asan_thread.cpp revision 1.1
1 //===-- asan_thread.cpp ---------------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file is a part of AddressSanitizer, an address sanity checker. 10 // 11 // Thread-related code. 12 //===----------------------------------------------------------------------===// 13 #include "asan_allocator.h" 14 #include "asan_interceptors.h" 15 #include "asan_poisoning.h" 16 #include "asan_stack.h" 17 #include "asan_thread.h" 18 #include "asan_mapping.h" 19 #include "sanitizer_common/sanitizer_common.h" 20 #include "sanitizer_common/sanitizer_placement_new.h" 21 #include "sanitizer_common/sanitizer_stackdepot.h" 22 #include "sanitizer_common/sanitizer_tls_get_addr.h" 23 #include "lsan/lsan_common.h" 24 25 namespace __asan { 26 27 // AsanThreadContext implementation. 28 29 void AsanThreadContext::OnCreated(void *arg) { 30 CreateThreadContextArgs *args = static_cast<CreateThreadContextArgs*>(arg); 31 if (args->stack) 32 stack_id = StackDepotPut(*args->stack); 33 thread = args->thread; 34 thread->set_context(this); 35 } 36 37 void AsanThreadContext::OnFinished() { 38 // Drop the link to the AsanThread object. 39 thread = nullptr; 40 } 41 42 // MIPS requires aligned address 43 static ALIGNED(16) char thread_registry_placeholder[sizeof(ThreadRegistry)]; 44 static ThreadRegistry *asan_thread_registry; 45 46 static BlockingMutex mu_for_thread_context(LINKER_INITIALIZED); 47 static LowLevelAllocator allocator_for_thread_context; 48 49 static ThreadContextBase *GetAsanThreadContext(u32 tid) { 50 BlockingMutexLock lock(&mu_for_thread_context); 51 return new(allocator_for_thread_context) AsanThreadContext(tid); 52 } 53 54 ThreadRegistry &asanThreadRegistry() { 55 static bool initialized; 56 // Don't worry about thread_safety - this should be called when there is 57 // a single thread. 58 if (!initialized) { 59 // Never reuse ASan threads: we store pointer to AsanThreadContext 60 // in TSD and can't reliably tell when no more TSD destructors will 61 // be called. It would be wrong to reuse AsanThreadContext for another 62 // thread before all TSD destructors will be called for it. 63 asan_thread_registry = new(thread_registry_placeholder) ThreadRegistry( 64 GetAsanThreadContext, kMaxNumberOfThreads, kMaxNumberOfThreads); 65 initialized = true; 66 } 67 return *asan_thread_registry; 68 } 69 70 AsanThreadContext *GetThreadContextByTidLocked(u32 tid) { 71 return static_cast<AsanThreadContext *>( 72 asanThreadRegistry().GetThreadLocked(tid)); 73 } 74 75 // AsanThread implementation. 76 77 AsanThread *AsanThread::Create(thread_callback_t start_routine, void *arg, 78 u32 parent_tid, StackTrace *stack, 79 bool detached) { 80 uptr PageSize = GetPageSizeCached(); 81 uptr size = RoundUpTo(sizeof(AsanThread), PageSize); 82 AsanThread *thread = (AsanThread*)MmapOrDie(size, __func__); 83 thread->start_routine_ = start_routine; 84 thread->arg_ = arg; 85 AsanThreadContext::CreateThreadContextArgs args = {thread, stack}; 86 asanThreadRegistry().CreateThread(*reinterpret_cast<uptr *>(thread), detached, 87 parent_tid, &args); 88 89 return thread; 90 } 91 92 void AsanThread::TSDDtor(void *tsd) { 93 AsanThreadContext *context = (AsanThreadContext*)tsd; 94 VReport(1, "T%d TSDDtor\n", context->tid); 95 if (context->thread) 96 context->thread->Destroy(); 97 } 98 99 void AsanThread::Destroy() { 100 int tid = this->tid(); 101 VReport(1, "T%d exited\n", tid); 102 103 malloc_storage().CommitBack(); 104 if (common_flags()->use_sigaltstack) UnsetAlternateSignalStack(); 105 asanThreadRegistry().FinishThread(tid); 106 FlushToDeadThreadStats(&stats_); 107 // We also clear the shadow on thread destruction because 108 // some code may still be executing in later TSD destructors 109 // and we don't want it to have any poisoned stack. 