1 //=-- lsan_common_linux.cc ------------------------------------------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file is a part of LeakSanitizer.
11 // Implementation of common leak checking functionality. Linux-specific code.
13 //===----------------------------------------------------------------------===//
15 #include "sanitizer_common/sanitizer_platform.h"
16 #include "lsan_common.h"
18 #if CAN_SANITIZE_LEAKS && SANITIZER_LINUX
21 #include "sanitizer_common/sanitizer_common.h"
22 #include "sanitizer_common/sanitizer_flags.h"
23 #include "sanitizer_common/sanitizer_linux.h"
24 #include "sanitizer_common/sanitizer_stackdepot.h"
28 static const char kLinkerName
[] = "ld";
29 // We request 2 modules matching "ld", so we can print a warning if there's more
30 // than one match. But only the first one is actually used.
31 static char linker_placeholder
[2 * sizeof(LoadedModule
)] ALIGNED(64);
32 static LoadedModule
*linker
= 0;
34 static bool IsLinker(const char* full_name
) {
35 return LibraryNameIs(full_name
, kLinkerName
);
38 void InitializePlatformSpecificModules() {
39 internal_memset(linker_placeholder
, 0, sizeof(linker_placeholder
));
40 uptr num_matches
= GetListOfModules(
41 reinterpret_cast<LoadedModule
*>(linker_placeholder
), 2, IsLinker
);
42 if (num_matches
== 1) {
43 linker
= reinterpret_cast<LoadedModule
*>(linker_placeholder
);
47 VReport(1, "LeakSanitizer: Dynamic linker not found. "
48 "TLS will not be handled correctly.\n");
49 else if (num_matches
> 1)
50 VReport(1, "LeakSanitizer: Multiple modules match \"%s\". "
51 "TLS will not be handled correctly.\n", kLinkerName
);
55 static int ProcessGlobalRegionsCallback(struct dl_phdr_info
*info
, size_t size
,
57 Frontier
*frontier
= reinterpret_cast<Frontier
*>(data
);
58 for (uptr j
= 0; j
< info
->dlpi_phnum
; j
++) {
59 const ElfW(Phdr
) *phdr
= &(info
->dlpi_phdr
[j
]);
60 // We're looking for .data and .bss sections, which reside in writeable,
62 if (!(phdr
->p_flags
& PF_W
) || (phdr
->p_type
!= PT_LOAD
) ||
65 uptr begin
= info
->dlpi_addr
+ phdr
->p_vaddr
;
66 uptr end
= begin
+ phdr
->p_memsz
;
67 uptr allocator_begin
= 0, allocator_end
= 0;
68 GetAllocatorGlobalRange(&allocator_begin
, &allocator_end
);
69 if (begin
<= allocator_begin
&& allocator_begin
< end
) {
70 CHECK_LE(allocator_begin
, allocator_end
);
71 CHECK_LT(allocator_end
, end
);
72 if (begin
< allocator_begin
)
73 ScanRangeForPointers(begin
, allocator_begin
, frontier
, "GLOBAL",
75 if (allocator_end
< end
)
76 ScanRangeForPointers(allocator_end
, end
, frontier
, "GLOBAL",
79 ScanRangeForPointers(begin
, end
, frontier
, "GLOBAL", kReachable
);
85 // Scans global variables for heap pointers.
86 void ProcessGlobalRegions(Frontier
*frontier
) {
87 if (!flags()->use_globals
) return;
88 // FIXME: dl_iterate_phdr acquires a linker lock, so we run a risk of
89 // deadlocking by running this under StopTheWorld. However, the lock is
90 // reentrant, so we should be able to fix this by acquiring the lock before
91 // suspending threads.
92 dl_iterate_phdr(ProcessGlobalRegionsCallback
, frontier
);
95 static uptr
GetCallerPC(u32 stack_id
, StackDepotReverseMap
*map
) {
98 const uptr
*trace
= map
->Get(stack_id
, &size
);
99 // The top frame is our malloc/calloc/etc. The next frame is the caller.
105 struct ProcessPlatformAllocParam
{
107 StackDepotReverseMap
*stack_depot_reverse_map
;
110 // ForEachChunk callback. Identifies unreachable chunks which must be treated as
111 // reachable. Marks them as reachable and adds them to the frontier.
112 static void ProcessPlatformSpecificAllocationsCb(uptr chunk
, void *arg
) {
114 ProcessPlatformAllocParam
*param
=
115 reinterpret_cast<ProcessPlatformAllocParam
*>(arg
);
116 chunk
= GetUserBegin(chunk
);
117 LsanMetadata
m(chunk
);
118 if (m
.allocated() && m
.tag() != kReachable
) {
119 u32 stack_id
= m
.stack_trace_id();
122 caller_pc
= GetCallerPC(stack_id
, param
->stack_depot_reverse_map
);
123 // If caller_pc is unknown, this chunk may be allocated in a coroutine. Mark
124 // it as reachable, as we can't properly report its allocation stack anyway.
125 if (caller_pc
== 0 || linker
->containsAddress(caller_pc
)) {
126 m
.set_tag(kReachable
);
127 param
->frontier
->push_back(chunk
);
132 // Handles dynamically allocated TLS blocks by treating all chunks allocated
133 // from ld-linux.so as reachable.
134 // Dynamic TLS blocks contain the TLS variables of dynamically loaded modules.
135 // They are allocated with a __libc_memalign() call in allocate_and_init()
136 // (elf/dl-tls.c). Glibc won't tell us the address ranges occupied by those
137 // blocks, but we can make sure they come from our own allocator by intercepting
138 // __libc_memalign(). On top of that, there is no easy way to reach them. Their
139 // addresses are stored in a dynamically allocated array (the DTV) which is
140 // referenced from the static TLS. Unfortunately, we can't just rely on the DTV
141 // being reachable from the static TLS, and the dynamic TLS being reachable from
142 // the DTV. This is because the initial DTV is allocated before our interception
143 // mechanism kicks in, and thus we don't recognize it as allocated memory. We
144 // can't special-case it either, since we don't know its size.
145 // Our solution is to include in the root set all allocations made from
146 // ld-linux.so (which is where allocate_and_init() is implemented). This is
147 // guaranteed to include all dynamic TLS blocks (and possibly other allocations
148 // which we don't care about).
149 void ProcessPlatformSpecificAllocations(Frontier
*frontier
) {
150 if (!flags()->use_tls
) return;
152 StackDepotReverseMap stack_depot_reverse_map
;
153 ProcessPlatformAllocParam arg
= {frontier
, &stack_depot_reverse_map
};
154 ForEachChunk(ProcessPlatformSpecificAllocationsCb
, &arg
);
157 } // namespace __lsan
158 #endif // CAN_SANITIZE_LEAKS && SANITIZER_LINUX