std/sys/pal/unix/
thread.rs

1use crate::ffi::CStr;
2use crate::mem::{self, ManuallyDrop};
3use crate::num::NonZero;
4#[cfg(all(target_os = "linux", target_env = "gnu"))]
5use crate::sys::weak::dlsym;
6#[cfg(any(target_os = "solaris", target_os = "illumos", target_os = "nto",))]
7use crate::sys::weak::weak;
8use crate::sys::{os, stack_overflow};
9use crate::time::Duration;
10use crate::{cmp, io, ptr};
11#[cfg(not(any(target_os = "l4re", target_os = "vxworks", target_os = "espidf")))]
12pub const DEFAULT_MIN_STACK_SIZE: usize = 2 * 1024 * 1024;
13#[cfg(target_os = "l4re")]
14pub const DEFAULT_MIN_STACK_SIZE: usize = 1024 * 1024;
15#[cfg(target_os = "vxworks")]
16pub const DEFAULT_MIN_STACK_SIZE: usize = 256 * 1024;
17#[cfg(target_os = "espidf")]
18pub const DEFAULT_MIN_STACK_SIZE: usize = 0; // 0 indicates that the stack size configured in the ESP-IDF menuconfig system should be used
19
20#[cfg(target_os = "fuchsia")]
21mod zircon {
22    type zx_handle_t = u32;
23    type zx_status_t = i32;
24    pub const ZX_PROP_NAME: u32 = 3;
25
26    unsafe extern "C" {
27        pub fn zx_object_set_property(
28            handle: zx_handle_t,
29            property: u32,
30            value: *const libc::c_void,
31            value_size: libc::size_t,
32        ) -> zx_status_t;
33        pub fn zx_thread_self() -> zx_handle_t;
34    }
35}
36
37pub struct Thread {
38    id: libc::pthread_t,
39}
40
41// Some platforms may have pthread_t as a pointer in which case we still want
42// a thread to be Send/Sync
43unsafe impl Send for Thread {}
44unsafe impl Sync for Thread {}
45
46impl Thread {
47    // unsafe: see thread::Builder::spawn_unchecked for safety requirements
48    #[cfg_attr(miri, track_caller)] // even without panics, this helps for Miri backtraces
49    pub unsafe fn new(stack: usize, p: Box<dyn FnOnce()>) -> io::Result<Thread> {
50        let p = Box::into_raw(Box::new(p));
51        let mut native: libc::pthread_t = mem::zeroed();
52        let mut attr: mem::MaybeUninit<libc::pthread_attr_t> = mem::MaybeUninit::uninit();
53        assert_eq!(libc::pthread_attr_init(attr.as_mut_ptr()), 0);
54
55        #[cfg(target_os = "espidf")]
56        if stack > 0 {
57            // Only set the stack if a non-zero value is passed
58            // 0 is used as an indication that the default stack size configured in the ESP-IDF menuconfig system should be used
59            assert_eq!(
60                libc::pthread_attr_setstacksize(
61                    attr.as_mut_ptr(),
62                    cmp::max(stack, min_stack_size(attr.as_ptr()))
63                ),
64                0
65            );
66        }
67
68        #[cfg(not(target_os = "espidf"))]
69        {
70            let stack_size = cmp::max(stack, min_stack_size(attr.as_ptr()));
71
72            match libc::pthread_attr_setstacksize(attr.as_mut_ptr(), stack_size) {
73                0 => {}
74                n => {
75                    assert_eq!(n, libc::EINVAL);
76                    // EINVAL means |stack_size| is either too small or not a
77                    // multiple of the system page size. Because it's definitely
78                    // >= PTHREAD_STACK_MIN, it must be an alignment issue.
79                    // Round up to the nearest page and try again.
