include <sortix/sigaction.h>`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00			`#include <sortix/signal.h>`
Implement signals. Note: This is an incompatible ABI change. 2013-08-04 18:24:59 +00:00			`#include <sortix/sigset.h>`
			`#include <sortix/stack.h>`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00
Implement CLOCK_THREAD_CPUTIME_ID and CLOCK_THREAD_SYSTIME_ID. 2016-01-09 00:17:08 +00:00			`#include <sortix/kernel/clock.h>`
Implement signals. Note: This is an incompatible ABI change. 2013-08-04 18:24:59 +00:00			`#include <sortix/kernel/kthread.h>`
Refactor kernel interrupt and thread register support. 2014-03-03 23:11:13 +00:00			`#include <sortix/kernel/registers.h>`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00			`#include <sortix/kernel/scheduler.h>`
			`#include <sortix/kernel/signal.h>`

			`namespace Sortix {`

			`class Process;`
			`class Thread;`

			`// These functions create a new kernel process but doesn't start it.`
Implement threading primitives that truly sleep. The idle thread is now actually run when the system is idle because it truly goes idle. The idle thread is made power efficient by using the hlt instruction rather than a busy loop. The new futex(2) system call is used to implement fast user-space mutexes, condition variables, and semaphores. The same backend and design is used as kutexes for truly sleeping kernel mutexes and condition variables. The new exit_thread(2) flag EXIT_THREAD_FUTEX_WAKE wakes a futex. Sleeping on clocks in the kernel now uses timers for true sleep. The interrupt worker thread now truly sleeps when idle. Kernel threads are now named. This is a compatible ABI change. 2021-02-06 20:23:43 +00:00			`Thread* CreateKernelThread(Process* process, struct thread_registers* regs,`
			`const char* name);`
Clean up kernel thread creation code. 2014-03-02 23:08:01 +00:00			`Thread* CreateKernelThread(Process* process, void (entry)(void), void* user,`
Implement threading primitives that truly sleep. The idle thread is now actually run when the system is idle because it truly goes idle. The idle thread is made power efficient by using the hlt instruction rather than a busy loop. The new futex(2) system call is used to implement fast user-space mutexes, condition variables, and semaphores. The same backend and design is used as kutexes for truly sleeping kernel mutexes and condition variables. The new exit_thread(2) flag EXIT_THREAD_FUTEX_WAKE wakes a futex. Sleeping on clocks in the kernel now uses timers for true sleep. The interrupt worker thread now truly sleeps when idle. Kernel threads are now named. This is a compatible ABI change. 2021-02-06 20:23:43 +00:00			`const char* name, size_t stacksize = 0);`
			`Thread* CreateKernelThread(void (entry)(void), void* user, const char* name,`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00			`size_t stacksize = 0);`

			`// This function can be used to start a thread from the above functions.`
			`void StartKernelThread(Thread* thread);`

