1 | //===-- tsan_platform_linux.cpp -------------------------------------------===// |
2 | // |
3 | // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. |
4 | // See https://llvm.org/LICENSE.txt for license information. |
5 | // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception |
6 | // |
7 | //===----------------------------------------------------------------------===// |
8 | // |
9 | // This file is a part of ThreadSanitizer (TSan), a race detector. |
10 | // |
11 | // Linux- and BSD-specific code. |
12 | //===----------------------------------------------------------------------===// |
13 | |
14 | #include "sanitizer_common/sanitizer_platform.h" |
15 | #if SANITIZER_LINUX || SANITIZER_FREEBSD || SANITIZER_NETBSD |
16 | |
17 | #include "sanitizer_common/sanitizer_common.h" |
18 | #include "sanitizer_common/sanitizer_libc.h" |
19 | #include "sanitizer_common/sanitizer_linux.h" |
20 | #include "sanitizer_common/sanitizer_platform_limits_netbsd.h" |
21 | #include "sanitizer_common/sanitizer_platform_limits_posix.h" |
22 | #include "sanitizer_common/sanitizer_posix.h" |
23 | #include "sanitizer_common/sanitizer_procmaps.h" |
24 | #include "sanitizer_common/sanitizer_stackdepot.h" |
25 | #include "sanitizer_common/sanitizer_stoptheworld.h" |
26 | #include "tsan_flags.h" |
27 | #include "tsan_platform.h" |
28 | #include "tsan_rtl.h" |
29 | |
30 | #include <fcntl.h> |
31 | #include <pthread.h> |
32 | #include <signal.h> |
33 | #include <stdio.h> |
34 | #include <stdlib.h> |
35 | #include <string.h> |
36 | #include <stdarg.h> |
37 | #include <sys/mman.h> |
38 | #if SANITIZER_LINUX |
39 | #include <sys/personality.h> |
40 | #include <setjmp.h> |
41 | #endif |
42 | #include <sys/syscall.h> |
43 | #include <sys/socket.h> |
44 | #include <sys/time.h> |
45 | #include <sys/types.h> |
46 | #include <sys/resource.h> |
47 | #include <sys/stat.h> |
48 | #include <unistd.h> |
49 | #include <sched.h> |
50 | #include <dlfcn.h> |
51 | #if SANITIZER_LINUX |
52 | #define __need_res_state |
53 | #include <resolv.h> |
54 | #endif |
55 | |
56 | #ifdef sa_handler |
57 | # undef sa_handler |
58 | #endif |
59 | |
60 | #ifdef sa_sigaction |
61 | # undef sa_sigaction |
62 | #endif |
63 | |
64 | #if SANITIZER_FREEBSD |
65 | extern "C" void *__libc_stack_end; |
66 | void *__libc_stack_end = 0; |
67 | #endif |
68 | |
69 | #if SANITIZER_LINUX && (defined(__aarch64__) || defined(__loongarch_lp64)) && \ |
70 | !SANITIZER_GO |
71 | # define INIT_LONGJMP_XOR_KEY 1 |
72 | #else |
73 | # define INIT_LONGJMP_XOR_KEY 0 |
74 | #endif |
75 | |
76 | #if INIT_LONGJMP_XOR_KEY |
77 | #include "interception/interception.h" |
78 | // Must be declared outside of other namespaces. |
79 | DECLARE_REAL(int, _setjmp, void *env) |
80 | #endif |
81 | |
82 | namespace __tsan { |
83 | |
84 | #if INIT_LONGJMP_XOR_KEY |
85 | static void InitializeLongjmpXorKey(); |
86 | static uptr longjmp_xor_key; |
87 | #endif |
88 | |
89 | // Runtime detected VMA size. |
90 | uptr vmaSize; |
91 | |
92 | enum { |
93 | MemTotal, |
94 | MemShadow, |
95 | MemMeta, |
96 | MemFile, |
97 | MemMmap, |
98 | MemHeap, |
99 | MemOther, |
100 | MemCount, |