80                    let page_size = os::page_size();
81                    let stack_size =
82                        (stack_size + page_size - 1) & (-(page_size as isize - 1) as usize - 1);
83                    assert_eq!(libc::pthread_attr_setstacksize(attr.as_mut_ptr(), stack_size), 0);
84                }
85            };
86        }
87
88        let ret = libc::pthread_create(&mut native, attr.as_ptr(), thread_start, p as *mut _);
89        // Note: if the thread creation fails and this assert fails, then p will
90        // be leaked. However, an alternative design could cause double-free
91        // which is clearly worse.
92        assert_eq!(libc::pthread_attr_destroy(attr.as_mut_ptr()), 0);
93
94        return if ret != 0 {
95            // The thread failed to start and as a result p was not consumed. Therefore, it is
96            // safe to reconstruct the box so that it gets deallocated.
97            drop(Box::from_raw(p));
98            Err(io::Error::from_raw_os_error(ret))
99        } else {
100            Ok(Thread { id: native })
101        };
102
103        extern "C" fn thread_start(main: *mut libc::c_void) -> *mut libc::c_void {
104            unsafe {
105                // Next, set up our stack overflow handler which may get triggered if we run
106                // out of stack.
107                let _handler = stack_overflow::Handler::new();
108                // Finally, let's run some code.
109                Box::from_raw(main as *mut Box<dyn FnOnce()>)();
110            }
111            ptr::null_mut()
112        }
113    }
114
115    pub fn yield_now() {
116        let ret = unsafe { libc::sched_yield() };
117        debug_assert_eq!(ret, 0);
118    }
119
120    #[cfg(target_os = "android")]
121    pub fn set_name(name: &CStr) {
122        const PR_SET_NAME: libc::c_int = 15;
123        unsafe {
124            let res = libc::prctl(
125                PR_SET_NAME,
126                name.as_ptr(),
127                0 as libc::c_ulong,
128                0 as libc::c_ulong,
129                0 as libc::c_ulong,
130            );
131            // We have no good way of propagating errors here, but in debug-builds let's check that this actually worked.
132            debug_assert_eq!(res, 0);
133        }
134    }
135
136    #[cfg(any(
137        target_os = "linux",
138        target_os = "freebsd",
139        target_os = "dragonfly",
140        target_os = "nuttx",
141        target_os = "cygwin"
142    ))]
143    pub fn set_name(name: &CStr) {
144        unsafe {
145            cfg_if::cfg_if! {
146                if #[cfg(any(target_os = "linux", target_os = "cygwin"))] {
147                    // Linux and Cygwin limits the allowed length of the name.
148                    const TASK_COMM_LEN: usize = 16;
149                    let name = truncate_cstr::<{ TASK_COMM_LEN }>(name);
150                } else {
151                    // FreeBSD, DragonFly BSD and NuttX do not enforce length limits.
152                }
153            };
154            // Available since glibc 2.12, musl 1.1.16, and uClibc 1.0.20 for Linux,
155            // FreeBSD 12.2 and 13.0, and DragonFly BSD 6.0.
156            let res = libc::pthread_setname_np(libc::pthread_self(), name.as_ptr());
157            // We have no good way of propagating errors here, but in debug-builds let's check that this actually worked.
158            debug_assert_eq!(res, 0);
159        }
160    }
161
162    #[cfg(target_os = "openbsd")]
163    pub fn set_name(name: &CStr) {
164        unsafe {
165            libc::pthread_set_name_np(libc::pthread_self(), name.as_ptr());
166        }
167    }
168
169    #[cfg(target_vendor = "apple")]
170    pub fn set_name(name: &CStr) {
171        unsafe {
172            let name = truncate_cstr::<{ libc::MAXTHREADNAMESIZE }>(name);
173            let res = libc::pthread_setname_np(name.as_ptr());
174            // We have no good way of propagating errors here, but in debug-builds let's check that this actually worked.
