5d3805fca3
* ubsan.c (ubsan_expand_null_ifn): Use _v1 suffixed type mismatch builtins, store max (log2 (align), 0) into uchar field instead of align into uptr field. (ubsan_expand_objsize_ifn): Use _v1 suffixed type mismatch builtins, store uchar 0 field instead of uptr 0 field. (instrument_nonnull_return): Use _v1 suffixed nonnull return builtin, instead of passing one address of struct with 2 locations pass two addresses of structs with 1 location each. * sanitizer.def (BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH, BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_ABORT, BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN, BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN_ABORT): Removed. (BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_V1, BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_V1_ABORT, BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN_V1, BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN_V1_ABORT): New builtins. * c-c++-common/ubsan/float-cast-overflow-1.c: Drop value keyword from expected output regexps. * c-c++-common/ubsan/float-cast-overflow-2.c: Likewise. * c-c++-common/ubsan/float-cast-overflow-3.c: Likewise. * c-c++-common/ubsan/float-cast-overflow-4.c: Likewise. * c-c++-common/ubsan/float-cast-overflow-5.c: Likewise. * c-c++-common/ubsan/float-cast-overflow-6.c: Likewise. * c-c++-common/ubsan/float-cast-overflow-8.c: Likewise. * c-c++-common/ubsan/float-cast-overflow-9.c: Likewise. * c-c++-common/ubsan/float-cast-overflow-10.c: Likewise. * g++.dg/ubsan/float-cast-overflow-bf.C: Likewise. * gcc.dg/ubsan/float-cast-overflow-bf.c: Likewise. * g++.dg/asan/default-options-1.C (__asan_default_options): Add used attribute. * g++.dg/asan/asan_test.C: Run with ASAN_OPTIONS=handle_segv=2 in the environment. * All source files: Merge from upstream 315899. * asan/Makefile.am (nodist_saninclude_HEADERS): Add include/sanitizer/tsan_interface.h. * asan/libtool-version: Bump the libasan SONAME. * lsan/Makefile.am (sanitizer_lsan_files): Add lsan_common_mac.cc. (lsan_files): Add lsan_linux.cc, lsan_mac.cc and lsan_malloc_mac.cc. * sanitizer_common/Makefile.am (sanitizer_common_files): Add sancov_flags.cc, sanitizer_allocator_checks.cc, sanitizer_coverage_libcdep_new.cc, sanitizer_errno.cc, sanitizer_file.cc, sanitizer_mac_libcdep.cc and sanitizer_stoptheworld_mac.cc. Remove sanitizer_coverage_libcdep.cc and sanitizer_coverage_mapping_libcdep.cc. * tsan/Makefile.am (tsan_files): Add tsan_external.cc. * ubsan/Makefile.am (DEFS): Add -DUBSAN_CAN_USE_CXXABI=1. (ubsan_files): Add ubsan_init_standalone.cc and ubsan_signals_standalone.cc. * ubsan/libtool-version: Bump the libubsan SONAME. * asan/Makefile.in: Regenerate. * lsan/Makefile.in: Regenerate. * sanitizer_common/Makefile.in: Regenerate. * tsan/Makefile.in: Regenerate. * ubsan/Makefile.in: Regenerate. From-SVN: r253887
315 lines
8.9 KiB
C++
315 lines
8.9 KiB
C++
//===-- tsan_fd.cc --------------------------------------------------------===//
|
|
//
|
|
// This file is distributed under the University of Illinois Open Source
|
|
// License. See LICENSE.TXT for details.
|
|
//
|
|
//===----------------------------------------------------------------------===//
|
|
//
|
|
// This file is a part of ThreadSanitizer (TSan), a race detector.
|
|
//
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
#include "tsan_fd.h"
|
|
#include "tsan_rtl.h"
|
|
#include <sanitizer_common/sanitizer_atomic.h>
|
|
|
|
namespace __tsan {
|
|
|
|
const int kTableSizeL1 = 1024;
|
|
const int kTableSizeL2 = 1024;
|
|
const int kTableSize = kTableSizeL1 * kTableSizeL2;
|
|
|
|
struct FdSync {
|
|
atomic_uint64_t rc;
|
|
};
|
|
|
|
struct FdDesc {
|
|
FdSync *sync;
|
|
int creation_tid;
|
|
u32 creation_stack;
|
|
};
|
|
|
|
struct FdContext {
|
|
atomic_uintptr_t tab[kTableSizeL1];
|
|
// Addresses used for synchronization.