			`// Alternatively, these functions both create and start the thread.`
Implement threading primitives that truly sleep. The idle thread is now actually run when the system is idle because it truly goes idle. The idle thread is made power efficient by using the hlt instruction rather than a busy loop. The new futex(2) system call is used to implement fast user-space mutexes, condition variables, and semaphores. The same backend and design is used as kutexes for truly sleeping kernel mutexes and condition variables. The new exit_thread(2) flag EXIT_THREAD_FUTEX_WAKE wakes a futex. Sleeping on clocks in the kernel now uses timers for true sleep. The interrupt worker thread now truly sleeps when idle. Kernel threads are now named. This is a compatible ABI change. 2021-02-06 20:23:43 +00:00			`Thread* RunKernelThread(Process* process, struct thread_registers* regs,`
			`const char* name);`
Clean up kernel thread creation code. 2014-03-02 23:08:01 +00:00			`Thread* RunKernelThread(Process* process, void (entry)(void), void* user,`
Implement threading primitives that truly sleep. The idle thread is now actually run when the system is idle because it truly goes idle. The idle thread is made power efficient by using the hlt instruction rather than a busy loop. The new futex(2) system call is used to implement fast user-space mutexes, condition variables, and semaphores. The same backend and design is used as kutexes for truly sleeping kernel mutexes and condition variables. The new exit_thread(2) flag EXIT_THREAD_FUTEX_WAKE wakes a futex. Sleeping on clocks in the kernel now uses timers for true sleep. The interrupt worker thread now truly sleeps when idle. Kernel threads are now named. This is a compatible ABI change. 2021-02-06 20:23:43 +00:00			`const char* name, size_t stacksize = 0);`
			`Thread* RunKernelThread(void (entry)(void), void* user, const char* name,`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00			`size_t stacksize = 0);`
Implement threading primitives that truly sleep. The idle thread is now actually run when the system is idle because it truly goes idle. The idle thread is made power efficient by using the hlt instruction rather than a busy loop. The new futex(2) system call is used to implement fast user-space mutexes, condition variables, and semaphores. The same backend and design is used as kutexes for truly sleeping kernel mutexes and condition variables. The new exit_thread(2) flag EXIT_THREAD_FUTEX_WAKE wakes a futex. Sleeping on clocks in the kernel now uses timers for true sleep. The interrupt worker thread now truly sleeps when idle. Kernel threads are now named. This is a compatible ABI change. 2021-02-06 20:23:43 +00:00
			`enum yield_operation`
			`{`
			`YIELD_OPERATION_NONE,`
			`YIELD_OPERATION_WAIT_FUTEX,`
			`YIELD_OPERATION_WAIT_FUTEX_SIGNAL,`
			`};`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00
			`class Thread`
			`{`
			`public:`
Clean up kernel thread creation code. 2014-03-02 23:08:01 +00:00			`Thread();`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00			`~Thread();`