175            debug_assert_eq!(res, 0);
176        }
177    }
178
179    #[cfg(target_os = "netbsd")]
180    pub fn set_name(name: &CStr) {
181        unsafe {
182            let res = libc::pthread_setname_np(
183                libc::pthread_self(),
184                c"%s".as_ptr(),
185                name.as_ptr() as *mut libc::c_void,
186            );
187            debug_assert_eq!(res, 0);
188        }
189    }
190
191    #[cfg(any(target_os = "solaris", target_os = "illumos", target_os = "nto"))]
192    // FIXME(#115199): Rust currently omits weak function definitions
193    // and its metadata from LLVM IR.
194    #[no_sanitize(cfi)]
195    pub fn set_name(name: &CStr) {
196        weak!(
197            fn pthread_setname_np(
198                thread: libc::pthread_t,
199                name: *const libc::c_char,
200            ) -> libc::c_int;
201        );
202
203        if let Some(f) = pthread_setname_np.get() {
204            #[cfg(target_os = "nto")]
205            const THREAD_NAME_MAX: usize = libc::_NTO_THREAD_NAME_MAX as usize;
206            #[cfg(any(target_os = "solaris", target_os = "illumos"))]
207            const THREAD_NAME_MAX: usize = 32;
208
209            let name = truncate_cstr::<{ THREAD_NAME_MAX }>(name);
210            let res = unsafe { f(libc::pthread_self(), name.as_ptr()) };
211            debug_assert_eq!(res, 0);
212        }
213    }
214
215    #[cfg(target_os = "fuchsia")]
216    pub fn set_name(name: &CStr) {
217        use self::zircon::*;
218        unsafe {
219            zx_object_set_property(
220                zx_thread_self(),
221                ZX_PROP_NAME,
222                name.as_ptr() as *const libc::c_void,
223                name.to_bytes().len(),
224            );
225        }
226    }
227
228    #[cfg(target_os = "haiku")]
229    pub fn set_name(name: &CStr) {
230        unsafe {
231            let thread_self = libc::find_thread(ptr::null_mut());
232            let res = libc::rename_thread(thread_self, name.as_ptr());
233            // We have no good way of propagating errors here, but in debug-builds let's check that this actually worked.
234            debug_assert_eq!(res, libc::B_OK);
235        }
236    }
237
238    #[cfg(target_os = "vxworks")]
239    pub fn set_name(name: &CStr) {
240        // FIXME(libc): adding real STATUS, ERROR type eventually.
241        unsafe extern "C" {
242            fn taskNameSet(task_id: libc::TASK_ID, task_name: *mut libc::c_char) -> libc::c_int;
243        }
244
245        //  VX_TASK_NAME_LEN is 31 in VxWorks 7.
246        const VX_TASK_NAME_LEN: usize = 31;
247
248        let mut name = truncate_cstr::<{ VX_TASK_NAME_LEN }>(name);
249        let res = unsafe { taskNameSet(libc::taskIdSelf(), name.as_mut_ptr()) };
250        debug_assert_eq!(res, libc::OK);
251    }
252
253    #[cfg(any(
254        target_env = "newlib",
255        target_os = "l4re",
256        target_os = "emscripten",
257        target_os = "redox",
258        target_os = "hurd",
259        target_os = "aix",
260    ))]
261    pub fn set_name(_name: &CStr) {
262        // Newlib and Emscripten have no way to set a thread name.
263    }
264
265    #[cfg(not(target_os = "espidf"))]
266    pub fn sleep(dur: Duration) {
267        let mut secs = dur.as_secs();
268        let mut nsecs = dur.subsec_nanos() as _;
269
270        // If we're awoken with a signal then the return value will be -1 and
271        // nanosleep will fill in `ts` with the remaining time.
272        unsafe {
273            while secs > 0 || nsecs > 0 {
274                let mut ts = libc::timespec {
275                    tv_sec: cmp::min(libc::time_t::MAX as u64, secs) as libc::time_t,
276                    tv_nsec: nsecs,
277                };
278                secs -= ts.tv_sec as u64;
279                let ts_ptr = &raw mut ts;
280                if libc::nanosleep(ts_ptr, ts_ptr) == -1 {
281                    assert_eq!(os::errno(), libc::EINTR);
282                    secs += ts.tv_sec as u64;
283                    nsecs = ts.tv_nsec;
284                } else {
285                    nsecs = 0;
286                }
287            }
288        }
289    }
290
291    #[cfg(target_os = "espidf")]
292    pub fn sleep(dur: Duration) {
293        // ESP-IDF does not have `nanosleep`, so we use `usleep` instead.