101 | }; |
102 | |
103 | void FillProfileCallback(uptr p, uptr , bool file, uptr *mem) { |
104 | mem[MemTotal] += rss; |
105 | if (p >= ShadowBeg() && p < ShadowEnd()) |
106 | mem[MemShadow] += rss; |
107 | else if (p >= MetaShadowBeg() && p < MetaShadowEnd()) |
108 | mem[MemMeta] += rss; |
109 | else if ((p >= LoAppMemBeg() && p < LoAppMemEnd()) || |
110 | (p >= MidAppMemBeg() && p < MidAppMemEnd()) || |
111 | (p >= HiAppMemBeg() && p < HiAppMemEnd())) |
112 | mem[file ? MemFile : MemMmap] += rss; |
113 | else if (p >= HeapMemBeg() && p < HeapMemEnd()) |
114 | mem[MemHeap] += rss; |
115 | else |
116 | mem[MemOther] += rss; |
117 | } |
118 | |
119 | void WriteMemoryProfile(char *buf, uptr buf_size, u64 uptime_ns) { |
120 | uptr mem[MemCount]; |
121 | internal_memset(s: mem, c: 0, n: sizeof(mem)); |
122 | GetMemoryProfile(cb: FillProfileCallback, stats: mem); |
123 | auto meta = ctx->metamap.GetMemoryStats(); |
124 | StackDepotStats stacks = StackDepotGetStats(); |
125 | uptr nthread, nlive; |
126 | ctx->thread_registry.GetNumberOfThreads(total: &nthread, running: &nlive); |
127 | uptr trace_mem; |
128 | { |
129 | Lock l(&ctx->slot_mtx); |
130 | trace_mem = ctx->trace_part_total_allocated * sizeof(TracePart); |
131 | } |
132 | uptr internal_stats[AllocatorStatCount]; |
133 | internal_allocator()->GetStats(s: internal_stats); |
134 | // All these are allocated from the common mmap region. |
135 | mem[MemMmap] -= meta.mem_block + meta.sync_obj + trace_mem + |
136 | stacks.allocated + internal_stats[AllocatorStatMapped]; |
137 | if (s64(mem[MemMmap]) < 0) |
138 | mem[MemMmap] = 0; |
139 | internal_snprintf( |
140 | buffer: buf, length: buf_size, |
141 | format: "==%zu== %llus [%zu]: RSS %zd MB: shadow:%zd meta:%zd file:%zd" |
142 | " mmap:%zd heap:%zd other:%zd intalloc:%zd memblocks:%zd syncobj:%zu" |
143 | " trace:%zu stacks=%zd threads=%zu/%zu\n" , |
144 | internal_getpid(), uptime_ns / (1000 * 1000 * 1000), ctx->global_epoch, |
145 | mem[MemTotal] >> 20, mem[MemShadow] >> 20, mem[MemMeta] >> 20, |
146 | mem[MemFile] >> 20, mem[MemMmap] >> 20, mem[MemHeap] >> 20, |
147 | mem[MemOther] >> 20, internal_stats[AllocatorStatMapped] >> 20, |
148 | meta.mem_block >> 20, meta.sync_obj >> 20, trace_mem >> 20, |
149 | stacks.allocated >> 20, nlive, nthread); |
150 | } |
151 | |
152 | #if !SANITIZER_GO |
153 | // Mark shadow for .rodata sections with the special Shadow::kRodata marker. |
154 | // Accesses to .rodata can't race, so this saves time, memory and trace space. |
155 | static NOINLINE void MapRodata(char* buffer, uptr size) { |
156 | // First create temp file. |
157 | const char *tmpdir = GetEnv(name: "TMPDIR" ); |
158 | if (tmpdir == 0) |
159 | tmpdir = GetEnv(name: "TEST_TMPDIR" ); |
160 | #ifdef P_tmpdir |
161 | if (tmpdir == 0) |
162 | tmpdir = P_tmpdir; |
163 | #endif |
164 | if (tmpdir == 0) |
165 | return; |
166 | internal_snprintf(buffer, length: size, format: "%s/tsan.rodata.%d" , |
167 | tmpdir, (int)internal_getpid()); |
168 | uptr openrv = internal_open(filename: buffer, O_RDWR | O_CREAT | O_EXCL, mode: 0600); |
169 | if (internal_iserror(retval: openrv)) |
170 | return; |
