Fix GH-10737: PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c

The TSRM keeps a hashtable mapping the thread IDs to the thread resource pointers.
It's possible that

Fix GH-10737: PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c

The TSRM keeps a hashtable mapping the thread IDs to the thread resource pointers.
It's possible that the thread disappears without us knowing, and then another thread
gets spawned some time later with the same ID as the disappeared thread.
Note that since it's a new thread the TSRM key pointer and cached pointer will be NULL.

The Apache request handler `php_handler()` will try to fetch some fields from the SAPI globals.
It uses a lazy thread resource allocation by calling `ts_resource(0);`.
This allocates a thread resource and sets up the TSRM pointers if they haven't been set up yet.

At least, that's what's supposed to happen. But since we are in a situation where the thread ID
still has the resources of the *old* thread associated in the hashtable,
the loop in `ts_resource_ex` will find that thread resource and assume the thread has been setup
already. But this is not the case since this thread is actually a new thread, just reusing the ID
of the old one, without any relation whatsoever to the old thread.
Because of this assumption, the TSRM pointers will not be setup, leading to a
NULL pointer dereference when trying to access the SAPI globals.

We can easily detect this scenario: if we're in the fallback path, and the pointer is NULL,
and we're looking for our own thread resource, we know we're actually reusing a thread ID.
In that case, we'll free up the old thread resources gracefully (gracefully because
there might still be resources open like database connection which need to be
shut down cleanly). After freeing the resources, we'll create the new resources for
this thread as if the stale resources never existed in the first place.
From that point forward, it is as if that situation never occurred.
The fact that this situation happens isn't that bad because a child process containing
threads will eventually be respawned anyway by the SAPI, so the stale thread resources
won't remain forever.

Note that we can't simply assign our own TSRM pointers to the existing
thread resource for our ID, since it was actually from a different thread
(just with the same ID!). Furthermore, the dynamically loaded extensions
have their own pointer, which is only set when their constructor is
called, so we'd have to call their constructor anyway...
I also tried to call the dtor and then the ctor again for those resources
on the pre-existing thread resource to reuse storage, but that didn't work properly
because other code doesn't expect something like that to happen, which breaks assumptions,
and this in turn caused Valgrind to (rightfully) complain about memory bugs.

Note 2: I also had to fix a bug in the core globals destruction because it
always assumed that the thread destroying them was the owning thread,
which on TSRM shutdown isn't always the case. A similar bug was fixed
recently with the JIT globals.

Closes GH-10863.

show more ...

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Haiku fix ZTS build disabling `tsrm_ls_cache` usage.

Haiku fix ZTS build disabling `tsrm_ls_cache` usage.

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Move locks in TSRM.c to prevent races

Move locks in TSRM.c to prevent races

Closes GH-8298.

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix GH-8160: ZTS support on Alpine is broken

Fix GH-8160: ZTS support on Alpine is broken

We need to export `__MUSL__` so that phpize builds can see the proper
macro, and also need to fix "_tsrm_ls_cache" usage for musl.

C

Fix GH-8160: ZTS support on Alpine is broken

We need to export `__MUSL__` so that phpize builds can see the proper
macro, and also need to fix "_tsrm_ls_cache" usage for musl.

Closes GH-8180.

show more ...

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix TSRM ignoring done

Fix TSRM ignoring done

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
OpenBSD ZTS build fix

OpenBSD ZTS build fix

Closes GH-7661.

Fixed some spaces used instead of tabs

JIT/AArch64: [macos][ZTS] Support fast path for tlv_get_addr (#7042)

* JIT/AArch64: [macos][ZTS] Support fast path for tlv_get_addr

Access to TLV(thread local variable) in macOS is

JIT/AArch64: [macos][ZTS] Support fast path for tlv_get_addr (#7042)

* JIT/AArch64: [macos][ZTS] Support fast path for tlv_get_addr

Access to TLV(thread local variable) in macOS is in "dynamic" form and
function tlv_get_addr() is invoked to resolve the address. See the
example in [1].

Note there is one struct TLVDescriptor [2] for each TLV. The first
member holds the address of function tlv_get_addr(), and the other two
members, "key" and "offset", would be used inside tlv_get_addr().

The disassembly code for function tlv_get_addr() is shown in [3]. With
the value from system register, i.e. tpidrro_el0, together with "key"
and "offset", the TLV address can be obtained.

Note that the value from tpidrro_el0 varies for different threads, and
unique address for TLV is resolved.

It's worth noting that slow path would be executed, i.e. function
tlv_allocate_and_initialize_for_key(), for the first time of TLV access.

In this patch:
1. "_tsrm_ls_cache" is guaranteed to be accessed before any VM/JIT code
during the request startup, e.g. in init_executor(), therefore, slow
path can be avoided.

2. As TLVDecriptor is immutable and zend_jit_setup() executes once, we
get this structure in tsrm_get_ls_cache_tcb_offset(). Note the 'ldr'
instruction would be patched to 'add' by the linker.

3. Only fast path for tlv_get_addr() is implemented in macro
LOAD_TSRM_CACHE.

With this patch, all ~4k test cases can pass for ZTS+CALL in macOS on
Apple silicon.

[1] https://gist.github.com/shqking/4aab67e0105f7c1f2c549d57d5799f94
[2]
https://opensource.apple.com/source/dyld/dyld-195.6/src/threadLocalVariables.c.auto.html
[3] https://gist.github.com/shqking/329d7712c26bad49786ab0a544a4af43

Change-Id: I613e9c37e3ff2ecc3fab0f53f1e48a0246e12ee3

show more ...

Support for ZTS

Fixed bug #80814 (threaded mod_php won't load on FreeBSD: No space available for static Thread Local Storage)

Constify char * arguments of APIs

Closes GH-5676.

Fix warning of strict-prototypes

Closes GH-5673.

Fix [-Wundef] warning in TSRM

Fix bogus check in TSRM and adjust TSRM_ASSERT macro

Closes GH-5562

Merge branch 'PHP-7.4'

* PHP-7.4:
implement tsrm_is_shutdown API

implement tsrm_is_shutdown API

Attempt to fix JIT on Mac OSX ZTS build

Merge branch 'PHP-7.4'

Make tsrm_env_lock() void

We're not checking the return value and the NTS version of this
generates warnings. If we want to handle lock failures, we should
do a hard abort inside tsr

Make tsrm_env_lock() void

We're not checking the return value and the NTS version of this
generates warnings. If we want to handle lock failures, we should
do a hard abort inside tsrm_env_lock() itself.

show more ...

Added JIT compiler for x86 and x86_64