294        // As per the documentation of `usleep`, it is expected to support
295        // sleep times as big as at least up to 1 second.
296        //
297        // ESP-IDF does support almost up to `u32::MAX`, but due to a potential integer overflow in its
298        // `usleep` implementation
299        // (https://github.com/espressif/esp-idf/blob/d7ca8b94c852052e3bc33292287ef4dd62c9eeb1/components/newlib/time.c#L210),
300        // we limit the sleep time to the maximum one that would not cause the underlying `usleep` implementation to overflow
301        // (`portTICK_PERIOD_MS` can be anything between 1 to 1000, and is 10 by default).
302        const MAX_MICROS: u32 = u32::MAX - 1_000_000 - 1;
303
304        // Add any nanoseconds smaller than a microsecond as an extra microsecond
305        // so as to comply with the `std::thread::sleep` contract which mandates
306        // implementations to sleep for _at least_ the provided `dur`.
307        // We can't overflow `micros` as it is a `u128`, while `Duration` is a pair of
308        // (`u64` secs, `u32` nanos), where the nanos are strictly smaller than 1 second
309        // (i.e. < 1_000_000_000)
310        let mut micros = dur.as_micros() + if dur.subsec_nanos() % 1_000 > 0 { 1 } else { 0 };
311
312        while micros > 0 {
313            let st = if micros > MAX_MICROS as u128 { MAX_MICROS } else { micros as u32 };
314            unsafe {
315                libc::usleep(st);
316            }
317
318            micros -= st as u128;
319        }
320    }
321
322    pub fn join(self) {
323        let id = self.into_id();
324        let ret = unsafe { libc::pthread_join(id, ptr::null_mut()) };
325        assert!(ret == 0, "failed to join thread: {}", io::Error::from_raw_os_error(ret));
326    }
327
328    pub fn id(&self) -> libc::pthread_t {
329        self.id
330    }
331
332    pub fn into_id(self) -> libc::pthread_t {
333        ManuallyDrop::new(self).id
334    }
335}
336
337impl Drop for Thread {
338    fn drop(&mut self) {
339        let ret = unsafe { libc::pthread_detach(self.id) };
340        debug_assert_eq!(ret, 0);
341    }
342}
343
344#[cfg(any(
345    target_os = "linux",
346    target_os = "nto",
347    target_os = "solaris",
348    target_os = "illumos",
349    target_os = "vxworks",
350    target_os = "cygwin",
351    target_vendor = "apple",
352))]
353fn truncate_cstr<const MAX_WITH_NUL: usize>(cstr: &CStr) -> [libc::c_char; MAX_WITH_NUL] {
354    let mut result = [0; MAX_WITH_NUL];
355    for (src, dst) in cstr.to_bytes().iter().zip(&mut result[..MAX_WITH_NUL - 1]) {
356        *dst = *src as libc::c_char;
357    }
358    result
359}
360
361pub fn available_parallelism() -> io::Result<NonZero<usize>> {
362    cfg_if::cfg_if! {
363        if #[cfg(any(
364            target_os = "android",
365            target_os = "emscripten",
366            target_os = "fuchsia",
367            target_os = "hurd",
368            target_os = "linux",
369            target_os = "aix",
370            target_vendor = "apple",
371            target_os = "cygwin",
372        ))] {
373            #[allow(unused_assignments)]
374            #[allow(unused_mut)]
375            let mut quota = usize::MAX;
376
377            #[cfg(any(target_os = "android", target_os = "linux"))]
378            {
379                quota = cgroups::quota().max(1);
380                let mut set: libc::cpu_set_t = unsafe { mem::zeroed() };
381                unsafe {
382                    if libc::sched_getaffinity(0, size_of::<libc::cpu_set_t>(), &mut set) == 0 {
383                        let count = libc::CPU_COUNT(&set) as usize;
384                        let count = count.min(quota);
385
386                        // According to sched_getaffinity's API it should always be non-zero, but
387                        // some old MIPS kernels were buggy and zero-initialized the mask if
388                        // none was explicitly set.
