1 //===-- sanitizer_tls_get_addr.cpp ----------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Handle the __tls_get_addr call. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "sanitizer_tls_get_addr.h" 14 15 #include "sanitizer_atomic.h" 16 #include "sanitizer_flags.h" 17 #include "sanitizer_platform_interceptors.h" 18 19 namespace __sanitizer { 20 #if SANITIZER_INTERCEPT_TLS_GET_ADDR 21 22 // The actual parameter that comes to __tls_get_addr 23 // is a pointer to a struct with two words in it: 24 struct TlsGetAddrParam { 25 uptr dso_id; 26 uptr offset; 27 }; 28 29 // Glibc starting from 2.19 allocates tls using __signal_safe_memalign, 30 // which has such header. 31 struct Glibc_2_19_tls_header { 32 uptr size; 33 uptr start; 34 }; 35 36 // This must be static TLS 37 __attribute__((tls_model("initial-exec"))) 38 static __thread DTLS dtls; 39 40 // Make sure we properly destroy the DTLS objects: 41 // this counter should never get too large. 42 static atomic_uintptr_t number_of_live_dtls; 43 44 static const uptr kDestroyedThread = -1; 45 46 static void DTLS_Deallocate(DTLS::DTVBlock *block) { 47 VReport(2, "__tls_get_addr: DTLS_Deallocate %p\n", (void *)block); 48 UnmapOrDie(block, sizeof(DTLS::DTVBlock)); 49 atomic_fetch_sub(&number_of_live_dtls, 1, memory_order_relaxed); 50 } 51 52 static DTLS::DTVBlock *DTLS_NextBlock(atomic_uintptr_t *cur) { 53 uptr v = atomic_load(cur, memory_order_acquire); 54 if (v == kDestroyedThread) 55 return nullptr; 56 DTLS::DTVBlock *next = (DTLS::DTVBlock *)v; 57 if (next) 58 return next; 59 DTLS::DTVBlock *new_dtv = 60 (DTLS::DTVBlock *)MmapOrDie(sizeof(DTLS::DTVBlock), "DTLS_NextBlock"); 61 uptr prev = 0; 62 if (!atomic_compare_exchange_strong(cur, &prev, (uptr)new_dtv, 63 memory_order_seq_cst)) { 64 UnmapOrDie(new_dtv, sizeof(DTLS::DTVBlock)); 65 return (DTLS::DTVBlock *)prev; 66 } 67 uptr num_live_dtls = 68 atomic_fetch_add(&number_of_live_dtls, 1, memory_order_relaxed); 69 VReport(2, "__tls_get_addr: DTLS_NextBlock %p %zd\n", (void *)&dtls, 70 num_live_dtls); 71 return new_dtv; 72 } 73 74 static DTLS::DTV *DTLS_Find(uptr id) { 75 VReport(2, "__tls_get_addr: DTLS_Find %p %zd\n", (void *)&dtls, id); 76 static constexpr uptr kPerBlock = ARRAY_SIZE(DTLS::DTVBlock::dtvs); 77 DTLS::DTVBlock *cur = DTLS_NextBlock(&dtls.dtv_block); 78 if (!cur) 79 return nullptr; 80 for (; id >= kPerBlock; id -= kPerBlock) cur = DTLS_NextBlock(&cur->next); 81 return cur->dtvs + id; 82 } 83 84 void DTLS_Destroy() { 85 if (!common_flags()->intercept_tls_get_addr) return; 86 VReport(2, "__tls_get_addr: DTLS_Destroy %p\n", (void *)&dtls); 87 DTLS::DTVBlock *block = (DTLS::DTVBlock *)atomic_exchange( 88 &dtls.dtv_block, kDestroyedThread, memory_order_release); 89 while (block) { 90 DTLS::DTVBlock *next = 91 (DTLS::DTVBlock *)atomic_load(&block->next, memory_order_acquire); 92 DTLS_Deallocate(block); 93 block = next; 94 } 95 } 96 97 #if defined(__powerpc64__) || defined(__mips__) 98 // This is glibc's TLS_DTV_OFFSET: 99 // "Dynamic thread vector pointers point 0x8000 