			`public:`
Implement threading primitives that truly sleep. The idle thread is now actually run when the system is idle because it truly goes idle. The idle thread is made power efficient by using the hlt instruction rather than a busy loop. The new futex(2) system call is used to implement fast user-space mutexes, condition variables, and semaphores. The same backend and design is used as kutexes for truly sleeping kernel mutexes and condition variables. The new exit_thread(2) flag EXIT_THREAD_FUTEX_WAKE wakes a futex. Sleeping on clocks in the kernel now uses timers for true sleep. The interrupt worker thread now truly sleeps when idle. Kernel threads are now named. This is a compatible ABI change. 2021-02-06 20:23:43 +00:00			`const char* name;`
Implement yielding a timeslice to another thread. 2014-10-02 13:38:06 +00:00			`uintptr_t system_tid;`
			`uintptr_t yield_to_tid;`
Refactor kernel interrupt and thread register support. 2014-03-03 23:11:13 +00:00			`struct thread_registers registers;`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00			`size_t id;`
			`Process* process;`
			`Thread* prevsibling;`
			`Thread* nextsibling;`
Clean up scheduler. 2014-02-21 16:05:10 +00:00			`Thread* scheduler_list_prev;`
			`Thread* scheduler_list_next;`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00			`volatile ThreadState state;`
Implement signals. Note: This is an incompatible ABI change. 2013-08-04 18:24:59 +00:00			`sigset_t signal_pending;`
			`sigset_t signal_mask;`
Add signal mask support to ppoll(2). 2018-10-20 10:57:31 +00:00			`sigset_t saved_signal_mask;`
Implement signals. Note: This is an incompatible ABI change. 2013-08-04 18:24:59 +00:00			`stack_t signal_stack;`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00			`addr_t kernelstackpos;`
			`size_t kernelstacksize;`
Add protection against sigreturn oriented programming (SROP). This change hardens against invalid calls to sigreturn, which is a very useful gadget when compromising a process. The system call now verifies it is a real return from a signal and aborts the process otherwise. This should render such attacks impossible in threads that are not servicing a signal, and infeasible in threads that are handling signals they are yet to return from. The kernel now keeps track for each thread how many signals are being handled but haven't returned yet. Each thread now has a random signal value. It is re-randomized when the thread handles a signal and the current signal counter is zero. This is xorred with the context address and used as canary on the stack during signal dispatch, protecting the saved context on the stack. This works mostly like the regular stack protector. The kernel now keeps track of the stack pointer for a single handled signal per thread. It doesn't seem worth it to keep track of multiple handled signals, as more than one is rare. Note that each delivered signal will not necessarily result in a sigreturn because it is valid for a thread to longjmp(3) out of a signal handler to a valid jmp_buf. The sigreturn system call will abort if either: - It was not called from the kernel sigreturn page. - The thread is not currently processing a signal. - The thread is processing a single signal, and the stack pointer did not have the expected value. - It fails to read the context on the stack. - The canary is wrong. 2016-05-13 23:14:26 +00:00			`size_t signal_count;`
			`uintptr_t signal_single_frame;`
			`uintptr_t signal_canary;`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00			`bool kernelstackmalloced;`
Implement signals. Note: This is an incompatible ABI change. 2013-08-04 18:24:59 +00:00			`bool pledged_destruction;`
Fix untimely delivery of signals during userfs reference count messages. 2015-08-14 16:24:40 +00:00			`bool force_no_signals;`
Add protection against sigreturn oriented programming (SROP). This change hardens against invalid calls to sigreturn, which is a very useful gadget when compromising a process. The system call now verifies it is a real return from a signal and aborts the process otherwise. This should render such attacks impossible in threads that are not servicing a signal, and infeasible in threads that are handling signals they are yet to return from. The kernel now keeps track for each thread how many signals are being handled but haven't returned yet. Each thread now has a random signal value. It is re-randomized when the thread handles a signal and the current signal counter is zero. This is xorred with the context address and used as canary on the stack during signal dispatch, protecting the saved context on the stack. This works mostly like the regular stack protector. The kernel now keeps track of the stack pointer for a single handled signal per thread. It doesn't seem worth it to keep track of multiple handled signals, as more than one is rare. Note that each delivered signal will not necessarily result in a sigreturn because it is valid for a thread to longjmp(3) out of a signal handler to a valid jmp_buf. The sigreturn system call will abort if either: - It was not called from the kernel sigreturn page. - The thread is not currently processing a signal. - The thread is processing a single signal, and the stack pointer did not have the expected value. - It fails to read the context on the stack. - The canary is wrong. 2016-05-13 23:14:26 +00:00			`bool signal_single;`
Add signal mask support to ppoll(2). 2018-10-20 10:57:31 +00:00			`bool has_saved_signal_mask;`
Implement CLOCK_THREAD_CPUTIME_ID and CLOCK_THREAD_SYSTIME_ID. 2016-01-09 00:17:08 +00:00			`Clock execute_clock;`
			`Clock system_clock;`
Implement threading primitives that truly sleep. The idle thread is now actually run when the system is idle because it truly goes idle. The idle thread is made power efficient by using the hlt instruction rather than a busy loop. The new futex(2) system call is used to implement fast user-space mutexes, condition variables, and semaphores. The same backend and design is used as kutexes for truly sleeping kernel mutexes and condition variables. The new exit_thread(2) flag EXIT_THREAD_FUTEX_WAKE wakes a futex. Sleeping on clocks in the kernel now uses timers for true sleep. The interrupt worker thread now truly sleeps when idle. Kernel threads are now named. This is a compatible ABI change. 2021-02-06 20:23:43 +00:00			`uintptr_t futex_address;`
			`bool futex_woken;`
			`bool timer_woken;`
			`Thread* futex_prev_waiting;`
			`Thread* futex_next_waiting;`
			`enum yield_operation yield_operation;`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00
Maintain fsbase and gsbase as per-thread registers. Note: This is an incompatible ABI change. 2013-09-14 16:59:15 +00:00			`public:`
Refactor kernel interrupt and thread register support. 2014-03-03 23:11:13 +00:00			`void HandleSignal(struct interrupt_context* intctx);`
			`void HandleSigreturn(struct interrupt_context* intctx);`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00			`bool DeliverSignal(int signum);`
Implement signals. Note: This is an incompatible ABI change. 2013-08-04 18:24:59 +00:00			`bool DeliverSignalUnlocked(int signum);`
Fix untimely delivery of signals during userfs reference count messages. 2015-08-14 16:24:40 +00:00			`void DoUpdatePendingSignal();`
Refactor kernel process.h and thread.h headers. 2013-05-12 22:41:30 +00:00
			`};`

			`Thread* CurrentThread();`

			`} // namespace Sortix`

			`#endif`