Index: sys/signalvar.h =================================================================== --- sys/signalvar.h (revision 212945) +++ sys/signalvar.h (working copy) @@ -352,6 +352,8 @@ void tdsigcleanup(struct thread *td); void tdsignal(struct thread *td, int sig); void trapsignal(struct thread *td, ksiginfo_t *ksi); +int tdsendsignal(struct proc *p, struct thread *td, int sig, + ksiginfo_t *ksi); #endif /* _KERNEL */ Index: sys/proc.h =================================================================== --- sys/proc.h (revision 212945) +++ sys/proc.h (working copy) @@ -205,6 +205,7 @@ TAILQ_ENTRY(thread) td_runq; /* (t) Run queue. */ TAILQ_ENTRY(thread) td_slpq; /* (t) Sleep queue. */ TAILQ_ENTRY(thread) td_lockq; /* (t) Lock queue. */ + LIST_ENTRY(thread) td_hash; /* (d) Hash chain. */ struct cpuset *td_cpuset; /* (t) CPU affinity mask. */ struct seltd *td_sel; /* Select queue/channel. */ struct sleepqueue *td_sleepqueue; /* (k) Associated sleep queue. */ @@ -766,6 +767,10 @@ #define PIDHASH(pid) (&pidhashtbl[(pid) & pidhash]) extern LIST_HEAD(pidhashhead, proc) *pidhashtbl; extern u_long pidhash; +#define TIDHASH(tid) (&tidhashtbl[(tid) & tidhash]) +extern LIST_HEAD(tidhashhead, thread) *tidhashtbl; +extern u_long tidhash; +extern struct rwlock tidhash_lock; #define PGRPHASH(pgid) (&pgrphashtbl[(pgid) & pgrphash]) extern LIST_HEAD(pgrphashhead, pgrp) *pgrphashtbl; @@ -795,6 +800,9 @@ struct proc *pfind(pid_t); /* Find process by id. */ struct pgrp *pgfind(pid_t); /* Find process group by id. */ struct proc *zpfind(pid_t); /* Find zombie process by id. */ +void tidhash_add(struct thread *); +void tidhash_remove(struct thread *); +struct thread *tfind(lwpid_t tid); void ast(struct trapframe *framep); struct thread *choosethread(void); Index: kern/kern_time.c =================================================================== --- kern/kern_time.c (revision 212945) +++ kern/kern_time.c (working copy) @@ -1402,36 +1402,43 @@ itimer_fire(struct itimer *it) { struct proc *p = it->it_proc; - int ret; + struct thread *td = NULL; + if (it->it_sigev.sigev_notify == SIGEV_THREAD_ID) { + td = tfind(it->it_sigev.sigev_notify_thread_id); + if (td == NULL || td->td_proc != p) { + /* + * Broken userland code, thread went + * away, disarm the timer. + */ + if (td != NULL) + PROC_UNLOCK(td->td_proc); + ITIMER_LOCK(it); + timespecclear(&it->it_time.it_value); + timespecclear(&it->it_time.it_interval); + callout_stop(&it->it_callout); + ITIMER_UNLOCK(it); + return; + } + } else { + PROC_LOCK(p); + } + if (it->it_sigev.sigev_notify == SIGEV_SIGNAL || it->it_sigev.sigev_notify == SIGEV_THREAD_ID) { - PROC_LOCK(p); if (!KSI_ONQ(&it->it_ksi)) { it->it_ksi.ksi_errno = 0; - ret = psignal_event(p, &it->it_sigev, &it->it_ksi); - if (__predict_false(ret != 0)) { - it->it_overrun++; - /* - * Broken userland code, thread went - * away, disarm the timer. - */ - if (ret == ESRCH) { - ITIMER_LOCK(it); - timespecclear(&it->it_time.it_value); - timespecclear(&it->it_time.it_interval); - callout_stop(&it->it_callout); - ITIMER_UNLOCK(it); - } - } + it->it_ksi.ksi_signo = it->it_sigev.sigev_signo; + it->it_ksi.ksi_value = it->it_sigev.sigev_value; + tdsendsignal(p, td, it->it_ksi.ksi_signo, &it->it_ksi); } else { if (it->it_overrun < INT_MAX) it->it_overrun++; else it->it_ksi.ksi_errno = ERANGE; } - PROC_UNLOCK(p); } + PROC_UNLOCK(p); } static void Index: kern/uipc_mqueue.c =================================================================== --- kern/uipc_mqueue.c (revision 212945) +++ kern/uipc_mqueue.c (working copy) @@ -1747,15 +1747,33 @@ mqueue_send_notification(struct mqueue *mq) { struct mqueue_notifier *nt; + struct thread *td = NULL; struct proc *p; mtx_assert(&mq->mq_mutex, MA_OWNED); nt = mq->mq_notifier; if (nt->nt_sigev.sigev_notify != SIGEV_NONE) { p = nt->nt_proc; - PROC_LOCK(p); - if (!KSI_ONQ(&nt->nt_ksi)) - psignal_event(p, &nt->nt_sigev, &nt->nt_ksi); + if (nt->nt_sigev.sigev_notify == SIGEV_THREAD_ID) { + td = tfind(nt->nt_sigev.sigev_notify_thread_id); + if (td == NULL || td->td_proc != p) { + /* + * Broken userland code, thread went + * away. + */ + if (td != NULL) + PROC_UNLOCK(td->td_proc); + mq->mq_notifier = NULL; + return; + } + } else { + PROC_LOCK(p); + } + if (!KSI_ONQ(&nt->nt_ksi)) { + nt->nt_ksi.ksi_signo = nt->nt_sigev.sigev_signo; + nt->nt_ksi.ksi_value = nt->nt_sigev.sigev_value; + tdsendsignal(p, td, nt->nt_ksi.ksi_signo, &nt->nt_ksi); + } PROC_UNLOCK(p); } mq->mq_notifier = NULL; Index: kern/kern_thread.c =================================================================== --- kern/kern_thread.c (revision 212945) +++ kern/kern_thread.c (working copy) @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #ifdef HWPMC_HOOKS @@ -83,6 +84,12 @@ struct mtx tid_lock; static struct unrhdr *tid_unrhdr; +static MALLOC_DEFINE(M_TIDHASH, "tidhash", "thread hash"); + +struct tidhashhead *tidhashtbl; +u_long tidhash; +struct rwlock tidhash_lock; + /* * Prepare a thread for use. */ @@ -230,6 +237,8 @@ thread_zone = uma_zcreate("THREAD", sched_sizeof_thread(), thread_ctor, thread_dtor, thread_init, thread_fini, 16 - 1, 0); + tidhashtbl = hashinit(maxproc / 2, M_TIDHASH, &tidhash); + rw_init(&tidhash_lock, "tidhash"); } /* @@ -748,8 +757,14 @@ * this thread should just suicide. * Assumes that P_SINGLE_EXIT implies P_STOPPED_SINGLE. */ - if ((p->p_flag & P_SINGLE_EXIT) && (p->p_singlethread != td)) + if ((p->p_flag & P_SINGLE_EXIT) && (p->p_singlethread != td)) { + PROC_SUNLOCK(p); + PROC_UNLOCK(p); + tidhash_remove(td); + PROC_LOCK(p); + PROC_SLOCK(p); thread_exit(); + } if (P_SHOULDSTOP(p) == P_STOPPED_SINGLE) { if (p->p_numthreads == p->p_suspcount + 1) { thread_lock(p->p_singlethread); @@ -923,3 +938,53 @@ } return (td); } + +/* Locate a thread by number; return with proc lock held. */ +struct thread * +tfind(lwpid_t tid) +{ +#define RUN_THRESH 10 + struct thread *td; + int run = 0; + + rw_rlock(&tidhash_lock); + LIST_FOREACH(td, TIDHASH(tid), td_hash) { + if (td->td_tid == tid) { + if (td->td_proc->p_state == PRS_NEW) { + td = NULL; + break; + } + if (run > RUN_THRESH) { + if (rw_try_upgrade(&tidhash_lock)) { + LIST_REMOVE(td, td_hash); + LIST_INSERT_HEAD(TIDHASH(td->td_tid), + td, td_hash); + PROC_LOCK(td->td_proc); + rw_wunlock(&tidhash_lock); + return (td); + } + } + PROC_LOCK(td->td_proc); + break; + } + run++; + } + rw_runlock(&tidhash_lock); + return (td); +} + +void +tidhash_add(struct thread *td) +{ + rw_wlock(&tidhash_lock); + LIST_INSERT_HEAD(TIDHASH(td->td_tid), td, td_hash); + rw_wunlock(&tidhash_lock); +} + +void +tidhash_remove(struct thread *td) +{ + rw_wlock(&tidhash_lock); + LIST_REMOVE(td, td_hash); + rw_wunlock(&tidhash_lock); +} Index: kern/kern_thr.c =================================================================== --- kern/kern_thr.c (revision 212945) +++ kern/kern_thr.c (working copy) @@ -45,6 +45,7 @@ #include #include #include +#include #include #include #include @@ -240,6 +241,9 @@ if (P_SHOULDSTOP(p)) newtd->td_flags |= TDF_ASTPENDING | TDF_NEEDSUSPCHK; PROC_UNLOCK(p); + + tidhash_add(newtd); + thread_lock(newtd); if (rtp != NULL) { if (!(td->td_pri_class == PRI_TIMESHARE && @@ -281,6 +285,8 @@ kern_umtx_wake(td, uap->state, INT_MAX, 0); } + tidhash_remove(td); + PROC_LOCK(p); tdsigcleanup(td); PROC_SLOCK(p); @@ -309,18 +315,17 @@ int error; p = td->td_proc; - error = 0; ksiginfo_init(&ksi); ksi.ksi_signo = uap->sig; ksi.ksi_code = SI_LWP; ksi.ksi_pid = p->p_pid; ksi.ksi_uid = td->td_ucred->cr_ruid; - PROC_LOCK(p); if (uap->id == -1) { if (uap->sig != 0 && !_SIG_VALID(uap->sig)) { error = EINVAL; } else { error = ESRCH; + PROC_LOCK(p); FOREACH_THREAD_IN_PROC(p, ttd) { if (ttd != td) { error = 0; @@ -329,22 +334,26 @@ tdksignal(ttd, uap->sig, &ksi); } } + PROC_UNLOCK(p); } } else { - if (uap->id != td->td_tid) - ttd = thread_find(p, uap->id); - else - ttd = td; + error = 0; + ttd = tfind((lwpid_t)uap->id); if (ttd == NULL) - error = ESRCH; - else if (uap->sig == 0) + return (ESRCH); + if (ttd->td_proc != p) { + PROC_UNLOCK(ttd->td_proc); + return (ESRCH); + } + + if (uap->sig == 0) ; else if (!_SIG_VALID(uap->sig)) error = EINVAL; - else + else tdksignal(ttd, uap->sig, &ksi); + PROC_UNLOCK(ttd->td_proc); } - PROC_UNLOCK(p); return (error); } @@ -359,51 +368,53 @@ AUDIT_ARG_SIGNUM(uap->sig); - if (uap->pid == td->td_proc->p_pid) { - p = td->td_proc; - PROC_LOCK(p); - } else if ((p = pfind(uap->pid)) == NULL) { - return (ESRCH); - } - AUDIT_ARG_PROCESS(p); - - error = p_cansignal(td, p, uap->sig); - if (error == 0) { - ksiginfo_init(&ksi); - ksi.ksi_signo = uap->sig; - ksi.ksi_code = SI_LWP; - ksi.ksi_pid = td->td_proc->p_pid; - ksi.ksi_uid = td->td_ucred->cr_ruid; - if (uap->id == -1) { - if (uap->sig != 0 && !_SIG_VALID(uap->sig)) { - error = EINVAL; - } else { - error = ESRCH; - FOREACH_THREAD_IN_PROC(p, ttd) { - if (ttd != td) { - error = 0; - if (uap->sig == 0) - break; - tdksignal(ttd, uap->sig, &ksi); - } + ksiginfo_init(&ksi); + ksi.ksi_signo = uap->sig; + ksi.ksi_code = SI_LWP; + ksi.ksi_pid = td->td_proc->p_pid; + ksi.ksi_uid = td->td_ucred->cr_ruid; + if (uap->id == -1) { + if ((p = pfind(uap->pid)) == NULL) + return (ESRCH); + AUDIT_ARG_PROCESS(p); + error = p_cansignal(td, p, uap->sig); + if (error) { + PROC_UNLOCK(p); + return (error); + } + if (uap->sig != 0 && !