libsanitizer/tsan/tsan_fd.cc

   1 //===-- tsan_fd.cc --------------------------------------------------------===//
   2 //
   3 // This file is distributed under the University of Illinois Open Source
   4 // License. See LICENSE.TXT for details.
   5 //
   6 //===----------------------------------------------------------------------===//
   7 //
   8 // This file is a part of ThreadSanitizer (TSan), a race detector.
   9 //
  10 //===----------------------------------------------------------------------===//
  11
  12 #include "tsan_fd.h"
  13 #include "tsan_rtl.h"
  14 #include <sanitizer_common/sanitizer_atomic.h>
  15
  16 namespace __tsan {
  17
  18 const int kTableSizeL1 = 1024;
  19 const int kTableSizeL2 = 1024;
  20 const int kTableSize = kTableSizeL1 * kTableSizeL2;
  21
  22 struct FdSync {
  23   atomic_uint64_t rc;
  24 };
  25
  26 struct FdDesc {
  27   FdSync *sync;
  28   int creation_tid;
  29   u32 creation_stack;
  30 };
  31
  32 struct FdContext {
  33   atomic_uintptr_t tab[kTableSizeL1];
  34   // Addresses used for synchronization.
  35   FdSync globsync;
  36   FdSync filesync;
  37   FdSync socksync;
  38   u64 connectsync;
  39 };
  40
  41 static FdContext fdctx;
  42
  43 static bool bogusfd(int fd) {
  44   // Apparently a bogus fd value.
  45   return fd < 0 || fd >= kTableSize;
  46 }
  47
  48 static FdSync *allocsync(ThreadState *thr, uptr pc) {
  49   FdSync *s = (FdSync*)user_alloc(thr, pc, sizeof(FdSync));
  50   atomic_store(&s->rc, 1, memory_order_relaxed);
  51   return s;
  52 }
  53
  54 static FdSync *ref(FdSync *s) {
  55   if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1)
  56     atomic_fetch_add(&s->rc, 1, memory_order_relaxed);
  57   return s;
  58 }
  59
  60 static void unref(ThreadState *thr, uptr pc, FdSync *s) {
  61   if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1) {
  62     if (atomic_fetch_sub(&s->rc, 1, memory_order_acq_rel) == 1) {
  63       CHECK_NE(s, &fdctx.globsync);
  64       CHECK_NE(s, &fdctx.filesync);
  65       CHECK_NE(s, &fdctx.socksync);
  66       user_free(thr, pc, s);
  67     }
  68   }
  69 }
  70
  71 static FdDesc *fddesc(ThreadState *thr, uptr pc, int fd) {
  72   CHECK_GE(fd, 0);
  73   CHECK_LT(fd, kTableSize);
  74   atomic_uintptr_t *pl1 = &fdctx.tab[fd / kTableSizeL2];
  75   uptr l1 = atomic_load(pl1, memory_order_consume);
  76   if (l1 == 0) {
  77     uptr size = kTableSizeL2 * sizeof(FdDesc);
  78     // We need this to reside in user memory to properly catch races on it.
  79     void *p = user_alloc(thr, pc, size);
  80     internal_memset(p, 0, size);
  81     MemoryResetRange(thr, (uptr)&fddesc, (uptr)p, size);
  82     if (atomic_compare_exchange_strong(pl1, &l1, (uptr)p, memory_order_acq_rel))
  83       l1 = (uptr)p;
  84     else
  85       user_free(thr, pc, p);
  86   }
  87   return &((FdDesc*)l1)[fd % kTableSizeL2];  // NOLINT
  88 }
  89
  90 // pd must be already ref'ed.
  91 static void init(ThreadState *thr, uptr pc, int fd, FdSync *s) {
  92   FdDesc *d = fddesc(thr, pc, fd);
  93   // As a matter of fact, we don't intercept all close calls.
  94   // See e.g. libc __res_iclose().
  95   if (d->sync) {
  96     unref(thr, pc, d->sync);
  97     d->sync = 0;
  98   }
  99   if (flags()->io_sync == 0) {
 100     unref(thr, pc, s);
 101   } else if (flags()->io_sync == 1) {
 102     d->sync = s;
 103   } else if (flags()->io_sync == 2) {
 104     unref(thr, pc, s);
 105     d->sync = &fdctx.globsync;
 106   }
 107   d->creation_tid = thr->tid;
 108   d->creation_stack = CurrentStackId(thr, pc);
 109   // To catch races between fd usage and open.