171 | internal_unlink(path: buffer); // Unlink it now, so that we can reuse the buffer. |
172 | fd_t fd = openrv; |
173 | // Fill the file with Shadow::kRodata. |
174 | const uptr kMarkerSize = 512 * 1024 / sizeof(RawShadow); |
175 | InternalMmapVector<RawShadow> marker(kMarkerSize); |
176 | // volatile to prevent insertion of memset |
177 | for (volatile RawShadow *p = marker.data(); p < marker.data() + kMarkerSize; |
178 | p++) |
179 | *p = Shadow::kRodata; |
180 | internal_write(fd, buf: marker.data(), count: marker.size() * sizeof(RawShadow)); |
181 | // Map the file into memory. |
182 | uptr page = internal_mmap(addr: 0, length: GetPageSizeCached(), PROT_READ | PROT_WRITE, |
183 | MAP_PRIVATE | MAP_ANONYMOUS, fd, offset: 0); |
184 | if (internal_iserror(retval: page)) { |
185 | internal_close(fd); |
186 | return; |
187 | } |
188 | // Map the file into shadow of .rodata sections. |
189 | MemoryMappingLayout proc_maps(/*cache_enabled*/true); |
190 | // Reusing the buffer 'buffer'. |
191 | MemoryMappedSegment segment(buffer, size); |
192 | while (proc_maps.Next(segment: &segment)) { |
193 | if (segment.filename[0] != 0 && segment.filename[0] != '[' && |
194 | segment.IsReadable() && segment.IsExecutable() && |
195 | !segment.IsWritable() && IsAppMem(mem: segment.start)) { |
196 | // Assume it's .rodata |
197 | char *shadow_start = (char *)MemToShadow(x: segment.start); |
198 | char *shadow_end = (char *)MemToShadow(x: segment.end); |
199 | for (char *p = shadow_start; p < shadow_end; |
200 | p += marker.size() * sizeof(RawShadow)) { |
201 | internal_mmap( |
202 | addr: p, length: Min<uptr>(a: marker.size() * sizeof(RawShadow), b: shadow_end - p), |
203 | PROT_READ, MAP_PRIVATE | MAP_FIXED, fd, offset: 0); |
204 | } |
205 | } |
206 | } |
207 | internal_close(fd); |
208 | } |
209 | |
210 | void InitializeShadowMemoryPlatform() { |
211 | char buffer[256]; // Keep in a different frame. |
212 | MapRodata(buffer, size: sizeof(buffer)); |
213 | } |
214 | |
215 | #endif // #if !SANITIZER_GO |
216 | |
217 | # if !SANITIZER_GO |
218 | static void ReExecIfNeeded(bool ignore_heap) { |
219 | // Go maps shadow memory lazily and works fine with limited address space. |
220 | // Unlimited stack is not a problem as well, because the executable |
221 | // is not compiled with -pie. |
222 | bool reexec = false; |
223 | // TSan doesn't play well with unlimited stack size (as stack |
224 | // overlaps with shadow memory). If we detect unlimited stack size, |
225 | // we re-exec the program with limited stack size as a best effort. |
226 | if (StackSizeIsUnlimited()) { |
227 | const uptr kMaxStackSize = 32 * 1024 * 1024; |
228 | VReport(1, |
229 | "Program is run with unlimited stack size, which wouldn't " |
230 | "work with ThreadSanitizer.\n" |
231 | "Re-execing with stack size limited to %zd bytes.\n" , |
232 | kMaxStackSize); |
233 | SetStackSizeLimitInBytes(kMaxStackSize); |
234 | reexec = true; |
235 | } |
236 | |
237 | if (!AddressSpaceIsUnlimited()) { |
238 | Report( |
239 | format: "WARNING: Program is run with limited virtual address space," |
240 | " which wouldn't work with ThreadSanitizer.\n" ); |
