tsan_fd.cpp revision 1.1
1 1.1 mrg //===-- tsan_fd.cpp -------------------------------------------------------===// 2 1.1 mrg // 3 1.1 mrg // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 1.1 mrg // See https://llvm.org/LICENSE.txt for license information. 5 1.1 mrg // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 1.1 mrg // 7 1.1 mrg //===----------------------------------------------------------------------===// 8 1.1 mrg // 9 1.1 mrg // This file is a part of ThreadSanitizer (TSan), a race detector. 10 1.1 mrg // 11 1.1 mrg //===----------------------------------------------------------------------===// 12 1.1 mrg 13 1.1 mrg #include "tsan_fd.h" 14 1.1 mrg #include "tsan_rtl.h" 15 1.1 mrg #include <sanitizer_common/sanitizer_atomic.h> 16 1.1 mrg 17 1.1 mrg namespace __tsan { 18 1.1 mrg 19 1.1 mrg const int kTableSizeL1 = 1024; 20 1.1 mrg const int kTableSizeL2 = 1024; 21 1.1 mrg const int kTableSize = kTableSizeL1 * kTableSizeL2; 22 1.1 mrg 23 1.1 mrg struct FdSync { 24 1.1 mrg atomic_uint64_t rc; 25 1.1 mrg }; 26 1.1 mrg 27 1.1 mrg struct FdDesc { 28 1.1 mrg FdSync *sync; 29 1.1 mrg Tid creation_tid; 30 1.1 mrg StackID creation_stack; 31 1.1 mrg }; 32 1.1 mrg 33 1.1 mrg struct FdContext { 34 1.1 mrg atomic_uintptr_t tab[kTableSizeL1]; 35 1.1 mrg // Addresses used for synchronization. 36 1.1 mrg FdSync globsync; 37 1.1 mrg FdSync filesync; 38 1.1 mrg FdSync socksync; 39 1.1 mrg u64 connectsync; 40 1.1 mrg }; 41 1.1 mrg 42 1.1 mrg static FdContext fdctx; 43 1.1 mrg 44 1.1 mrg static bool bogusfd(int fd) { 45 1.1 mrg // Apparently a bogus fd value. 46 1.1 mrg return fd < 0 || fd >= kTableSize; 47 1.1 mrg } 48 1.1 mrg 49 1.1 mrg static FdSync *allocsync(ThreadState *thr, uptr pc) { 50 1.1 mrg FdSync *s = (FdSync*)user_alloc_internal(thr, pc, sizeof(FdSync), 51 1.1 mrg kDefaultAlignment, false); 52 1.1 mrg atomic_store(&s->rc, 1, memory_order_relaxed); 53 1.1 mrg return s; 54 1.1 mrg } 55 1.1 mrg 56 1.1 mrg static FdSync *ref(FdSync *s) { 57 1.1 mrg if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1) 58 1.1 mrg atomic_fetch_add(&s->rc, 1, memory_order_relaxed); 59 1.1 mrg return s; 60 1.1 mrg } 61 1.1 mrg 62 1.1 mrg static void unref(ThreadState *thr, uptr pc, FdSync *s) { 63 1.1 mrg if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1) { 64 1.1 mrg if (atomic_fetch_sub(&s->rc, 1, memory_order_acq_rel) == 1) { 65 1.1 mrg CHECK_NE(s, &fdctx.globsync); 66 1.1 mrg CHECK_NE(s, &fdctx.filesync); 67 1.1 mrg CHECK_NE(s, &fdctx.socksync); 68 1.1 mrg user_free(thr, pc, s, false); 69 1.1 mrg } 70 1.1 mrg } 71 1.1 mrg } 72 1.1 mrg 73 1.1 mrg static FdDesc *fddesc(ThreadState *thr, uptr pc, int fd) { 74 1.1 mrg CHECK_GE(fd, 0); 75 1.1 mrg CHECK_LT(fd, kTableSize); 76 1.1 mrg atomic_uintptr_t *pl1 = &fdctx.tab[fd / kTableSizeL2]; 77 1.1 mrg uptr l1 = atomic_load(pl1, memory_order_consume); 78 1.1 mrg if (l1 == 0) { 79 1.1 mrg uptr size = kTableSizeL2 * sizeof(FdDesc); 80 1.1 mrg // We need this to reside in user memory to properly catch races on it. 81 1.1 mrg void *p = user_alloc_internal(thr, pc, size, kDefaultAlignment, false); 82 1.1 mrg