_SIG_VALID(uap->sig)) { + error = EINVAL; + } else { + error = ESRCH; + FOREACH_THREAD_IN_PROC(p, ttd) { + if (ttd != td) { + error = 0; + if (uap->sig == 0) + break; + tdksignal(ttd, uap->sig, &ksi); } } - } else { - if (uap->id != td->td_tid) - ttd = thread_find(p, uap->id); - else - ttd = td; - if (ttd == NULL) - error = ESRCH; - else if (uap->sig == 0) - ; - else if (!_SIG_VALID(uap->sig)) - error = EINVAL; - else - tdksignal(ttd, uap->sig, &ksi); } + PROC_UNLOCK(p); + } else { + ttd = tfind((lwpid_t)uap->id); + if (ttd == NULL) + return (ESRCH); + p = ttd->td_proc; + if (p->p_pid != uap->pid) { + PROC_UNLOCK(p); + return (ESRCH); + } + AUDIT_ARG_PROCESS(p); + error = p_cansignal(td, p, uap->sig); + if (uap->sig == 0) + ; + else if (!_SIG_VALID(uap->sig)) + error = EINVAL; + else + tdksignal(ttd, uap->sig, &ksi); + PROC_UNLOCK(p); } - PROC_UNLOCK(p); return (error); } @@ -485,11 +496,12 @@ } p = td->td_proc; - PROC_LOCK(p); - ttd = thread_find(p, uap->id); - if (ttd == NULL) { - PROC_UNLOCK(p); + ttd = tfind((lwpid_t)uap->id); + if (ttd == NULL) return (ESRCH); + if (ttd->td_proc != p) { + PROC_UNLOCK(ttd->td_proc); + return (ESRCH); } thread_lock(ttd); ttd->td_flags |= TDF_THRWAKEUP; @@ -502,7 +514,7 @@ int thr_set_name(struct thread *td, struct thr_set_name_args *uap) { - struct proc *p = td->td_proc; + struct proc *p; char name[MAXCOMLEN + 1]; struct thread *ttd; int error; @@ -515,15 +527,15 @@ if (error) return (error); } - PROC_LOCK(p); - if (uap->id == td->td_tid) - ttd = td; - else - ttd = thread_find(p, uap->id); - if (ttd != NULL) - strcpy(ttd->td_name, name); - else - error = ESRCH; + p = td->td_proc; + ttd = tfind((lwpid_t)uap->id); + if (ttd == NULL) + return (ESRCH); + if (ttd->td_proc != p) { + PROC_UNLOCK(ttd->td_proc); + return (ESRCH); + } + strcpy(ttd->td_name, name); PROC_UNLOCK(p); return (error); } Index: kern/kern_sig.c =================================================================== --- kern/kern_sig.c (revision 212945) +++ kern/kern_sig.c (working copy) @@ -107,8 +107,6 @@ ksiginfo_t *ksi); static int issignal(struct thread *td, int stop_allowed); static int sigprop(int sig); -static int tdsendsignal(struct proc *p, struct thread *td, int sig, - ksiginfo_t *ksi); static void tdsigwakeup(struct thread *, int, sig_t, int); static void sig_suspend_threads(struct thread *, struct proc *, int); static int filt_sigattach(struct knote *kn); @@ -2015,7 +2013,7 @@ (void) tdsendsignal(td->td_proc, td, sig, ksi); } -static int +int tdsendsignal(struct proc *p, struct thread *td, int sig, ksiginfo_t *ksi) { sig_t action; Index: kern/init_main.c =================================================================== --- kern/init_main.c (revision 212945) +++ kern/init_main.c (working copy) @@ -443,6 +443,7 @@ */ LIST_INSERT_HEAD(&allproc, p, p_list); LIST_INSERT_HEAD(PIDHASH(0), p, p_hash); + LIST_INSERT_HEAD(TIDHASH(0), td, td_hash); mtx_init(&pgrp0.pg_mtx, "process group", NULL, MTX_DEF | MTX_DUPOK); p->p_pgrp = &pgrp0; LIST_INSERT_HEAD(PGRPHASH(0), &pgrp0, pg_hash); Index: kern/kern_kthread.c =================================================================== --- kern/kern_kthread.c (revision 212945) +++ kern/kern_kthread.c (working copy) @@ -295,6 +295,7 @@ thread_unlock(oldtd); PROC_UNLOCK(p); + tidhash_add(newtd); /* Delay putting it on the run queue until now. */ if (!(flags & RFSTOPPED)) { @@ -314,6 +315,8 @@ p = curthread->td_proc; + tidhash_remove(curthread); + /* A module may be waiting for us to exit. */ wakeup(curthread); PROC_LOCK(p); Index: kern/kern_exit.c =================================================================== --- kern/kern_exit.c (revision 212945) +++ kern/kern_exit.c (working copy) @@ -403,6 +403,8 @@ PROC_UNLOCK(p); lim_free(plim); + tidhash_remove(td); + /* * Remove proc from allproc queue and pidhash chain. * Place onto zombproc. Unlink from parent's child list. Index: kern/kern_fork.c =================================================================== --- kern/kern_fork.c (revision 212945) +++ kern/kern_fork.c (working copy) @@ -456,7 +456,7 @@ AUDIT_ARG_PID(p2->p_pid); LIST_INSERT_HEAD(&allproc, p2, p_list); LIST_INSERT_HEAD(PIDHASH(p2->p_pid), p2, p_hash); - + tidhash_add(td2); PROC_LOCK(p2); PROC_LOCK(p1); Index: kern/vfs_aio.c =================================================================== --- kern/vfs_aio.c (revision 212945) +++ kern/vfs_aio.c (working copy) @@ -609,13 +609,26 @@ static int aio_sendsig(struct proc *p, struct sigevent *sigev, ksiginfo_t *ksi) { + struct thread *td = NULL; int ret = 0; - PROC_LOCK(p); + if (sigev->sigev_notify == SIGEV_THREAD_ID) { + td = tfind(sigev->sigev_notify_thread_id); + if (td == NULL || td->td_proc != p) { + if (td != NULL) + PROC_UNLOCK(td->td_proc); + return (ESRCH); + } + } else { + PROC_LOCK(p); + } + if (!KSI_ONQ(ksi)) { + ksi->ksi_signo = sigev->sigev_signo; + ksi->ksi_value = sigev->sigev_value; ksi->ksi_code = SI_ASYNCIO; ksi->ksi_flags |= KSI_EXT | KSI_INS; - ret = psignal_event(p, sigev, ksi); + tdsendsignal(p, td, ksi->ksi_signo, ksi); } PROC_UNLOCK(p); return (ret); Index: kern/sys_process.c =================================================================== --- kern/sys_process.c (revision 212945) +++ kern/sys_process.c (working copy) @@ -721,24 +721,13 @@ return (ESRCH); } } else { - /* this is slow, should be optimized */ - sx_slock(&allproc_lock); - FOREACH_PROC_IN_SYSTEM(p) { - PROC_LOCK(p); - FOREACH_THREAD_IN_PROC(p, td2) { - if (td2->td_tid == pid) - break; - } - if (td2 != NULL) - break; /* proc lock held */ - PROC_UNLOCK(p); - } - sx_sunlock(&allproc_lock); - if (p == NULL) { + td2 = tfind(pid); + if (td2 == NULL) { if (proctree_locked) sx_xunlock(&proctree_lock); return (ESRCH); } + p = td2->td_proc; tid = pid; pid = p->p_pid; }