241 | Report(format: "Re-execing with unlimited virtual address space.\n" ); |
242 | SetAddressSpaceUnlimited(); |
243 | reexec = true; |
244 | } |
245 | |
246 | # if SANITIZER_LINUX |
247 | # if SANITIZER_ANDROID && (defined(__aarch64__) || defined(__x86_64__)) |
248 | // ASLR personality check. |
249 | int old_personality = personality(0xffffffff); |
250 | bool aslr_on = |
251 | (old_personality != -1) && ((old_personality & ADDR_NO_RANDOMIZE) == 0); |
252 | |
253 | // After patch "arm64: mm: support ARCH_MMAP_RND_BITS." is introduced in |
254 | // linux kernel, the random gap between stack and mapped area is increased |
255 | // from 128M to 36G on 39-bit aarch64. As it is almost impossible to cover |
256 | // this big range, we should disable randomized virtual space on aarch64. |
257 | if (aslr_on) { |
258 | VReport(1, |
259 | "WARNING: Program is run with randomized virtual address " |
260 | "space, which wouldn't work with ThreadSanitizer on Android.\n" |
261 | "Re-execing with fixed virtual address space.\n" ); |
262 | CHECK_NE(personality(old_personality | ADDR_NO_RANDOMIZE), -1); |
263 | reexec = true; |
264 | } |
265 | # endif |
266 | |
267 | if (reexec) { |
268 | // Don't check the address space since we're going to re-exec anyway. |
269 | } else if (!CheckAndProtect(protect: false, ignore_heap, print_warnings: false)) { |
270 | // ASLR personality check. |
271 | // N.B. 'personality' is sometimes forbidden by sandboxes, so we only call |
272 | // this as a last resort (when the memory mapping is incompatible and TSan |
273 | // would fail anyway). |
274 | int old_personality = personality(persona: 0xffffffff); |
275 | bool aslr_on = |
276 | (old_personality != -1) && ((old_personality & ADDR_NO_RANDOMIZE) == 0); |
277 | |
278 | if (aslr_on) { |
279 | // Disable ASLR if the memory layout was incompatible. |
280 | // Alternatively, we could just keep re-execing until we get lucky |
281 | // with a compatible randomized layout, but the risk is that if it's |
282 | // not an ASLR-related issue, we will be stuck in an infinite loop of |
283 | // re-execing (unless we change ReExec to pass a parameter of the |
284 | // number of retries allowed.) |
285 | VReport(1, |
286 | "WARNING: ThreadSanitizer: memory layout is incompatible, " |
287 | "possibly due to high-entropy ASLR.\n" |
288 | "Re-execing with fixed virtual address space.\n" |
289 | "N.B. reducing ASLR entropy is preferable.\n" ); |
290 | CHECK_NE(personality(old_personality | ADDR_NO_RANDOMIZE), -1); |
291 | reexec = true; |
292 | } else { |
293 | Printf( |
294 | format: "FATAL: ThreadSanitizer: memory layout is incompatible, " |
295 | "even though ASLR is disabled.\n" |
296 | "Please file a bug.\n" ); |
297 | DumpProcessMap(); |
298 | Die(); |
299 | } |
300 | } |
301 | # endif // SANITIZER_LINUX |
302 | |
303 | if (reexec) |
304 | ReExec(); |
305 | } |
306 | # endif |
307 | |
308 | void InitializePlatformEarly() { |
309 | vmaSize = |
310 | (MostSignificantSetBitIndex(GET_CURRENT_FRAME()) + 1); |
311 | #if defined(__aarch64__) |
312 | # if !SANITIZER_GO |
313 | if (vmaSize != 39 && vmaSize != 42 && vmaSize != 48) { |