110 ClearShadowForThreadStackAndTLS(); 111 DeleteFakeStack(tid); 112 uptr size = RoundUpTo(sizeof(AsanThread), GetPageSizeCached()); 113 UnmapOrDie(this, size); 114 DTLS_Destroy(); 115 } 116 117 void AsanThread::StartSwitchFiber(FakeStack **fake_stack_save, uptr bottom, 118 uptr size) { 119 if (atomic_load(&stack_switching_, memory_order_relaxed)) { 120 Report("ERROR: starting fiber switch while in fiber switch\n"); 121 Die(); 122 } 123 124 next_stack_bottom_ = bottom; 125 next_stack_top_ = bottom + size; 126 atomic_store(&stack_switching_, 1, memory_order_release); 127 128 FakeStack *current_fake_stack = fake_stack_; 129 if (fake_stack_save) 130 *fake_stack_save = fake_stack_; 131 fake_stack_ = nullptr; 132 SetTLSFakeStack(nullptr); 133 // if fake_stack_save is null, the fiber will die, delete the fakestack 134 if (!fake_stack_save && current_fake_stack) 135 current_fake_stack->Destroy(this->tid()); 136 } 137 138 void AsanThread::FinishSwitchFiber(FakeStack *fake_stack_save, 139 uptr *bottom_old, 140 uptr *size_old) { 141 if (!atomic_load(&stack_switching_, memory_order_relaxed)) { 142 Report("ERROR: finishing a fiber switch that has not started\n"); 143 Die(); 144 } 145 146 if (fake_stack_save) { 147 SetTLSFakeStack(fake_stack_save); 148 fake_stack_ = fake_stack_save; 149 } 150 151 if (bottom_old) 152 *bottom_old = stack_bottom_; 153 if (size_old) 154 *size_old = stack_top_ - stack_bottom_; 155 stack_bottom_ = next_stack_bottom_; 156 stack_top_ = next_stack_top_; 157 atomic_store(&stack_switching_, 0, memory_order_release); 158 next_stack_top_ = 0; 159 next_stack_bottom_ = 0; 160 } 161 162 inline AsanThread::StackBounds AsanThread::GetStackBounds() const { 163 if (!atomic_load(&stack_switching_, memory_order_acquire)) { 164 // Make sure the stack bounds are fully initialized. 165 if (stack_bottom_ >= stack_top_) return {0, 0}; 166 return {stack_bottom_, stack_top_}; 167 } 168 char local; 169 const uptr cur_stack = (uptr)&local; 170 // Note: need to check next stack first, because FinishSwitchFiber 171 // may be in process of overwriting stack_top_/bottom_. But in such case 172 // we are already on the next stack. 173 if (cur_stack >= next_stack_bottom_ && cur_stack < next_stack_top_) 174 return {next_stack_bottom_, next_stack_top_}; 175 return {stack_bottom_, stack_top_}; 176 } 177 178 uptr AsanThread::stack_top() { 179 return GetStackBounds().top; 180 } 181 182 uptr AsanThread::stack_bottom() { 183 return GetStackBounds().bottom; 184 } 185 186 uptr AsanThread::stack_size() { 187 const auto bounds = GetStackBounds(); 188 return bounds.top - bounds.bottom; 189 } 190 191 // We want to create the FakeStack lazyly on the first use, but not eralier 192 // than the stack size is known and the procedure has to be async-signal safe. 193 FakeStack *AsanThread::AsyncSignalSafeLazyInitFakeStack() { 194 uptr stack_size = this->stack_size(); 195 if (stack_size == 0) // stack_size is not yet available, don't use FakeStack. 196 return nullptr; 197 uptr old_val = 0; 198 // fake_stack_ has 3 states: 199 // 0 -- not initialized 200 // 1 -- being initialized 201 // ptr -- initialized 202 // This CAS checks if the state was 0 and if so changes it to state 1, 203 // if that was successful, it initializes the pointer. 