internal_memset(p, 0, size); 83 1.1 mrg MemoryResetRange(thr, (uptr)&fddesc, (uptr)p, size); 84 1.1 mrg if (atomic_compare_exchange_strong(pl1, &l1, (uptr)p, memory_order_acq_rel)) 85 1.1 mrg l1 = (uptr)p; 86 1.1 mrg else 87 1.1 mrg user_free(thr, pc, p, false); 88 1.1 mrg } 89 1.1 mrg FdDesc *fds = reinterpret_cast<FdDesc *>(l1); 90 1.1 mrg return &fds[fd % kTableSizeL2]; 91 1.1 mrg } 92 1.1 mrg 93 1.1 mrg // pd must be already ref'ed. 94 1.1 mrg static void init(ThreadState *thr, uptr pc, int fd, FdSync *s, 95 1.1 mrg bool write = true) { 96 1.1 mrg FdDesc *d = fddesc(thr, pc, fd); 97 1.1 mrg // As a matter of fact, we don't intercept all close calls. 98 1.1 mrg // See e.g. libc __res_iclose(). 99 1.1 mrg if (d->sync) { 100 1.1 mrg unref(thr, pc, d->sync); 101 1.1 mrg d->sync = 0; 102 1.1 mrg } 103 1.1 mrg if (flags()->io_sync == 0) { 104 1.1 mrg unref(thr, pc, s); 105 1.1 mrg } else if (flags()->io_sync == 1) { 106 1.1 mrg d->sync = s; 107 1.1 mrg } else if (flags()->io_sync == 2) { 108 1.1 mrg unref(thr, pc, s); 109 1.1 mrg d->sync = &fdctx.globsync; 110 1.1 mrg } 111 1.1 mrg d->creation_tid = thr->tid; 112 1.1 mrg d->creation_stack = CurrentStackId(thr, pc); 113 1.1 mrg if (write) { 114 1.1 mrg // To catch races between fd usage and open. 115 1.1 mrg MemoryRangeImitateWrite(thr, pc, (uptr)d, 8); 116 1.1 mrg } else { 117 1.1 mrg // See the dup-related comment in FdClose. 118 1.1 mrg MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead); 119 1.1 mrg } 120 1.1 mrg } 121 1.1 mrg 122 1.1 mrg void FdInit() { 123 1.1 mrg atomic_store(&fdctx.globsync.rc, (u64)-1, memory_order_relaxed); 124 1.1 mrg atomic_store(&fdctx.filesync.rc, (u64)-1, memory_order_relaxed); 125 1.1 mrg atomic_store(&fdctx.socksync.rc, (u64)-1, memory_order_relaxed); 126 1.1 mrg } 127 1.1 mrg 128 1.1 mrg void FdOnFork(ThreadState *thr, uptr pc) { 129 1.1 mrg // On fork() we need to reset all fd's, because the child is going 130 1.1 mrg // close all them, and that will cause races between previous read/write 131 1.1 mrg // and the close. 132 1.1 mrg for (int l1 = 0; l1 < kTableSizeL1; l1++) { 133 1.1 mrg FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed); 134 1.1 mrg if (tab == 0) 135 1.1 mrg break; 136 1.1 mrg for (int l2 = 0; l2 < kTableSizeL2; l2++) { 137 1.1 mrg FdDesc *d = &tab[l2]; 138 1.1 mrg MemoryResetRange(thr, pc, (uptr)d, 8); 139 1.1 mrg } 140 1.1 mrg } 141 1.1 mrg } 142 1.1 mrg 143 1.1 mrg bool FdLocation(uptr addr, int *fd, Tid *tid, StackID *stack) { 144 1.1 mrg for (int l1 = 0; l1 < kTableSizeL1; l1++) { 145 1.1 mrg FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed); 146 1.1 mrg if (tab == 0) 147 1.1 mrg break; 148 1.1 mrg if (addr >= (uptr)tab && addr < (uptr)(tab + kTableSizeL2)) { 149 1.1 mrg int l2 = (addr - (uptr)tab) / sizeof(FdDesc); 150 1.1 mrg FdDesc *d = &tab[l2]; 151 1.1 mrg *fd = l1 * kTableSizeL1 + l2; 152 1.1 mrg *tid = d->creation_tid; 153 1.1 mrg *stack = d->creation_stack; 154 1.1 mrg return true; 155 1.1 mrg } 156 1.1 mrg } 157 1.1 mrg return false; 158 1.1 mrg } 159 1.1 mrg 160 1.1 mrg void FdAcquire(ThreadState *thr, uptr pc, int fd) { 