|
|
FdSync globsync;
|
|
FdSync filesync;
|
|
FdSync socksync;
|
|
u64 connectsync;
|
|
};
|
|
|
|
static FdContext fdctx;
|
|
|
|
static bool bogusfd(int fd) {
|
|
// Apparently a bogus fd value.
|
|
return fd < 0 || fd >= kTableSize;
|
|
}
|
|
|
|
static FdSync *allocsync(ThreadState *thr, uptr pc) {
|
|
FdSync *s = (FdSync*)user_alloc_internal(thr, pc, sizeof(FdSync),
|
|
kDefaultAlignment, false);
|
|
atomic_store(&s->rc, 1, memory_order_relaxed);
|
|
return s;
|
|
}
|
|
|
|
static FdSync *ref(FdSync *s) {
|
|
if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1)
|
|
atomic_fetch_add(&s->rc, 1, memory_order_relaxed);
|
|
return s;
|
|
}
|
|
|
|
static void unref(ThreadState *thr, uptr pc, FdSync *s) {
|
|
if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1) {
|
|
if (atomic_fetch_sub(&s->rc, 1, memory_order_acq_rel) == 1) {
|
|
CHECK_NE(s, &fdctx.globsync);
|
|
CHECK_NE(s, &fdctx.filesync);
|
|
CHECK_NE(s, &fdctx.socksync);
|
|
user_free(thr, pc, s, false);
|
|
}
|
|
}
|
|
}
|
|
|
|
static FdDesc *fddesc(ThreadState *thr, uptr pc, int fd) {
|
|
CHECK_GE(fd, 0);
|
|
CHECK_LT(fd, kTableSize);
|
|
atomic_uintptr_t *pl1 = &fdctx.tab[fd / kTableSizeL2];
|
|
uptr l1 = atomic_load(pl1, memory_order_consume);
|
|
if (l1 == 0) {
|
|
uptr size = kTableSizeL2 * sizeof(FdDesc);
|
|
// We need this to reside in user memory to properly catch races on it.
|
|
void *p = user_alloc_internal(thr, pc, size, kDefaultAlignment, false);
|
|
internal_memset(p, 0, size);
|
|
MemoryResetRange(thr, (uptr)&fddesc, (uptr)p, size);
|
|
if (atomic_compare_exchange_strong(pl1, &l1, (uptr)p, memory_order_acq_rel))
|
|
l1 = (uptr)p;
|
|
else
|
|
user_free(thr, pc, p, false);
|
|
}
|
|
return &((FdDesc*)l1)[fd % kTableSizeL2]; // NOLINT
|
|
}
|
|
|
|
// pd must be already ref'ed.
|
|
static void init(ThreadState *thr, uptr pc, int fd, FdSync *s,
|
|
bool write = true) {
|
|
FdDesc *d = fddesc(thr, pc, fd);
|
|
// As a matter of fact, we don't intercept all close calls.
|
|
// See e.g. libc __res_iclose().
|
|
if (d->sync) {
|
|
unref(thr, pc, d->sync);
|
|
d->sync = 0;
|
|
}
|
|
if (flags()->io_sync == 0) {
|
|
unref(thr, pc, s);
|
|
} else if (flags()->io_sync == 1) {
|
|
d->sync = s;
|
|
} else if (flags()->io_sync == 2) {
|
|
unref(thr, pc, s);
|
|
d->sync = &fdctx.globsync;
|
|
}
|
|
d->creation_tid = thr->tid;
|
|
d->creation_stack = CurrentStackId(thr, pc);
|
|
if (write) {
|
|
// To catch races between fd usage and open.
|
|
MemoryRangeImitateWrite(thr, pc, (uptr)d, 8);
|
|
} else {
|
|
// See the dup-related comment in FdClose.
|
|
MemoryRead(thr, pc, (uptr)d, kSizeLog8);
|
|
}
|
|
}
|
|
|
|
void FdInit() {
|
|
atomic_store(&fdctx.globsync.rc, (u64)-1, memory_order_relaxed);
|
|
atomic_store(&fdctx.filesync.rc, (u64)-1, memory_order_relaxed);
|
|
atomic_store(&fdctx.socksync.rc, (u64)-1, memory_order_relaxed);
|
|
}
|
|
|
|
void FdOnFork(ThreadState *thr, uptr pc) {
|
|
// On fork() we need to reset all fd's, because the child is going
|
|
// close all them, and that will cause races between previous read/write
|
|
// and the close.
