1 //===-- tsan_fd.cc --------------------------------------------------------===//
2 //
3 // This file is distributed under the University of Illinois Open Source
4 // License. See LICENSE.TXT for details.
5 //
6 //===----------------------------------------------------------------------===//
7 //
8 // This file is a part of ThreadSanitizer (TSan), a race detector.
9 //
10 //===----------------------------------------------------------------------===//
11
12 #include "tsan_fd.h"
13 #include "tsan_rtl.h"
14 #include <sanitizer_common/sanitizer_atomic.h>
15
16 namespace __tsan {
17
18 const int kTableSizeL1 = 1024;
19 const int kTableSizeL2 = 1024;
20 const int kTableSize = kTableSizeL1 * kTableSizeL2;
21
22 struct FdSync {
23 atomic_uint64_t rc;
24 };
25
26 struct FdDesc {
27 FdSync *sync;
28 int creation_tid;
29 u32 creation_stack;
30 };
31
32 struct FdContext {
33 atomic_uintptr_t tab[kTableSizeL1];
34 // Addresses used for synchronization.
35 FdSync globsync;
36 FdSync filesync;
37 FdSync socksync;
38 u64 connectsync;
39 };
40
41 static FdContext fdctx;
42
bogusfd(int fd)43 static bool bogusfd(int fd) {
44 // Apparently a bogus fd value.
45 return fd < 0 || fd >= kTableSize;
46 }
47
allocsync(ThreadState * thr,uptr pc)48 static FdSync *allocsync(ThreadState *thr, uptr pc) {
49 FdSync *s = (FdSync*)user_alloc_internal(thr, pc, sizeof(FdSync),
50 kDefaultAlignment, false);
51 atomic_store(&s->rc, 1, memory_order_relaxed);
52 return s;
53 }
54
ref(FdSync * s)55 static FdSync *ref(FdSync *s) {
56 if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1)
57 atomic_fetch_add(&s->rc, 1, memory_order_relaxed);
58 return s;
59 }
60
unref(ThreadState * thr,uptr pc,FdSync * s)61 static void unref(ThreadState *thr, uptr pc, FdSync *s) {
62 if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1) {
63 if (atomic_fetch_sub(&s->rc, 1, memory_order_acq_rel) == 1) {
64 CHECK_NE(s, &fdctx.globsync);
65 CHECK_NE(s, &fdctx.filesync);
66 CHECK_NE(s, &fdctx.socksync);
67 user_free(thr, pc, s, false);
68 }
69 }
70 }
71
fddesc(ThreadState * thr,uptr pc,int fd)72 static FdDesc *fddesc(ThreadState *thr, uptr pc, int fd) {
73 CHECK_GE(fd, 0);
74 CHECK_LT(fd, kTableSize);
75 atomic_uintptr_t *pl1 = &fdctx.tab[fd / kTableSizeL2];
76 uptr l1 = atomic_load(pl1, memory_order_consume);
77 if (l1 == 0) {
78 uptr size = kTableSizeL2 * sizeof(FdDesc);
79 // We need this to reside in user memory to properly catch races on it.
80 void *p = user_alloc_internal(thr, pc, size, kDefaultAlignment, false);
81 internal_memset(p, 0, size);
82 MemoryResetRange(thr, (uptr)&fddesc, (uptr)p, size);
83 if (atomic_compare_exchange_strong(pl1, &l1, (uptr)p, memory_order_acq_rel))
84 l1 = (uptr)p;
85 else
86 user_free(thr, pc, p, false);
87 }
88 return &((FdDesc*)l1)[fd % kTableSizeL2]; // NOLINT
89 }
90
91 // pd must be already ref'ed.
init(ThreadState * thr,uptr pc,int fd,FdSync * s,bool write=true)92 static void init(ThreadState *thr, uptr pc, int fd, FdSync *s,
93 bool write = true) {
94 FdDesc *d = fddesc(thr, pc, fd);
95 // As a matter of fact, we don't intercept all close calls.
96 // See e.g. libc __res_iclose().
97 if (d->sync) {
98 unref(thr, pc, d->sync);
99 d->sync = 0;
100 }
101 if (flags()->io_sync == 0) {
102 unref(thr, pc, s);
103 } else if (flags()->io_sync == 1) {
104 d->sync = s;
105 } else if (flags()->io_sync == 2) {
106 unref(thr, pc, s);
107 d->sync = &fdctx.globsync;
108 }
109 d->creation_tid = thr->tid;
110 d->creation_stack = CurrentStackId(thr, pc);
111 if (write) {
112 // To catch races between fd usage and open.
113 MemoryRangeImitateWrite(thr, pc, (uptr)d, 8);
114 } else {
115 // See the dup-related comment in FdClose.