389                        // In that case we use the sysconf fallback.
390                        if let Some(count) = NonZero::new(count) {
391                            return Ok(count)
392                        }
393                    }
394                }
395            }
396            match unsafe { libc::sysconf(libc::_SC_NPROCESSORS_ONLN) } {
397                -1 => Err(io::Error::last_os_error()),
398                0 => Err(io::Error::UNKNOWN_THREAD_COUNT),
399                cpus => {
400                    let count = cpus as usize;
401                    // Cover the unusual situation where we were able to get the quota but not the affinity mask
402                    let count = count.min(quota);
403                    Ok(unsafe { NonZero::new_unchecked(count) })
404                }
405            }
406        } else if #[cfg(any(
407                   target_os = "freebsd",
408                   target_os = "dragonfly",
409                   target_os = "openbsd",
410                   target_os = "netbsd",
411               ))] {
412            use crate::ptr;
413
414            #[cfg(target_os = "freebsd")]
415            {
416                let mut set: libc::cpuset_t = unsafe { mem::zeroed() };
417                unsafe {
418                    if libc::cpuset_getaffinity(
419                        libc::CPU_LEVEL_WHICH,
420                        libc::CPU_WHICH_PID,
421                        -1,
422                        size_of::<libc::cpuset_t>(),
423                        &mut set,
424                    ) == 0 {
425                        let count = libc::CPU_COUNT(&set) as usize;
426                        if count > 0 {
427                            return Ok(NonZero::new_unchecked(count));
428                        }
429                    }
430                }
431            }
432
433            #[cfg(target_os = "netbsd")]
434            {
435                unsafe {
436                    let set = libc::_cpuset_create();
437                    if !set.is_null() {
438                        let mut count: usize = 0;
439                        if libc::pthread_getaffinity_np(libc::pthread_self(), libc::_cpuset_size(set), set) == 0 {
440                            for i in 0..libc::cpuid_t::MAX {
441                                match libc::_cpuset_isset(i, set) {
442                                    -1 => break,
443                                    0 => continue,
444                                    _ => count = count + 1,
445                                }
446                            }
447                        }
448                        libc::_cpuset_destroy(set);
449                        if let Some(count) = NonZero::new(count) {
450                            return Ok(count);
451                        }
452                    }
453                }
454            }
455
456            let mut cpus: libc::c_uint = 0;
457            let mut cpus_size = size_of_val(&cpus);
458
459            unsafe {
460                cpus = libc::sysconf(libc::_SC_NPROCESSORS_ONLN) as libc::c_uint;
461            }
462
463            // Fallback approach in case of errors or no hardware threads.
464            if cpus < 1 {
465                let mut mib = [libc::CTL_HW, libc::HW_NCPU, 0, 0];
466                let res = unsafe {
467                    libc::sysctl(
468                        mib.as_mut_ptr(),
469                        2,
470                        (&raw mut cpus) as *mut _,
471                        (&raw mut cpus_size) as *mut _,
472                        ptr::null_mut(),
473                        0,
474                    )
475                };
476
477                // Handle errors if any.