161 1.1 mrg if (bogusfd(fd)) 162 1.1 mrg return; 163 1.1 mrg FdDesc *d = fddesc(thr, pc, fd); 164 1.1 mrg FdSync *s = d->sync; 165 1.1 mrg DPrintf("#%d: FdAcquire(%d) -> %p\n", thr->tid, fd, s); 166 1.1 mrg MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead); 167 1.1 mrg if (s) 168 1.1 mrg Acquire(thr, pc, (uptr)s); 169 1.1 mrg } 170 1.1 mrg 171 1.1 mrg void FdRelease(ThreadState *thr, uptr pc, int fd) { 172 1.1 mrg if (bogusfd(fd)) 173 1.1 mrg return; 174 1.1 mrg FdDesc *d = fddesc(thr, pc, fd); 175 1.1 mrg FdSync *s = d->sync; 176 1.1 mrg DPrintf("#%d: FdRelease(%d) -> %p\n", thr->tid, fd, s); 177 1.1 mrg MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead); 178 1.1 mrg if (s) 179 1.1 mrg Release(thr, pc, (uptr)s); 180 1.1 mrg } 181 1.1 mrg 182 1.1 mrg void FdAccess(ThreadState *thr, uptr pc, int fd) { 183 1.1 mrg DPrintf("#%d: FdAccess(%d)\n", thr->tid, fd); 184 1.1 mrg if (bogusfd(fd)) 185 1.1 mrg return; 186 1.1 mrg FdDesc *d = fddesc(thr, pc, fd); 187 1.1 mrg MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead); 188 1.1 mrg } 189 1.1 mrg 190 1.1 mrg void FdClose(ThreadState *thr, uptr pc, int fd, bool write) { 191 1.1 mrg DPrintf("#%d: FdClose(%d)\n", thr->tid, fd); 192 1.1 mrg if (bogusfd(fd)) 193 1.1 mrg return; 194 1.1 mrg FdDesc *d = fddesc(thr, pc, fd); 195 1.1 mrg if (write) { 196 1.1 mrg // To catch races between fd usage and close. 197 1.1 mrg MemoryAccess(thr, pc, (uptr)d, 8, kAccessWrite); 198 1.1 mrg } else { 199 1.1 mrg // This path is used only by dup2/dup3 calls. 200 1.1 mrg // We do read instead of write because there is a number of legitimate 201 1.1 mrg // cases where write would lead to false positives: 202 1.1 mrg // 1. Some software dups a closed pipe in place of a socket before closing 203 1.1 mrg // the socket (to prevent races actually). 204 1.1 mrg // 2. Some daemons dup /dev/null in place of stdin/stdout. 205 1.1 mrg // On the other hand we have not seen cases when write here catches real 206 1.1 mrg // bugs. 207 1.1 mrg MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead); 208 1.1 mrg } 209 1.1 mrg // We need to clear it, because if we do not intercept any call out there 210 1.1 mrg // that creates fd, we will hit false postives. 211 1.1 mrg MemoryResetRange(thr, pc, (uptr)d, 8); 212 1.1 mrg unref(thr, pc, d->sync); 213 1.1 mrg d->sync = 0; 214 1.1 mrg d->creation_tid = kInvalidTid; 215 1.1 mrg d->creation_stack = kInvalidStackID; 216 1.1 mrg } 217 1.1 mrg 218 1.1 mrg void FdFileCreate(ThreadState *thr, uptr pc, int fd) { 219 1.1 mrg DPrintf("#%d: FdFileCreate(%d)\n", thr->tid, fd); 220 1.1 mrg if (bogusfd(fd)) 221 1.1 mrg return; 222 1.1 mrg init(thr, pc, fd, &fdctx.filesync); 223 1.1 mrg } 224 1.1 mrg 225 1.1 mrg void FdDup(ThreadState *thr, uptr pc, int oldfd, int newfd, bool write) { 226 1.1 mrg DPrintf("#%d: FdDup(%d, %d)\n", thr->tid, oldfd, newfd); 227 1.1 mrg if (bogusfd(oldfd) || bogusfd(newfd)) 228 1.1 mrg return; 229 1.1 mrg // Ignore the case when user dups not yet connected socket. 