|
|
for (int l1 = 0; l1 < kTableSizeL1; l1++) {
|
|
FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);
|
|
if (tab == 0)
|
|
break;
|
|
for (int l2 = 0; l2 < kTableSizeL2; l2++) {
|
|
FdDesc *d = &tab[l2];
|
|
MemoryResetRange(thr, pc, (uptr)d, 8);
|
|
}
|
|
}
|
|
}
|
|
|
|
bool FdLocation(uptr addr, int *fd, int *tid, u32 *stack) {
|
|
for (int l1 = 0; l1 < kTableSizeL1; l1++) {
|
|
FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);
|
|
if (tab == 0)
|
|
break;
|
|
if (addr >= (uptr)tab && addr < (uptr)(tab + kTableSizeL2)) {
|
|
int l2 = (addr - (uptr)tab) / sizeof(FdDesc);
|
|
FdDesc *d = &tab[l2];
|
|
*fd = l1 * kTableSizeL1 + l2;
|
|
*tid = d->creation_tid;
|
|
*stack = d->creation_stack;
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
void FdAcquire(ThreadState *thr, uptr pc, int fd) {
|
|
if (bogusfd(fd))
|
|
return;
|
|
FdDesc *d = fddesc(thr, pc, fd);
|
|
FdSync *s = d->sync;
|
|
DPrintf("#%d: FdAcquire(%d) -> %p\n", thr->tid, fd, s);
|
|
MemoryRead(thr, pc, (uptr)d, kSizeLog8);
|
|
if (s)
|
|
Acquire(thr, pc, (uptr)s);
|
|
}
|
|
|
|
void FdRelease(ThreadState *thr, uptr pc, int fd) {
|
|
if (bogusfd(fd))
|
|
return;
|
|
FdDesc *d = fddesc(thr, pc, fd);
|
|
FdSync *s = d->sync;
|
|
DPrintf("#%d: FdRelease(%d) -> %p\n", thr->tid, fd, s);
|
|
MemoryRead(thr, pc, (uptr)d, kSizeLog8);
|
|
if (s)
|
|
Release(thr, pc, (uptr)s);
|
|
}
|
|
|
|
void FdAccess(ThreadState *thr, uptr pc, int fd) {
|
|
DPrintf("#%d: FdAccess(%d)\n", thr->tid, fd);
|
|
if (bogusfd(fd))
|
|
return;
|
|
FdDesc *d = fddesc(thr, pc, fd);
|
|
MemoryRead(thr, pc, (uptr)d, kSizeLog8);
|
|
}
|
|
|
|
void FdClose(ThreadState *thr, uptr pc, int fd, bool write) {
|
|
DPrintf("#%d: FdClose(%d)\n", thr->tid, fd);
|
|
if (bogusfd(fd))
|
|
return;
|
|
FdDesc *d = fddesc(thr, pc, fd);
|
|
if (write) {
|
|
// To catch races between fd usage and close.
|
|
MemoryWrite(thr, pc, (uptr)d, kSizeLog8);
|
|
} else {
|
|
// This path is used only by dup2/dup3 calls.
|
|
// We do read instead of write because there is a number of legitimate
|
|
// cases where write would lead to false positives:
|
|
// 1. Some software dups a closed pipe in place of a socket before closing
|
|
// the socket (to prevent races actually).
|
|
// 2. Some daemons dup /dev/null in place of stdin/stdout.
|
|
// On the other hand we have not seen cases when write here catches real
|
|
// bugs.
|
|
MemoryRead(thr, pc, (uptr)d, kSizeLog8);
|
|
}
|
|
// We need to clear it, because if we do not intercept any call out there
|
|
// that creates fd, we will hit false postives.
|
|
MemoryResetRange(thr, pc, (uptr)d, 8);
|
|
unref(thr, pc, d->sync);
|
|
d->sync = 0;
|
|
d->creation_tid = 0;
|
|
d->creation_stack = 0;
|
|
}
|
|
|
|
void FdFileCreate(ThreadState *thr, uptr pc, int fd) {
|
|
DPrintf("#%d: FdFileCreate(%d)\n", thr->tid, fd);
|
|
if (bogusfd(fd))
|
|
return;
|
|
init(thr, pc, fd, &fdctx.filesync);
|
|
}
|
|
|
|
void FdDup(ThreadState *thr, uptr pc, int oldfd, int newfd, bool write) {
|
|
DPrintf("#%d: FdDup(%d, %d)\n", thr->tid, oldfd, newfd);
|
|
if (bogusfd(oldfd) || bogusfd(newfd))
|
|
return;
|
|
// Ignore the case when user dups not yet connected socket.