 110   MemoryRangeImitateWrite(thr, pc, (uptr)d, 8);
 111 }
 112
 113 void FdInit() {
 114   atomic_store(&fdctx.globsync.rc, (u64)-1, memory_order_relaxed);
 115   atomic_store(&fdctx.filesync.rc, (u64)-1, memory_order_relaxed);
 116   atomic_store(&fdctx.socksync.rc, (u64)-1, memory_order_relaxed);
 117 }
 118
 119 void FdOnFork(ThreadState *thr, uptr pc) {
 120   // On fork() we need to reset all fd's, because the child is going
 121   // close all them, and that will cause races between previous read/write
 122   // and the close.
 123   for (int l1 = 0; l1 < kTableSizeL1; l1++) {
 124     FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);
 125     if (tab == 0)
 126       break;
 127     for (int l2 = 0; l2 < kTableSizeL2; l2++) {
 128       FdDesc *d = &tab[l2];
 129       MemoryResetRange(thr, pc, (uptr)d, 8);
 130     }
 131   }
 132 }
 133
 134 bool FdLocation(uptr addr, int *fd, int *tid, u32 *stack) {
 135   for (int l1 = 0; l1 < kTableSizeL1; l1++) {
 136     FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);
 137     if (tab == 0)
 138       break;
 139     if (addr >= (uptr)tab && addr < (uptr)(tab + kTableSizeL2)) {
 140       int l2 = (addr - (uptr)tab) / sizeof(FdDesc);
 141       FdDesc *d = &tab[l2];
 142       *fd = l1 * kTableSizeL1 + l2;
 143       *tid = d->creation_tid;
 144       *stack = d->creation_stack;
 145       return true;
 146     }
 147   }
 148   return false;
 149 }
 150
 151 void FdAcquire(ThreadState *thr, uptr pc, int fd) {
 152   if (bogusfd(fd))
 153     return;
 154   FdDesc *d = fddesc(thr, pc, fd);
 155   FdSync *s = d->sync;
 156   DPrintf("#%d: FdAcquire(%d) -> %p\n", thr->tid, fd, s);
 157   MemoryRead(thr, pc, (uptr)d, kSizeLog8);
 158   if (s)
 159     Acquire(thr, pc, (uptr)s);
 160 }
 161
 162 void FdRelease(ThreadState *thr, uptr pc, int fd) {
 163   if (bogusfd(fd))
 164     return;
 165   FdDesc *d = fddesc(thr, pc, fd);
 166   FdSync *s = d->sync;
 167   DPrintf("#%d: FdRelease(%d) -> %p\n", thr->tid, fd, s);
 168   MemoryRead(thr, pc, (uptr)d, kSizeLog8);
 169   if (s)
 170     Release(thr, pc, (uptr)s);
 171 }
 172
 173 void FdAccess(ThreadState *thr, uptr pc, int fd) {
 174   DPrintf("#%d: FdAccess(%d)\n", thr->tid, fd);
 175   if (bogusfd(fd))
 176     return;
 177   FdDesc *d = fddesc(thr, pc, fd);
 178   MemoryRead(thr, pc, (uptr)d, kSizeLog8);
 179 }
 180
 181 void FdClose(ThreadState *thr, uptr pc, int fd) {
 182   DPrintf("#%d: FdClose(%d)\n", thr->tid, fd);
 183   if (bogusfd(fd))
 184     return;
 185   FdDesc *d = fddesc(thr, pc, fd);
 186   // To catch races between fd usage and close.
 187   MemoryWrite(thr, pc, (uptr)d, kSizeLog8);
 188   // We need to clear it, because if we do not intercept any call out there
 189   // that creates fd, we will hit false postives.