478                if res == -1 {
479                    return Err(io::Error::last_os_error());
480                } else if cpus == 0 {
481                    return Err(io::Error::UNKNOWN_THREAD_COUNT);
482                }
483            }
484
485            Ok(unsafe { NonZero::new_unchecked(cpus as usize) })
486        } else if #[cfg(target_os = "nto")] {
487            unsafe {
488                use libc::_syspage_ptr;
489                if _syspage_ptr.is_null() {
490                    Err(io::const_error!(io::ErrorKind::NotFound, "no syspage available"))
491                } else {
492                    let cpus = (*_syspage_ptr).num_cpu;
493                    NonZero::new(cpus as usize)
494                        .ok_or(io::Error::UNKNOWN_THREAD_COUNT)
495                }
496            }
497        } else if #[cfg(any(target_os = "solaris", target_os = "illumos"))] {
498            let mut cpus = 0u32;
499            if unsafe { libc::pset_info(libc::PS_MYID, core::ptr::null_mut(), &mut cpus, core::ptr::null_mut()) } != 0 {
500                return Err(io::Error::UNKNOWN_THREAD_COUNT);
501            }
502            Ok(unsafe { NonZero::new_unchecked(cpus as usize) })
503        } else if #[cfg(target_os = "haiku")] {
504            // system_info cpu_count field gets the static data set at boot time with `smp_set_num_cpus`
505            // `get_system_info` calls then `smp_get_num_cpus`
506            unsafe {
507                let mut sinfo: libc::system_info = crate::mem::zeroed();
508                let res = libc::get_system_info(&mut sinfo);
509
510                if res != libc::B_OK {
511                    return Err(io::Error::UNKNOWN_THREAD_COUNT);
512                }
513
514                Ok(NonZero::new_unchecked(sinfo.cpu_count as usize))
515            }
516        } else if #[cfg(target_os = "vxworks")] {
517            // Note: there is also `vxCpuConfiguredGet`, closer to _SC_NPROCESSORS_CONF
518            // expectations than the actual cores availability.
519            unsafe extern "C" {
520                fn vxCpuEnabledGet() -> libc::cpuset_t;
521            }
522
523            // SAFETY: `vxCpuEnabledGet` always fetches a mask with at least one bit set
524            unsafe{
525                let set = vxCpuEnabledGet();
526                Ok(NonZero::new_unchecked(set.count_ones() as usize))
527            }
528        } else {
529            // FIXME: implement on Redox, l4re
530            Err(io::const_error!(io::ErrorKind::Unsupported, "getting the number of hardware threads is not supported on the target platform"))
531        }
532    }
533}
534
535#[cfg(any(target_os = "android", target_os = "linux"))]
536mod cgroups {
537    //! Currently not covered
538    //! * cgroup v2 in non-standard mountpoints
539    //! * paths containing control characters or spaces, since those would be escaped in procfs
540    //!   output and we don't unescape
541
542    use crate::borrow::Cow;
543    use crate::ffi::OsString;
544    use crate::fs::{File, exists};
545    use crate::io::{BufRead, Read};
546    use crate::os::unix::ffi::OsStringExt;
547    use crate::path::{Path, PathBuf};
548    use crate::str::from_utf8;
549
550    #[derive(PartialEq)]
551    enum Cgroup {
552        V1,
553        V2,
554    }
555
556    /// Returns cgroup CPU quota in core-equivalents, rounded down or usize::MAX if the quota cannot
557    /// be determined or is not set.
558    pub(super) fn quota() -> usize {
559        let mut quota = usize::MAX;
560        if cfg!(miri) {
561            // Attempting to open a file fails under default flags due to isolation.
562            // And Miri does not have parallelism anyway.