|
|
FdDesc *od = fddesc(thr, pc, oldfd);
|
|
MemoryRead(thr, pc, (uptr)od, kSizeLog8);
|
|
FdClose(thr, pc, newfd, write);
|
|
init(thr, pc, newfd, ref(od->sync), write);
|
|
}
|
|
|
|
void FdPipeCreate(ThreadState *thr, uptr pc, int rfd, int wfd) {
|
|
DPrintf("#%d: FdCreatePipe(%d, %d)\n", thr->tid, rfd, wfd);
|
|
FdSync *s = allocsync(thr, pc);
|
|
init(thr, pc, rfd, ref(s));
|
|
init(thr, pc, wfd, ref(s));
|
|
unref(thr, pc, s);
|
|
}
|
|
|
|
void FdEventCreate(ThreadState *thr, uptr pc, int fd) {
|
|
DPrintf("#%d: FdEventCreate(%d)\n", thr->tid, fd);
|
|
if (bogusfd(fd))
|
|
return;
|
|
init(thr, pc, fd, allocsync(thr, pc));
|
|
}
|
|
|
|
void FdSignalCreate(ThreadState *thr, uptr pc, int fd) {
|
|
DPrintf("#%d: FdSignalCreate(%d)\n", thr->tid, fd);
|
|
if (bogusfd(fd))
|
|
return;
|
|
init(thr, pc, fd, 0);
|
|
}
|
|
|
|
void FdInotifyCreate(ThreadState *thr, uptr pc, int fd) {
|
|
DPrintf("#%d: FdInotifyCreate(%d)\n", thr->tid, fd);
|
|
if (bogusfd(fd))
|
|
return;
|
|
init(thr, pc, fd, 0);
|
|
}
|
|
|
|
void FdPollCreate(ThreadState *thr, uptr pc, int fd) {
|
|
DPrintf("#%d: FdPollCreate(%d)\n", thr->tid, fd);
|
|
if (bogusfd(fd))
|
|
return;
|
|
init(thr, pc, fd, allocsync(thr, pc));
|
|
}
|
|
|
|
void FdSocketCreate(ThreadState *thr, uptr pc, int fd) {
|
|
DPrintf("#%d: FdSocketCreate(%d)\n", thr->tid, fd);
|
|
if (bogusfd(fd))
|
|
return;
|
|
// It can be a UDP socket.
|
|
init(thr, pc, fd, &fdctx.socksync);
|
|
}
|
|
|
|
void FdSocketAccept(ThreadState *thr, uptr pc, int fd, int newfd) {
|
|
DPrintf("#%d: FdSocketAccept(%d, %d)\n", thr->tid, fd, newfd);
|
|
if (bogusfd(fd))
|
|
return;
|
|
// Synchronize connect->accept.
|
|
Acquire(thr, pc, (uptr)&fdctx.connectsync);
|
|
init(thr, pc, newfd, &fdctx.socksync);
|
|
}
|
|
|
|
void FdSocketConnecting(ThreadState *thr, uptr pc, int fd) {
|
|
DPrintf("#%d: FdSocketConnecting(%d)\n", thr->tid, fd);
|
|
if (bogusfd(fd))
|
|
return;
|
|
// Synchronize connect->accept.
|
|
Release(thr, pc, (uptr)&fdctx.connectsync);
|
|
}
|
|
|
|
void FdSocketConnect(ThreadState *thr, uptr pc, int fd) {
|
|
DPrintf("#%d: FdSocketConnect(%d)\n", thr->tid, fd);
|
|
if (bogusfd(fd))
|
|
return;
|
|
init(thr, pc, fd, &fdctx.socksync);
|
|
}
|
|
|
|
uptr File2addr(const char *path) {
|
|
(void)path;
|
|
static u64 addr;
|
|
return (uptr)&addr;
|
|
}
|
|
|
|
uptr Dir2addr(const char *path) {
|
|
(void)path;
|
|
static u64 addr;
|
|
return (uptr)&addr;
|
|
}
|
|
|
|
} // namespace __tsan
|