314 | Printf("FATAL: ThreadSanitizer: unsupported VMA range\n" ); |
315 | Printf("FATAL: Found %zd - Supported 39, 42 and 48\n" , vmaSize); |
316 | Die(); |
317 | } |
318 | #else |
319 | if (vmaSize != 48) { |
320 | Printf("FATAL: ThreadSanitizer: unsupported VMA range\n" ); |
321 | Printf("FATAL: Found %zd - Supported 48\n" , vmaSize); |
322 | Die(); |
323 | } |
324 | #endif |
325 | #elif SANITIZER_LOONGARCH64 |
326 | # if !SANITIZER_GO |
327 | if (vmaSize != 47) { |
328 | Printf("FATAL: ThreadSanitizer: unsupported VMA range\n" ); |
329 | Printf("FATAL: Found %zd - Supported 47\n" , vmaSize); |
330 | Die(); |
331 | } |
332 | # else |
333 | if (vmaSize != 47) { |
334 | Printf("FATAL: ThreadSanitizer: unsupported VMA range\n" ); |
335 | Printf("FATAL: Found %zd - Supported 47\n" , vmaSize); |
336 | Die(); |
337 | } |
338 | # endif |
339 | #elif defined(__powerpc64__) |
340 | # if !SANITIZER_GO |
341 | if (vmaSize != 44 && vmaSize != 46 && vmaSize != 47) { |
342 | Printf("FATAL: ThreadSanitizer: unsupported VMA range\n" ); |
343 | Printf("FATAL: Found %zd - Supported 44, 46, and 47\n" , vmaSize); |
344 | Die(); |
345 | } |
346 | # else |
347 | if (vmaSize != 46 && vmaSize != 47) { |
348 | Printf("FATAL: ThreadSanitizer: unsupported VMA range\n" ); |
349 | Printf("FATAL: Found %zd - Supported 46, and 47\n" , vmaSize); |
350 | Die(); |
351 | } |
352 | # endif |
353 | #elif defined(__mips64) |
354 | # if !SANITIZER_GO |
355 | if (vmaSize != 40) { |
356 | Printf("FATAL: ThreadSanitizer: unsupported VMA range\n" ); |
357 | Printf("FATAL: Found %zd - Supported 40\n" , vmaSize); |
358 | Die(); |
359 | } |
360 | # else |
361 | if (vmaSize != 47) { |
362 | Printf("FATAL: ThreadSanitizer: unsupported VMA range\n" ); |
363 | Printf("FATAL: Found %zd - Supported 47\n" , vmaSize); |
364 | Die(); |
365 | } |
366 | # endif |
367 | # elif SANITIZER_RISCV64 |
368 | // the bottom half of vma is allocated for userspace |
369 | vmaSize = vmaSize + 1; |
370 | # if !SANITIZER_GO |
371 | if (vmaSize != 39 && vmaSize != 48) { |
372 | Printf("FATAL: ThreadSanitizer: unsupported VMA range\n" ); |
373 | Printf("FATAL: Found %zd - Supported 39 and 48\n" , vmaSize); |
374 | Die(); |
375 | } |
376 | # endif |
377 | # endif |
378 | |
379 | # if !SANITIZER_GO |
380 | // Heap has not been allocated yet |
381 | ReExecIfNeeded(ignore_heap: false); |
382 | # endif |
383 | } |
384 | |
385 | void InitializePlatform() { |
386 | DisableCoreDumperIfNecessary(); |
387 | |
388 | // Go maps shadow memory lazily and works fine with limited address space. |
389 | // Unlimited stack is not a problem as well, because the executable |
390 | // is not compiled with -pie. |
391 | #if !SANITIZER_GO |
392 | { |
393 | # if SANITIZER_LINUX && (defined(__aarch64__) || defined(__loongarch_lp64)) |
394 | // Initialize the xor key used in {sig}{set,long}jump. |
395 | InitializeLongjmpXorKey(); |
396 | # endif |
397 | } |
398 | |
399 | // We called ReExecIfNeeded() in InitializePlatformEarly(), but there are |
400 | // intervening allocations that result in an edge case: |
401 | // 1) InitializePlatformEarly(): memory layout is compatible |