204 if (atomic_compare_exchange_strong( 205 reinterpret_cast<atomic_uintptr_t *>(&fake_stack_), &old_val, 1UL, 206 memory_order_relaxed)) { 207 uptr stack_size_log = Log2(RoundUpToPowerOfTwo(stack_size)); 208 CHECK_LE(flags()->min_uar_stack_size_log, flags()->max_uar_stack_size_log); 209 stack_size_log = 210 Min(stack_size_log, static_cast<uptr>(flags()->max_uar_stack_size_log)); 211 stack_size_log = 212 Max(stack_size_log, static_cast<uptr>(flags()->min_uar_stack_size_log)); 213 fake_stack_ = FakeStack::Create(stack_size_log); 214 SetTLSFakeStack(fake_stack_); 215 return fake_stack_; 216 } 217 return nullptr; 218 } 219 220 void AsanThread::Init(const InitOptions *options) { 221 next_stack_top_ = next_stack_bottom_ = 0; 222 atomic_store(&stack_switching_, false, memory_order_release); 223 CHECK_EQ(this->stack_size(), 0U); 224 SetThreadStackAndTls(options); 225 if (stack_top_ != stack_bottom_) { 226 CHECK_GT(this->stack_size(), 0U); 227 CHECK(AddrIsInMem(stack_bottom_)); 228 CHECK(AddrIsInMem(stack_top_ - 1)); 229 } 230 ClearShadowForThreadStackAndTLS(); 231 fake_stack_ = nullptr; 232 if (__asan_option_detect_stack_use_after_return) 233 AsyncSignalSafeLazyInitFakeStack(); 234 int local = 0; 235 VReport(1, "T%d: stack [%p,%p) size 0x%zx; local=%p\n", tid(), 236 (void *)stack_bottom_, (void *)stack_top_, stack_top_ - stack_bottom_, 237 &local); 238 } 239 240 // Fuchsia and RTEMS don't use ThreadStart. 241 // asan_fuchsia.c/asan_rtems.c define CreateMainThread and 242 // SetThreadStackAndTls. 243 #if !SANITIZER_FUCHSIA && !SANITIZER_RTEMS 244 245 thread_return_t AsanThread::ThreadStart( 246 tid_t os_id, atomic_uintptr_t *signal_thread_is_registered) { 247 Init(); 248 asanThreadRegistry().StartThread(tid(), os_id, ThreadType::Regular, nullptr); 249 if (signal_thread_is_registered) 250 atomic_store(signal_thread_is_registered, 1, memory_order_release); 251 252 if (common_flags()->use_sigaltstack) SetAlternateSignalStack(); 253 254 if (!start_routine_) { 255 // start_routine_ == 0 if we're on the main thread or on one of the 256 // OS X libdispatch worker threads. But nobody is supposed to call 257 // ThreadStart() for the worker threads. 258 CHECK_EQ(tid(), 0); 259 return 0; 260 } 261 262 thread_return_t res = start_routine_(arg_); 263 264 // On POSIX systems we defer this to the TSD destructor. LSan will consider 265 // the thread's memory as non-live from the moment we call Destroy(), even 266 // though that memory might contain pointers to heap objects which will be 267 // cleaned up by a user-defined TSD destructor. Thus, calling Destroy() before 268 // the TSD destructors have run might cause false positives in LSan. 269 if (!SANITIZER_POSIX) 270 this->Destroy(); 271 272 return res; 273 } 274 275 AsanThread *CreateMainThread() { 276 AsanThread *main_thread = AsanThread::Create( 277 /* start_routine */ nullptr, /* arg */ nullptr, /* parent_tid */ 0, 278 /* stack */ nullptr, /* detached */ true); 279 SetCurrentThread(main_thread); 280 main_thread->ThreadStart(internal_getpid(), 281 /* signal_thread_is_registered */ nullptr); 282 return main_thread; 283 } 284 285 // This implementation doesn't use the argument, which is just passed down 286 // from the caller of Init (which see, above). It's only there to support 287 // OS-specific implementations that need more information passed through. 288 void AsanThread::SetThreadStackAndTls(const InitOptions *options) { 289 DCHECK_EQ(options, nullptr); 290 uptr tls_size = 0; 291 uptr stack_size = 0; 292 GetThreadStackAndTls(tid() == 0, &stack_bottom_, &stack_size, &tls_begin_, 293 &tls_size); 294 stack_top_ = stack_bottom_ + stack_size; 295 tls_end_ = tls_begin_ + tls_size; 296 dtls_ = DTLS_Get(); 297 298 if (stack_top_ != stack_bottom_) { 299 int local; 300 CHECK(AddrIsInStack((uptr)&local)); 301 } 302 } 303 304 #endif // !SANITIZER_FUCHSIA && !SANITIZER_RTEMS 305 306 void AsanThread::ClearShadowForThreadStackAndTLS() { 307 if (stack_top_ != stack_bottom_) 308 PoisonShadow(stack_bottom_, stack_top_ - stack_bottom_, 0); 309 if (tls_begin_ != tls_end_) { 310 uptr tls_begin_aligned = RoundDownTo(tls_begin_, SHADOW_GRANULARITY); 311 uptr tls_end_aligned = RoundUpTo(tls_end_, SHADOW_GRANULARITY); 312 FastPoisonShadowPartialRightRedzone(tls_begin_aligned, 313 tls_end_ - tls_begin_aligned, 314 tls_end_aligned - tls_end_, 0); 315 } 316 } 317 318 bool AsanThread::GetStackFrameAccessByAddr(uptr addr, 319 StackFrameAccess *access) { 320 if (stack_top_ == stack_bottom_) 321 return false; 322 323 uptr bottom = 0; 324 if (AddrIsInStack(addr)) { 325 bottom = stack_bottom(); 326 } else if (has_fake_stack()) { 327 bottom = fake_stack()->AddrIsInFakeStack(addr); 328 CHECK(bottom); 329 access->offset = addr - bottom; 330 access->frame_pc = ((uptr*)bottom)[2]; 331 access->frame_descr = (const char *)((uptr*)bottom)[1]; 332 return true; 333 } 334 uptr aligned_addr = RoundDownTo(addr, SANITIZER_WORDSIZE / 8); // align addr. 335 uptr mem_ptr = RoundDownTo(aligned_addr, SHADOW_GRANULARITY); 336 u8 *shadow_ptr = (u8*)MemToShadow(aligned_addr); 337 u8 *shadow_bottom = (u8*)MemToShadow(bottom); 338 339 while (shadow_ptr >= shadow_bottom && 340 *shadow_ptr != kAsanStackLeftRedzoneMagic) { 341 shadow_ptr--; 342 mem_ptr -= SHADOW_GRANULARITY; 343 } 344 345 while (shadow_ptr >= shadow_bottom && 346 *shadow_ptr == kAsanStackLeftRedzoneMagic) { 347 shadow_ptr--; 348 mem_ptr -= SHADOW_GRANULARITY; 349 } 350 351 if (shadow_ptr < shadow_bottom) { 352 return false; 353 } 354 355 uptr* ptr = (uptr*)(mem_ptr + SHADOW_GRANULARITY); 356 CHECK(ptr[0] == kCurrentStackFrameMagic); 357 access->offset = addr - (uptr)ptr; 358 access->frame_pc = ptr[2]; 359 access->frame_descr = (const char*)ptr[1]; 360 return true; 361 } 362 363 uptr AsanThread::GetStackVariableShadowStart(uptr addr) { 364 uptr bottom = 0; 365 if (AddrIsInStack(addr)) { 366 bottom = stack_bottom(); 367 } else if (has_fake_stack()) { 368 bottom = fake_stack()->AddrIsInFakeStack(addr); 369 if (bottom == 0) { 370 return 0; 371 } 372 } else { 373 return 0; 374 } 375 376 uptr aligned_addr = RoundDownTo(addr, SANITIZER_WORDSIZE / 8); // align addr. 377 u8 *shadow_ptr = (u8*)MemToShadow(aligned_addr); 378 u8 *shadow_bottom = (u8*)MemToShadow(bottom); 379 380 while (shadow_ptr >= shadow_bottom && 381 (*shadow_ptr != kAsanStackLeftRedzoneMagic && 382 *shadow_ptr != kAsanStackMidRedzoneMagic && 383 *shadow_ptr != kAsanStackRightRedzoneMagic)) 384 shadow_ptr--; 385 386 return (uptr)shadow_ptr + 1; 387 } 388 389 bool AsanThread::AddrIsInStack(uptr addr) { 390 const auto bounds = GetStackBounds(); 391 return addr >= bounds.bottom && addr < bounds.top; 392 } 393 394 static bool ThreadStackContainsAddress(ThreadContextBase *tctx_base, 395 void *addr) { 396 AsanThreadContext *tctx = static_cast<AsanThreadContext*>(tctx_base); 397 AsanThread *t = tctx->thread; 398 if (!t) return false; 399 if (t->AddrIsInStack((uptr)addr)) return true; 400 if (t->has_fake_stack() && t->fake_stack()->AddrIsInFakeStack((uptr)addr)) 401 return true; 402 return false; 403 } 404 405 AsanThread *GetCurrentThread() { 406 if (SANITIZER_RTEMS && !asan_inited) 407 return nullptr; 408 409 AsanThreadContext *context = 410 reinterpret_cast<AsanThreadContext *>(AsanTSDGet()); 411 if (!context) { 412 if (SANITIZER_ANDROID) { 413 // On Android, libc constructor is called _after_ asan_init, and cleans up 414 // TSD. Try to figure out if this is still the main thread by the stack 415 // address. We are not entirely sure that we have correct main thread 416 // limits, so only do this magic on Android, and only if the found thread 417 // is the main thread. 