230 1.1 mrg FdDesc *od = fddesc(thr, pc, oldfd); 231 1.1 mrg MemoryAccess(thr, pc, (uptr)od, 8, kAccessRead); 232 1.1 mrg FdClose(thr, pc, newfd, write); 233 1.1 mrg init(thr, pc, newfd, ref(od->sync), write); 234 1.1 mrg } 235 1.1 mrg 236 1.1 mrg void FdPipeCreate(ThreadState *thr, uptr pc, int rfd, int wfd) { 237 1.1 mrg DPrintf("#%d: FdCreatePipe(%d, %d)\n", thr->tid, rfd, wfd); 238 1.1 mrg FdSync *s = allocsync(thr, pc); 239 1.1 mrg init(thr, pc, rfd, ref(s)); 240 1.1 mrg init(thr, pc, wfd, ref(s)); 241 1.1 mrg unref(thr, pc, s); 242 1.1 mrg } 243 1.1 mrg 244 1.1 mrg void FdEventCreate(ThreadState *thr, uptr pc, int fd) { 245 1.1 mrg DPrintf("#%d: FdEventCreate(%d)\n", thr->tid, fd); 246 1.1 mrg if (bogusfd(fd)) 247 1.1 mrg return; 248 1.1 mrg init(thr, pc, fd, allocsync(thr, pc)); 249 1.1 mrg } 250 1.1 mrg 251 1.1 mrg void FdSignalCreate(ThreadState *thr, uptr pc, int fd) { 252 1.1 mrg DPrintf("#%d: FdSignalCreate(%d)\n", thr->tid, fd); 253 1.1 mrg if (bogusfd(fd)) 254 1.1 mrg return; 255 1.1 mrg init(thr, pc, fd, 0); 256 1.1 mrg } 257 1.1 mrg 258 1.1 mrg void FdInotifyCreate(ThreadState *thr, uptr pc, int fd) { 259 1.1 mrg DPrintf("#%d: FdInotifyCreate(%d)\n", thr->tid, fd); 260 1.1 mrg if (bogusfd(fd)) 261 1.1 mrg return; 262 1.1 mrg init(thr, pc, fd, 0); 263 1.1 mrg } 264 1.1 mrg 265 1.1 mrg void FdPollCreate(ThreadState *thr, uptr pc, int fd) { 266 1.1 mrg DPrintf("#%d: FdPollCreate(%d)\n", thr->tid, fd); 267 1.1 mrg if (bogusfd(fd)) 268 1.1 mrg return; 269 1.1 mrg init(thr, pc, fd, allocsync(thr, pc)); 270 1.1 mrg } 271 1.1 mrg 272 1.1 mrg void FdSocketCreate(ThreadState *thr, uptr pc, int fd) { 273 1.1 mrg DPrintf("#%d: FdSocketCreate(%d)\n", thr->tid, fd); 274 1.1 mrg if (bogusfd(fd)) 275 1.1 mrg return; 276 1.1 mrg // It can be a UDP socket. 277 1.1 mrg init(thr, pc, fd, &fdctx.socksync); 278 1.1 mrg } 279 1.1 mrg 280 1.1 mrg void FdSocketAccept(ThreadState *thr, uptr pc, int fd, int newfd) { 281 1.1 mrg DPrintf("#%d: FdSocketAccept(%d, %d)\n", thr->tid, fd, newfd); 282 1.1 mrg if (bogusfd(fd)) 283 1.1 mrg return; 284 1.1 mrg // Synchronize connect->accept. 285 1.1 mrg Acquire(thr, pc, (uptr)&fdctx.connectsync); 286 1.1 mrg init(thr, pc, newfd, &fdctx.socksync); 287 1.1 mrg } 288 1.1 mrg 289 1.1 mrg void FdSocketConnecting(ThreadState *thr, uptr pc, int fd) { 290 1.1 mrg DPrintf("#%d: FdSocketConnecting(%d)\n", thr->tid, fd); 291 1.1 mrg if (bogusfd(fd)) 292 1.1 mrg return; 293 1.1 mrg // Synchronize connect->accept. 294 1.1 mrg Release(thr, pc, (uptr)&fdctx.connectsync); 295 1.1 mrg } 296 1.1 mrg 297 1.1 mrg void FdSocketConnect(ThreadState *thr, uptr pc, int fd) { 298 1.1 mrg DPrintf("#%d: FdSocketConnect(%d)\n", thr->tid, fd); 299 1.1 mrg if (bogusfd(fd)) 300 1.1 mrg return; 301 1.1 mrg init(thr, pc, fd, &fdctx.socksync); 302 1.1 mrg } 303 1.1 mrg 304 1.1 mrg uptr File2addr(const char *path) { 305 1.1 mrg (void)path; 306 1.1 mrg static u64 addr; 307 1.1 mrg return (uptr)&addr; 308 1.1 mrg } 309 1.1 mrg 310 1.1 mrg uptr Dir2addr(const char *path) { 311 1.1 mrg (void)path; 312 1.1 mrg static u64 addr; 313 1.1 mrg return (uptr)&addr; 314 1.1 mrg } 315 1.1 mrg 316 1.1 mrg } // namespace __tsan 317
Indexes created Thu Mar 26 00:23:24 UTC 2026