402 | // 2) Intervening allocations happen |
403 | // 3) InitializePlatform(): memory layout is incompatible and fails |
404 | // CheckAndProtect() |
405 | # if !SANITIZER_GO |
406 | // Heap has already been allocated |
407 | ReExecIfNeeded(ignore_heap: true); |
408 | # endif |
409 | |
410 | // Earlier initialization steps already re-exec'ed until we got a compatible |
411 | // memory layout, so we don't expect any more issues here. |
412 | if (!CheckAndProtect(protect: true, ignore_heap: true, print_warnings: true)) { |
413 | Printf( |
414 | format: "FATAL: ThreadSanitizer: unexpectedly found incompatible memory " |
415 | "layout.\n" ); |
416 | Printf(format: "FATAL: Please file a bug.\n" ); |
417 | DumpProcessMap(); |
418 | Die(); |
419 | } |
420 | |
421 | InitTlsSize(); |
422 | #endif // !SANITIZER_GO |
423 | } |
424 | |
425 | #if !SANITIZER_GO |
426 | // Extract file descriptors passed to glibc internal __res_iclose function. |
427 | // This is required to properly "close" the fds, because we do not see internal |
428 | // closes within glibc. The code is a pure hack. |
429 | int (void *state, int *fds, int nfd) { |
430 | #if SANITIZER_LINUX && !SANITIZER_ANDROID |
431 | int cnt = 0; |
432 | struct __res_state *statp = (struct __res_state*)state; |
433 | for (int i = 0; i < MAXNS && cnt < nfd; i++) { |
434 | if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1) |
435 | fds[cnt++] = statp->_u._ext.nssocks[i]; |
436 | } |
437 | return cnt; |
438 | #else |
439 | return 0; |
440 | #endif |
441 | } |
442 | |
443 | // Extract file descriptors passed via UNIX domain sockets. |
444 | // This is required to properly handle "open" of these fds. |
445 | // see 'man recvmsg' and 'man 3 cmsg'. |
446 | int (void *msgp, int *fds, int nfd) { |
447 | int res = 0; |
448 | msghdr *msg = (msghdr*)msgp; |
449 | struct cmsghdr *cmsg = CMSG_FIRSTHDR(msg); |
450 | for (; cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { |
451 | if (cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_type != SCM_RIGHTS) |
452 | continue; |
453 | int n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(fds[0]); |
454 | for (int i = 0; i < n; i++) { |
455 | fds[res++] = ((int*)CMSG_DATA(cmsg))[i]; |
456 | if (res == nfd) |
457 | return res; |
458 | } |
459 | } |
460 | return res; |
461 | } |
462 | |
463 | // Reverse operation of libc stack pointer mangling |
464 | static uptr UnmangleLongJmpSp(uptr mangled_sp) { |
465 | #if defined(__x86_64__) |
466 | # if SANITIZER_LINUX |
467 | // Reverse of: |
468 | // xor %fs:0x30, %rsi |
469 | // rol $0x11, %rsi |
470 | uptr sp; |
471 | asm("ror $0x11, %0 \n" |
472 | "xor %%fs:0x30, %0 \n" |
473 | : "=r" (sp) |
474 | : "0" (mangled_sp)); |
475 | return sp; |
476 | # else |
477 | return mangled_sp; |
478 | # endif |
479 | #elif defined(__aarch64__) |
480 | # if SANITIZER_LINUX |
481 | return mangled_sp ^ longjmp_xor_key; |
482 | # else |
483 | return mangled_sp; |
484 | # endif |
485 | #elif defined(__loongarch_lp64) |
486 | return mangled_sp ^ longjmp_xor_key; |
487 | #elif defined(__powerpc64__) |
488 | // Reverse of: |
489 | // ld r4, -28696(r13) |
490 | // xor r4, r3, r4 |
491 | uptr xor_key; |