116 MemoryRead(thr, pc, (uptr)d, kSizeLog8);
117 }
118 }
119
FdInit()120 void FdInit() {
121 atomic_store(&fdctx.globsync.rc, (u64)-1, memory_order_relaxed);
122 atomic_store(&fdctx.filesync.rc, (u64)-1, memory_order_relaxed);
123 atomic_store(&fdctx.socksync.rc, (u64)-1, memory_order_relaxed);
124 }
125
FdOnFork(ThreadState * thr,uptr pc)126 void FdOnFork(ThreadState *thr, uptr pc) {
127 // On fork() we need to reset all fd's, because the child is going
128 // close all them, and that will cause races between previous read/write
129 // and the close.
130 for (int l1 = 0; l1 < kTableSizeL1; l1++) {
131 FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);
132 if (tab == 0)
133 break;
134 for (int l2 = 0; l2 < kTableSizeL2; l2++) {
135 FdDesc *d = &tab[l2];
136 MemoryResetRange(thr, pc, (uptr)d, 8);
137 }
138 }
139 }
140
FdLocation(uptr addr,int * fd,int * tid,u32 * stack)141 bool FdLocation(uptr addr, int *fd, int *tid, u32 *stack) {
142 for (int l1 = 0; l1 < kTableSizeL1; l1++) {
143 FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);
144 if (tab == 0)
145 break;
146 if (addr >= (uptr)tab && addr < (uptr)(tab + kTableSizeL2)) {
147 int l2 = (addr - (uptr)tab) / sizeof(FdDesc);
148 FdDesc *d = &tab[l2];
149 *fd = l1 * kTableSizeL1 + l2;
150 *tid = d->creation_tid;
151 *stack = d->creation_stack;
152 return true;
153 }
154 }
155 return false;
156 }
157
FdAcquire(ThreadState * thr,uptr pc,int fd)158 void FdAcquire(ThreadState *thr, uptr pc, int fd) {
159 if (bogusfd(fd))
160 return;
161 FdDesc *d = fddesc(thr, pc, fd);
162 FdSync *s = d->sync;
163 DPrintf("#%d: FdAcquire(%d) -> %p\n", thr->tid, fd, s);
164 MemoryRead(thr, pc, (uptr)d, kSizeLog8);
165 if (s)
166 Acquire(thr, pc, (uptr)s);
167 }
168
FdRelease(ThreadState * thr,uptr pc,int fd)169 void FdRelease(ThreadState *thr, uptr pc, int fd) {
170 if (bogusfd(fd))
171 return;
172 FdDesc *d = fddesc(thr, pc, fd);
173 FdSync *s = d->sync;
174 DPrintf("#%d: FdRelease(%d) -> %p\n", thr->tid, fd, s);
175 MemoryRead(thr, pc, (uptr)d, kSizeLog8);
176 if (s)
177 Release(thr, pc, (uptr)s);
178 }
179
FdAccess(ThreadState * thr,uptr pc,int fd)180 void FdAccess(ThreadState *thr, uptr pc, int fd) {
181 DPrintf("#%d: FdAccess(%d)\n", thr->tid, fd);
182 if (bogusfd(fd))
183 return;
184 FdDesc *d = fddesc(thr, pc, fd);
185 MemoryRead(thr, pc, (uptr)d, kSizeLog8);
186 }
187
FdClose(ThreadState * thr,uptr pc,int fd,bool write)188 void FdClose(ThreadState *thr, uptr pc, int fd, bool write) {
189 DPrintf("#%d: FdClose(%d)\n", thr->tid, fd);
190 if (bogusfd(fd))
191 return;
192 FdDesc *d = fddesc(thr, pc, fd);
193 if (write) {
194 // To catch races between fd usage and close.
195 MemoryWrite(thr, pc, (uptr)d, kSizeLog8);
196 } else {
197 // This path is used only by dup2/dup3 calls.
198 // We do read instead of write because there is a number of legitimate
199 // cases where write would lead to false positives:
200 // 1. Some software dups a closed pipe in place of a socket before closing
201 // the socket (to prevent races actually).
202 // 2. Some daemons dup /dev/null in place of stdin/stdout.
203 // On the other hand we have not seen cases when write here catches real
204 // bugs.
205 MemoryRead(thr, pc, (uptr)d, kSizeLog8);
206 }
207 // We need to clear it, because if we do not intercept any call out there
208 // that creates fd, we will hit false postives.