418 AsanThreadContext *tctx = GetThreadContextByTidLocked(0); 419 if (tctx && ThreadStackContainsAddress(tctx, &context)) { 420 SetCurrentThread(tctx->thread); 421 return tctx->thread; 422 } 423 } 424 return nullptr; 425 } 426 return context->thread; 427 } 428 429 void SetCurrentThread(AsanThread *t) { 430 CHECK(t->context()); 431 VReport(2, "SetCurrentThread: %p for thread %p\n", t->context(), 432 (void *)GetThreadSelf()); 433 // Make sure we do not reset the current AsanThread. 434 CHECK_EQ(0, AsanTSDGet()); 435 AsanTSDSet(t->context()); 436 CHECK_EQ(t->context(), AsanTSDGet()); 437 } 438 439 u32 GetCurrentTidOrInvalid() { 440 AsanThread *t = GetCurrentThread(); 441 return t ? t->tid() : kInvalidTid; 442 } 443 444 AsanThread *FindThreadByStackAddress(uptr addr) { 445 asanThreadRegistry().CheckLocked(); 446 AsanThreadContext *tctx = static_cast<AsanThreadContext *>( 447 asanThreadRegistry().FindThreadContextLocked(ThreadStackContainsAddress, 448 (void *)addr)); 449 return tctx ? tctx->thread : nullptr; 450 } 451 452 void EnsureMainThreadIDIsCorrect() { 453 AsanThreadContext *context = 454 reinterpret_cast<AsanThreadContext *>(AsanTSDGet()); 455 if (context && (context->tid == 0)) 456 context->os_id = GetTid(); 457 } 458 459 __asan::AsanThread *GetAsanThreadByOsIDLocked(tid_t os_id) { 460 __asan::AsanThreadContext *context = static_cast<__asan::AsanThreadContext *>( 461 __asan::asanThreadRegistry().FindThreadContextByOsIDLocked(os_id)); 462 if (!context) return nullptr; 463 return context->thread; 464 } 465 } // namespace __asan 466 467 // --- Implementation of LSan-specific functions --- {{{1 468 namespace __lsan { 469 bool GetThreadRangesLocked(tid_t os_id, uptr *stack_begin, uptr *stack_end, 470 uptr *tls_begin, uptr *tls_end, uptr *cache_begin, 471 uptr *cache_end, DTLS **dtls) { 472 __asan::AsanThread *t = __asan::GetAsanThreadByOsIDLocked(os_id); 473 if (!t) return false; 474 *stack_begin = t->stack_bottom(); 475 *stack_end = t->stack_top(); 476 *tls_begin = t->tls_begin(); 477 *tls_end = t->tls_end(); 478 // ASan doesn't keep allocator caches in TLS, so these are unused. 479 *cache_begin = 0; 480 *cache_end = 0; 481 *dtls = t->dtls(); 482 return true; 483 } 484 485 void ForEachExtraStackRange(tid_t os_id, RangeIteratorCallback callback, 486 void *arg) { 487 __asan::AsanThread *t = __asan::GetAsanThreadByOsIDLocked(os_id); 488 if (t && t->has_fake_stack()) 489 t->fake_stack()->ForEachFakeFrame(callback, arg); 490 } 491 492 void LockThreadRegistry() { 493 __asan::asanThreadRegistry().Lock(); 494 } 495 496 void UnlockThreadRegistry() { 497 __asan::asanThreadRegistry().Unlock(); 498 } 499 500 ThreadRegistry *GetThreadRegistryLocked() { 501 __asan::asanThreadRegistry().CheckLocked(); 502 return &__asan::asanThreadRegistry(); 503 } 504 505 void EnsureMainThreadIDIsCorrect() { 506 __asan::EnsureMainThreadIDIsCorrect(); 507 } 508 } // namespace __lsan 509 510 // ---------------------- Interface ---------------- {{{1 511 using namespace __asan; 512 513 extern "C" { 514 SANITIZER_INTERFACE_ATTRIBUTE 515 void __sanitizer_start_switch_fiber(void **fakestacksave, const void *bottom, 516 uptr size) { 517 AsanThread *t = GetCurrentThread(); 518 if (!t) { 519 VReport(1, "__asan_start_switch_fiber called from unknown thread\n"); 520 return; 521 } 522 t->StartSwitchFiber((FakeStack**)fakestacksave, (uptr)bottom, size); 523 } 524 525 SANITIZER_INTERFACE_ATTRIBUTE 526 void __sanitizer_finish_switch_fiber(void* fakestack, 527 const void **bottom_old, 528 uptr *size_old) { 529 AsanThread *t = GetCurrentThread(); 530 if (!t) { 531 VReport(1, "__asan_finish_switch_fiber called from unknown thread\n"); 532 return; 533 } 534 t->FinishSwitchFiber((FakeStack*)fakestack, 535 (uptr*)bottom_old, 536 (uptr*)size_old); 537 } 538 } 539
Indexes created Wed Mar 25 00:23:37 UTC 2026