563            return quota;
564        }
565
566        let _: Option<()> = try {
567            let mut buf = Vec::with_capacity(128);
568            // find our place in the cgroup hierarchy
569            File::open("/proc/self/cgroup").ok()?.read_to_end(&mut buf).ok()?;
570            let (cgroup_path, version) =
571                buf.split(|&c| c == b'\n').fold(None, |previous, line| {
572                    let mut fields = line.splitn(3, |&c| c == b':');
573                    // 2nd field is a list of controllers for v1 or empty for v2
574                    let version = match fields.nth(1) {
575                        Some(b"") => Cgroup::V2,
576                        Some(controllers)
577                            if from_utf8(controllers)
578                                .is_ok_and(|c| c.split(',').any(|c| c == "cpu")) =>
579                        {
580                            Cgroup::V1
581                        }
582                        _ => return previous,
583                    };
584
585                    // already-found v1 trumps v2 since it explicitly specifies its controllers
586                    if previous.is_some() && version == Cgroup::V2 {
587                        return previous;
588                    }
589
590                    let path = fields.last()?;
591                    // skip leading slash
592                    Some((path[1..].to_owned(), version))
593                })?;
594            let cgroup_path = PathBuf::from(OsString::from_vec(cgroup_path));
595
596            quota = match version {
597                Cgroup::V1 => quota_v1(cgroup_path),
598                Cgroup::V2 => quota_v2(cgroup_path),
599            };
600        };
601
602        quota
603    }
604
605    fn quota_v2(group_path: PathBuf) -> usize {
606        let mut quota = usize::MAX;
607
608        let mut path = PathBuf::with_capacity(128);
609        let mut read_buf = String::with_capacity(20);
610
611        // standard mount location defined in file-hierarchy(7) manpage
612        let cgroup_mount = "/sys/fs/cgroup";
613
614        path.push(cgroup_mount);
615        path.push(&group_path);
616
617        path.push("cgroup.controllers");
618
619        // skip if we're not looking at cgroup2
620        if matches!(exists(&path), Err(_) | Ok(false)) {
621            return usize::MAX;
622        };
623
624        path.pop();
625
626        let _: Option<()> = try {
627            while path.starts_with(cgroup_mount) {
628                path.push("cpu.max");
629
630                read_buf.clear();
631
632                if File::open(&path).and_then(|mut f| f.read_to_string(&mut read_buf)).is_ok() {
633                    let raw_quota = read_buf.lines().next()?;
634                    let mut raw_quota = raw_quota.split(' ');
635                    let limit = raw_quota.next()?;
636                    let period = raw_quota.next()?;
637                    match (limit.parse::<usize>(), period.parse::<usize>()) {
638                        (Ok(limit), Ok(period)) if period > 0 => {
639                            quota = quota.min(limit / period);
640                        }
641                        _ => {}
642                    }
643                }
644
645                path.pop(); // pop filename
646                path.pop(); // pop dir
647            }
648        };
649
650        quota
651    }
652
653    fn quota_v1(group_path: PathBuf) -> usize {
654        let mut quota = usize::MAX;
655        let mut path = PathBuf::with_capacity(128);
656        let mut read_buf = String::with_capacity(20);
657
658        // Hardcode commonly used locations mentioned in the cgroups(7) manpage
659        // if that doesn't work scan mountinfo and adjust `group_path` for bind-mounts
660        let mounts: &[fn(&Path) -> Option<(_, &Path)>] = &[
661            |p| Some((Cow::Borrowed("/sys/fs/cgroup/cpu"), p)),
662            |p| Some((Cow::Borrowed("/sys/fs/cgroup/cpu,cpuacct"), p)),
663            // this can be expensive on systems with tons of mountpoints
664            // but we only get to this point when /proc/self/cgroups explicitly indicated
665            // this process belongs to a cpu-controller cgroup v1 and the defaults didn't work
666            find_mountpoint,
667        ];
668
669        for mount in mounts {
670            let Some((mount, group_path)) = mount(&group_path) else { continue };
671
672            path.clear();
673            path.push(mount.as_ref());
674            path.push(&group_path);
675
676            // skip if we guessed the mount incorrectly