492 | asm("ld %0, -28696(%%r13)" : "=r" (xor_key)); |
493 | return mangled_sp ^ xor_key; |
494 | #elif defined(__mips__) |
495 | return mangled_sp; |
496 | # elif SANITIZER_RISCV64 |
497 | return mangled_sp; |
498 | # elif defined(__s390x__) |
499 | // tcbhead_t.stack_guard |
500 | uptr xor_key = ((uptr *)__builtin_thread_pointer())[5]; |
501 | return mangled_sp ^ xor_key; |
502 | # else |
503 | # error "Unknown platform" |
504 | # endif |
505 | } |
506 | |
507 | #if SANITIZER_NETBSD |
508 | # ifdef __x86_64__ |
509 | # define LONG_JMP_SP_ENV_SLOT 6 |
510 | # else |
511 | # error unsupported |
512 | # endif |
513 | #elif defined(__powerpc__) |
514 | # define LONG_JMP_SP_ENV_SLOT 0 |
515 | #elif SANITIZER_FREEBSD |
516 | # ifdef __aarch64__ |
517 | # define LONG_JMP_SP_ENV_SLOT 1 |
518 | # else |
519 | # define LONG_JMP_SP_ENV_SLOT 2 |
520 | # endif |
521 | #elif SANITIZER_LINUX |
522 | # ifdef __aarch64__ |
523 | # define LONG_JMP_SP_ENV_SLOT 13 |
524 | # elif defined(__loongarch__) |
525 | # define LONG_JMP_SP_ENV_SLOT 1 |
526 | # elif defined(__mips64) |
527 | # define LONG_JMP_SP_ENV_SLOT 1 |
528 | # elif SANITIZER_RISCV64 |
529 | # define LONG_JMP_SP_ENV_SLOT 13 |
530 | # elif defined(__s390x__) |
531 | # define LONG_JMP_SP_ENV_SLOT 9 |
532 | # else |
533 | # define LONG_JMP_SP_ENV_SLOT 6 |
534 | # endif |
535 | #endif |
536 | |
537 | uptr (uptr *env) { |
538 | uptr mangled_sp = env[LONG_JMP_SP_ENV_SLOT]; |
539 | return UnmangleLongJmpSp(mangled_sp); |
540 | } |
541 | |
542 | #if INIT_LONGJMP_XOR_KEY |
543 | // GLIBC mangles the function pointers in jmp_buf (used in {set,long}*jmp |
544 | // functions) by XORing them with a random key. For AArch64 it is a global |
545 | // variable rather than a TCB one (as for x86_64/powerpc). We obtain the key by |
546 | // issuing a setjmp and XORing the SP pointer values to derive the key. |
547 | static void InitializeLongjmpXorKey() { |
548 | // 1. Call REAL(setjmp), which stores the mangled SP in env. |
549 | jmp_buf env; |
550 | REAL(_setjmp)(env); |
551 | |
552 | // 2. Retrieve vanilla/mangled SP. |
553 | uptr sp; |
554 | #ifdef __loongarch__ |
555 | asm("move %0, $sp" : "=r" (sp)); |
556 | #else |
557 | asm("mov %0, sp" : "=r" (sp)); |
558 | #endif |
559 | uptr mangled_sp = ((uptr *)&env)[LONG_JMP_SP_ENV_SLOT]; |
560 | |
561 | // 3. xor SPs to obtain key. |
562 | longjmp_xor_key = mangled_sp ^ sp; |
563 | } |
564 | #endif |
565 | |
566 | extern "C" void __tsan_tls_initialization() {} |
567 | |
568 | void ImitateTlsWrite(ThreadState *thr, uptr tls_addr, uptr tls_size) { |
569 | // Check that the thr object is in tls; |
570 | const uptr thr_beg = (uptr)thr; |
571 | const uptr thr_end = (uptr)thr + sizeof(*thr); |
572 | CHECK_GE(thr_beg, tls_addr); |
573 | CHECK_LE(thr_beg, tls_addr + tls_size); |
574 | CHECK_GE(thr_end, tls_addr); |
575 | CHECK_LE(thr_end, tls_addr + tls_size); |
576 | // Since the thr object is huge, skip it. |
577 | const uptr pc = StackTrace::GetNextInstructionPc( |
578 | pc: reinterpret_cast<uptr>(__tsan_tls_initialization)); |
579 | MemoryRangeImitateWrite(thr, pc, addr: tls_addr, size: thr_beg - tls_addr); |