 190   MemoryResetRange(thr, pc, (uptr)d, 8);
 191   unref(thr, pc, d->sync);
 192   d->sync = 0;
 193   d->creation_tid = 0;
 194   d->creation_stack = 0;
 195 }
 196
 197 void FdFileCreate(ThreadState *thr, uptr pc, int fd) {
 198   DPrintf("#%d: FdFileCreate(%d)\n", thr->tid, fd);
 199   if (bogusfd(fd))
 200     return;
 201   init(thr, pc, fd, &fdctx.filesync);
 202 }
 203
 204 void FdDup(ThreadState *thr, uptr pc, int oldfd, int newfd) {
 205   DPrintf("#%d: FdDup(%d, %d)\n", thr->tid, oldfd, newfd);
 206   if (bogusfd(oldfd) || bogusfd(newfd))
 207     return;
 208   // Ignore the case when user dups not yet connected socket.
 209   FdDesc *od = fddesc(thr, pc, oldfd);
 210   MemoryRead(thr, pc, (uptr)od, kSizeLog8);
 211   FdClose(thr, pc, newfd);
 212   init(thr, pc, newfd, ref(od->sync));
 213 }
 214
 215 void FdPipeCreate(ThreadState *thr, uptr pc, int rfd, int wfd) {
 216   DPrintf("#%d: FdCreatePipe(%d, %d)\n", thr->tid, rfd, wfd);
 217   FdSync *s = allocsync(thr, pc);
 218   init(thr, pc, rfd, ref(s));
 219   init(thr, pc, wfd, ref(s));
 220   unref(thr, pc, s);
 221 }
 222
 223 void FdEventCreate(ThreadState *thr, uptr pc, int fd) {
 224   DPrintf("#%d: FdEventCreate(%d)\n", thr->tid, fd);
 225   if (bogusfd(fd))
 226     return;
 227   init(thr, pc, fd, allocsync(thr, pc));
 228 }
 229
 230 void FdSignalCreate(ThreadState *thr, uptr pc, int fd) {
 231   DPrintf("#%d: FdSignalCreate(%d)\n", thr->tid, fd);
 232   if (bogusfd(fd))
 233     return;
 234   init(thr, pc, fd, 0);
 235 }
 236
 237 void FdInotifyCreate(ThreadState *thr, uptr pc, int fd) {
 238   DPrintf("#%d: FdInotifyCreate(%d)\n", thr->tid, fd);
 239   if (bogusfd(fd))
 240     return;
 241   init(thr, pc, fd, 0);
 242 }
 243
 244 void FdPollCreate(ThreadState *thr, uptr pc, int fd) {
 245   DPrintf("#%d: FdPollCreate(%d)\n", thr->tid, fd);
 246   if (bogusfd(fd))
 247     return;
 248   init(thr, pc, fd, allocsync(thr, pc));
 249 }
 250
 251 void FdSocketCreate(ThreadState *thr, uptr pc, int fd) {
 252   DPrintf("#%d: FdSocketCreate(%d)\n", thr->tid, fd);
 253   if (bogusfd(fd))
 254     return;
 255   // It can be a UDP socket.
 256   init(thr, pc, fd, &fdctx.socksync);
 257 }
 258
 259 void FdSocketAccept(ThreadState *thr, uptr pc, int fd, int newfd) {
 260   DPrintf("#%d: FdSocketAccept(%d, %d)\n", thr->tid, fd, newfd);
 261   if (bogusfd(fd))
 262     return;
 263   // Synchronize connect->accept.
 264   Acquire(thr, pc, (uptr)&fdctx.connectsync);
 265   init(thr, pc, newfd, &fdctx.socksync);
 266 }
 267
 268 void FdSocketConnecting(ThreadState *thr, uptr pc, int fd) {
 269   DPrintf("#%d: FdSocketConnecting(%d)\n", thr->tid, fd);
 270   if (bogusfd(fd))
 271     return;
 272   // Synchronize connect->accept.
 273   Release(thr, pc, (uptr)&fdctx.connectsync);
 274 }
 275
 276 void FdSocketConnect(ThreadState *thr, uptr pc, int fd) {
 277   DPrintf("#%d: FdSocketConnect(%d)\n", thr->tid, fd);
 278   if (bogusfd(fd))
 279     return;
 280   init(thr, pc, fd, &fdctx.socksync);
 281 }
 282
 283 uptr File2addr(const char *path) {
 284   (void)path;
 285   static u64 addr;
 286   return (uptr)&addr;
 287 }
 288
 289 uptr Dir2addr(const char *path) {
 290   (void)path;
 291   static u64 addr;
 292   return (uptr)&addr;
 293 }
 294
 295 }  //  namespace __tsan