677            if matches!(exists(&path), Err(_) | Ok(false)) {
678                continue;
679            }
680
681            while path.starts_with(mount.as_ref()) {
682                let mut parse_file = |name| {
683                    path.push(name);
684                    read_buf.clear();
685
686                    let f = File::open(&path);
687                    path.pop(); // restore buffer before any early returns
688                    f.ok()?.read_to_string(&mut read_buf).ok()?;
689                    let parsed = read_buf.trim().parse::<usize>().ok()?;
690
691                    Some(parsed)
692                };
693
694                let limit = parse_file("cpu.cfs_quota_us");
695                let period = parse_file("cpu.cfs_period_us");
696
697                match (limit, period) {
698                    (Some(limit), Some(period)) if period > 0 => quota = quota.min(limit / period),
699                    _ => {}
700                }
701
702                path.pop();
703            }
704
705            // we passed the try_exists above so we should have traversed the correct hierarchy
706            // when reaching this line
707            break;
708        }
709
710        quota
711    }
712
713    /// Scan mountinfo for cgroup v1 mountpoint with a cpu controller
714    ///
715    /// If the cgroupfs is a bind mount then `group_path` is adjusted to skip
716    /// over the already-included prefix
717    fn find_mountpoint(group_path: &Path) -> Option<(Cow<'static, str>, &Path)> {
718        let mut reader = File::open_buffered("/proc/self/mountinfo").ok()?;
719        let mut line = String::with_capacity(256);
720        loop {
721            line.clear();
722            if reader.read_line(&mut line).ok()? == 0 {
723                break;
724            }
725
726            let line = line.trim();
727            let mut items = line.split(' ');
728
729            let sub_path = items.nth(3)?;
730            let mount_point = items.next()?;
731            let mount_opts = items.next_back()?;
732            let filesystem_type = items.nth_back(1)?;
733
734            if filesystem_type != "cgroup" || !mount_opts.split(',').any(|opt| opt == "cpu") {
735                // not a cgroup / not a cpu-controller
736                continue;
737            }
738
739            let sub_path = Path::new(sub_path).strip_prefix("/").ok()?;
740
741            if !group_path.starts_with(sub_path) {
742                // this is a bind-mount and the bound subdirectory
743                // does not contain the cgroup this process belongs to
744                continue;
745            }
746
747            let trimmed_group_path = group_path.strip_prefix(sub_path).ok()?;
748
749            return Some((Cow::Owned(mount_point.to_owned()), trimmed_group_path));
750        }
751
752        None
753    }
754}
755
756// glibc >= 2.15 has a __pthread_get_minstack() function that returns
757// PTHREAD_STACK_MIN plus bytes needed for thread-local storage.
758// We need that information to avoid blowing up when a small stack
759// is created in an application with big thread-local storage requirements.
760// See #6233 for rationale and details.
761#[cfg(all(target_os = "linux", target_env = "gnu"))]
762unsafe fn min_stack_size(attr: *const libc::pthread_attr_t) -> usize {
763    // We use dlsym to avoid an ELF version dependency on GLIBC_PRIVATE. (#23628)
764    // We shouldn't really be using such an internal symbol, but there's currently
765    // no other way to account for the TLS size.
766    dlsym!(
767        fn __pthread_get_minstack(attr: *const libc::pthread_attr_t) -> libc::size_t;
768    );
769
770    match __pthread_get_minstack.get() {
771        None => libc::PTHREAD_STACK_MIN,
772        Some(f) => unsafe { f(attr) },
773    }
774}
775
776// No point in looking up __pthread_get_minstack() on non-glibc platforms.
777#[cfg(all(
778    not(all(target_os = "linux", target_env = "gnu")),
779    not(any(target_os = "netbsd", target_os = "nuttx"))
780))]
781unsafe fn min_stack_size(_: *const libc::pthread_attr_t) -> usize {
782    libc::PTHREAD_STACK_MIN
783}
784
785#[cfg(any(target_os = "netbsd", target_os = "nuttx"))]
786unsafe fn min_stack_size(_: *const libc::pthread_attr_t) -> usize {
787    static STACK: crate::sync::OnceLock<usize> = crate::sync::OnceLock::new();
788
789    *STACK.get_or_init(|| {
790        let mut stack = unsafe { libc::sysconf(libc::_SC_THREAD_STACK_MIN) };
791        if stack < 0 {
792            stack = 2048; // just a guess
793        }
794
795        stack as usize
796    })
797}