580 | MemoryRangeImitateWrite(thr, pc, addr: thr_end, size: tls_addr + tls_size - thr_end); |
581 | } |
582 | |
583 | // Note: this function runs with async signals enabled, |
584 | // so it must not touch any tsan state. |
585 | int call_pthread_cancel_with_cleanup(int (*fn)(void *arg), |
586 | void (*cleanup)(void *arg), void *arg) { |
587 | // pthread_cleanup_push/pop are hardcore macros mess. |
588 | // We can't intercept nor call them w/o including pthread.h. |
589 | int res; |
590 | pthread_cleanup_push(cleanup, arg); |
591 | res = fn(arg); |
592 | pthread_cleanup_pop(0); |
593 | return res; |
594 | } |
595 | #endif // !SANITIZER_GO |
596 | |
597 | #if !SANITIZER_GO |
598 | void ReplaceSystemMalloc() { } |
599 | #endif |
600 | |
601 | #if !SANITIZER_GO |
602 | #if SANITIZER_ANDROID |
603 | // On Android, one thread can call intercepted functions after |
604 | // DestroyThreadState(), so add a fake thread state for "dead" threads. |
605 | static ThreadState *dead_thread_state = nullptr; |
606 | |
607 | ThreadState *cur_thread() { |
608 | ThreadState* thr = reinterpret_cast<ThreadState*>(*get_android_tls_ptr()); |
609 | if (thr == nullptr) { |
610 | __sanitizer_sigset_t emptyset; |
611 | internal_sigfillset(&emptyset); |
612 | __sanitizer_sigset_t oldset; |
613 | CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &emptyset, &oldset)); |
614 | thr = reinterpret_cast<ThreadState*>(*get_android_tls_ptr()); |
615 | if (thr == nullptr) { |
616 | thr = reinterpret_cast<ThreadState*>(MmapOrDie(sizeof(ThreadState), |
617 | "ThreadState" )); |
618 | *get_android_tls_ptr() = reinterpret_cast<uptr>(thr); |
619 | if (dead_thread_state == nullptr) { |
620 | dead_thread_state = reinterpret_cast<ThreadState*>( |
621 | MmapOrDie(sizeof(ThreadState), "ThreadState" )); |
622 | dead_thread_state->fast_state.SetIgnoreBit(); |
623 | dead_thread_state->ignore_interceptors = 1; |
624 | dead_thread_state->is_dead = true; |
625 | *const_cast<u32*>(&dead_thread_state->tid) = -1; |
626 | CHECK_EQ(0, internal_mprotect(dead_thread_state, sizeof(ThreadState), |
627 | PROT_READ)); |
628 | } |
629 | } |
630 | CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &oldset, nullptr)); |
631 | } |
632 | return thr; |
633 | } |
634 | |
635 | void set_cur_thread(ThreadState *thr) { |
636 | *get_android_tls_ptr() = reinterpret_cast<uptr>(thr); |
637 | } |
638 | |
639 | void cur_thread_finalize() { |
640 | __sanitizer_sigset_t emptyset; |
641 | internal_sigfillset(&emptyset); |
642 | __sanitizer_sigset_t oldset; |
643 | CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &emptyset, &oldset)); |
644 | ThreadState* thr = reinterpret_cast<ThreadState*>(*get_android_tls_ptr()); |
645 | if (thr != dead_thread_state) { |
646 | *get_android_tls_ptr() = reinterpret_cast<uptr>(dead_thread_state); |
647 | UnmapOrDie(thr, sizeof(ThreadState)); |
648 | } |
649 | CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &oldset, nullptr)); |
650 | } |
651 | #endif // SANITIZER_ANDROID |
652 | #endif // if !SANITIZER_GO |
653 | |
654 | } // namespace __tsan |
655 | |
656 | #endif // SANITIZER_LINUX || SANITIZER_FREEBSD || SANITIZER_NETBSD |
657 | |