past the start of each 100 // TLS block." (sysdeps/<arch>/dl-tls.h) 101 static const uptr kDtvOffset = 0x8000; 102 #elif defined(__riscv) 103 // This is glibc's TLS_DTV_OFFSET: 104 // "Dynamic thread vector pointers point 0x800 past the start of each 105 // TLS block." (sysdeps/riscv/dl-tls.h) 106 static const uptr kDtvOffset = 0x800; 107 #else 108 static const uptr kDtvOffset = 0; 109 #endif 110 111 DTLS::DTV *DTLS_on_tls_get_addr(void *arg_void, void *res, 112 uptr static_tls_begin, uptr static_tls_end) { 113 if (!common_flags()->intercept_tls_get_addr) return 0; 114 TlsGetAddrParam *arg = reinterpret_cast<TlsGetAddrParam *>(arg_void); 115 uptr dso_id = arg->dso_id; 116 DTLS::DTV *dtv = DTLS_Find(dso_id); 117 if (!dtv || dtv->beg) 118 return 0; 119 uptr tls_size = 0; 120 uptr tls_beg = reinterpret_cast<uptr>(res) - arg->offset - kDtvOffset; 121 VReport(2, 122 "__tls_get_addr: %p {0x%zx,0x%zx} => %p; tls_beg: 0x%zx; sp: %p " 123 "num_live_dtls %zd\n", 124 (void *)arg, arg->dso_id, arg->offset, res, tls_beg, (void *)&tls_beg, 125 atomic_load(&number_of_live_dtls, memory_order_relaxed)); 126 if (dtls.last_memalign_ptr == tls_beg) { 127 tls_size = dtls.last_memalign_size; 128 VReport(2, "__tls_get_addr: glibc <=2.18 suspected; tls={0x%zx,0x%zx}\n", 129 tls_beg, tls_size); 130 } else if (tls_beg >= static_tls_begin && tls_beg < static_tls_end) { 131 // This is the static TLS block which was initialized / unpoisoned at thread 132 // creation. 133 VReport(2, "__tls_get_addr: static tls: 0x%zx\n", tls_beg); 134 tls_size = 0; 135 } else if ((tls_beg % 4096) == sizeof(Glibc_2_19_tls_header)) { 136 // We may want to check gnu_get_libc_version(). 137 Glibc_2_19_tls_header *header = (Glibc_2_19_tls_header *)tls_beg - 1; 138 tls_size = header->size; 139 tls_beg = header->start; 140 VReport(2, "__tls_get_addr: glibc >=2.19 suspected; tls={0x%zx 0x%zx}\n", 141 tls_beg, tls_size); 142 } else { 143 VReport(2, "__tls_get_addr: Can't guess glibc version\n"); 144 // This may happen inside the DTOR of main thread, so just ignore it. 145 tls_size = 0; 146 } 147 dtv->beg = tls_beg; 148 dtv->size = tls_size; 149 return dtv; 150 } 151 152 void DTLS_on_libc_memalign(void *ptr, uptr size) { 153 if (!common_flags()->intercept_tls_get_addr) return; 154 VReport(2, "DTLS_on_libc_memalign: %p 0x%zx\n", ptr, size); 155 dtls.last_memalign_ptr = reinterpret_cast<uptr>(ptr); 156 dtls.last_memalign_size = size; 157 } 158 159 DTLS *DTLS_Get() { return &dtls; } 160 161 bool DTLSInDestruction(DTLS *dtls) { 162 return atomic_load(&dtls->dtv_block, memory_order_relaxed) == 163 kDestroyedThread; 164 } 165 166 #else 167 void DTLS_on_libc_memalign(void *ptr, uptr size) {} 168 DTLS::DTV *DTLS_on_tls_get_addr(void *arg, void *res, 169 unsigned long, unsigned long) { return 0; } 170 DTLS *DTLS_Get() { return 0; } 171 void DTLS_Destroy() {} 172 bool DTLSInDestruction(DTLS *dtls) { 173 UNREACHABLE("dtls is unsupported on this platform!"); 174 } 175 176 #endif // SANITIZER_INTERCEPT_TLS_GET_ADDR 177 178 } // namespace __sanitizer 179