209 MemoryResetRange(thr, pc, (uptr)d, 8);
210 unref(thr, pc, d->sync);
211 d->sync = 0;
212 d->creation_tid = 0;
213 d->creation_stack = 0;
214 }
215
FdFileCreate(ThreadState * thr,uptr pc,int fd)216 void FdFileCreate(ThreadState *thr, uptr pc, int fd) {
217 DPrintf("#%d: FdFileCreate(%d)\n", thr->tid, fd);
218 if (bogusfd(fd))
219 return;
220 init(thr, pc, fd, &fdctx.filesync);
221 }
222
FdDup(ThreadState * thr,uptr pc,int oldfd,int newfd,bool write)223 void FdDup(ThreadState *thr, uptr pc, int oldfd, int newfd, bool write) {
224 DPrintf("#%d: FdDup(%d, %d)\n", thr->tid, oldfd, newfd);
225 if (bogusfd(oldfd) || bogusfd(newfd))
226 return;
227 // Ignore the case when user dups not yet connected socket.
228 FdDesc *od = fddesc(thr, pc, oldfd);
229 MemoryRead(thr, pc, (uptr)od, kSizeLog8);
230 FdClose(thr, pc, newfd, write);
231 init(thr, pc, newfd, ref(od->sync), write);
232 }
233
FdPipeCreate(ThreadState * thr,uptr pc,int rfd,int wfd)234 void FdPipeCreate(ThreadState *thr, uptr pc, int rfd, int wfd) {
235 DPrintf("#%d: FdCreatePipe(%d, %d)\n", thr->tid, rfd, wfd);
236 FdSync *s = allocsync(thr, pc);
237 init(thr, pc, rfd, ref(s));
238 init(thr, pc, wfd, ref(s));
239 unref(thr, pc, s);
240 }
241
FdEventCreate(ThreadState * thr,uptr pc,int fd)242 void FdEventCreate(ThreadState *thr, uptr pc, int fd) {
243 DPrintf("#%d: FdEventCreate(%d)\n", thr->tid, fd);
244 if (bogusfd(fd))
245 return;
246 init(thr, pc, fd, allocsync(thr, pc));
247 }
248
FdSignalCreate(ThreadState * thr,uptr pc,int fd)249 void FdSignalCreate(ThreadState *thr, uptr pc, int fd) {
250 DPrintf("#%d: FdSignalCreate(%d)\n", thr->tid, fd);
251 if (bogusfd(fd))
252 return;
253 init(thr, pc, fd, 0);
254 }
255
FdInotifyCreate(ThreadState * thr,uptr pc,int fd)256 void FdInotifyCreate(ThreadState *thr, uptr pc, int fd) {
257 DPrintf("#%d: FdInotifyCreate(%d)\n", thr->tid, fd);
258 if (bogusfd(fd))
259 return;
260 init(thr, pc, fd, 0);
261 }
262
FdPollCreate(ThreadState * thr,uptr pc,int fd)263 void FdPollCreate(ThreadState *thr, uptr pc, int fd) {
264 DPrintf("#%d: FdPollCreate(%d)\n", thr->tid, fd);
265 if (bogusfd(fd))
266 return;
267 init(thr, pc, fd, allocsync(thr, pc));
268 }
269
FdSocketCreate(ThreadState * thr,uptr pc,int fd)270 void FdSocketCreate(ThreadState *thr, uptr pc, int fd) {
271 DPrintf("#%d: FdSocketCreate(%d)\n", thr->tid, fd);
272 if (bogusfd(fd))
273 return;
274 // It can be a UDP socket.
275 init(thr, pc, fd, &fdctx.socksync);
276 }
277
FdSocketAccept(ThreadState * thr,uptr pc,int fd,int newfd)278 void FdSocketAccept(ThreadState *thr, uptr pc, int fd, int newfd) {
279 DPrintf("#%d: FdSocketAccept(%d, %d)\n", thr->tid, fd, newfd);
280 if (bogusfd(fd))
281 return;
282 // Synchronize connect->accept.
283 Acquire(thr, pc, (uptr)&fdctx.connectsync);
284 init(thr, pc, newfd, &fdctx.socksync);
285 }
286
FdSocketConnecting(ThreadState * thr,uptr pc,int fd)287 void FdSocketConnecting(ThreadState *thr, uptr pc, int fd) {
288 DPrintf("#%d: FdSocketConnecting(%d)\n", thr->tid, fd);
289 if (bogusfd(fd))
290 return;
291 // Synchronize connect->accept.
292 Release(thr, pc, (uptr)&fdctx.connectsync);
293 }
294
FdSocketConnect(ThreadState * thr,uptr pc,int fd)295 void FdSocketConnect(ThreadState *thr, uptr pc, int fd) {
296 DPrintf("#%d: FdSocketConnect(%d)\n", thr->tid, fd);
297 if (bogusfd(fd))
298 return;
299 init(thr, pc, fd, &fdctx.socksync);
300 }
301
File2addr(const char * path)302 uptr File2addr(const char *path) {
303 (void)path;
304 static u64 addr;
305 return (uptr)&addr;
306 }
307
Dir2addr(const char * path)308 uptr Dir2addr(const char *path) {
309 (void)path;
310 static u64 addr;
311 return (uptr)&addr;
312 }
313
314 } // namespace __tsan
315