Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_fd.cpp
35268 views
1
//===-- tsan_fd.cpp -------------------------------------------------------===//

2
//

3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

4
// See https://llvm.org/LICENSE.txt for license information.

5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

6
//

7
//===----------------------------------------------------------------------===//

8
//

9
// This file is a part of ThreadSanitizer (TSan), a race detector.

10
//

11
//===----------------------------------------------------------------------===//

12


13
#include "tsan_fd.h"

14


15
#include <sanitizer_common/sanitizer_atomic.h>

16


17
#include "tsan_interceptors.h"

18
#include "tsan_rtl.h"

19


20
namespace __tsan {

21


22
const int kTableSizeL1 = 1024;

23
const int kTableSizeL2 = 1024;

24
const int kTableSize = kTableSizeL1 * kTableSizeL2;

25


26
struct FdSync {

27
  atomic_uint64_t rc;

28
};

29


30
struct FdDesc {

31
  FdSync *sync;

32
  // This is used to establish write -> epoll_wait synchronization

33
  // where epoll_wait receives notification about the write.

34
  atomic_uintptr_t aux_sync;  // FdSync*

35
  Tid creation_tid;

36
  StackID creation_stack;

37
  bool closed;

38
};

39


40
struct FdContext {

41
  atomic_uintptr_t tab[kTableSizeL1];

42
  // Addresses used for synchronization.

43
  FdSync globsync;

44
  FdSync filesync;

45
  FdSync socksync;

46
  u64 connectsync;

47
};

48


49
static FdContext fdctx;

50


51
static bool bogusfd(int fd) {

52
  // Apparently a bogus fd value.

53
  return fd < 0 || fd >= kTableSize;

54
}

55


56
static FdSync *allocsync(ThreadState *thr, uptr pc) {

57
  FdSync *s = (FdSync*)user_alloc_internal(thr, pc, sizeof(FdSync),

58
      kDefaultAlignment, false);

59
  atomic_store(&s->rc, 1, memory_order_relaxed);

60
  return s;

61
}

62


63
static FdSync *ref(FdSync *s) {

64
  if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1)

65
    atomic_fetch_add(&s->rc, 1, memory_order_relaxed);

66
  return s;

67
}

68


69
static void unref(ThreadState *thr, uptr pc, FdSync *s) {

70
  if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1) {

71
    if (atomic_fetch_sub(&s->rc, 1, memory_order_acq_rel) == 1) {

72
      CHECK_NE(s, &fdctx.globsync);

73
      CHECK_NE(s, &fdctx.filesync);

74
      CHECK_NE(s, &fdctx.socksync);

75
      user_free(thr, pc, s, false);

76
    }

77
  }

78
}

79


80
static FdDesc *fddesc(ThreadState *thr, uptr pc, int fd) {

81
  CHECK_GE(fd, 0);

82
  CHECK_LT(fd, kTableSize);

83
  atomic_uintptr_t *pl1 = &fdctx.tab[fd / kTableSizeL2];

84
  uptr l1 = atomic_load(pl1, memory_order_consume);

85
  if (l1 == 0) {

86
    uptr size = kTableSizeL2 * sizeof(FdDesc);

87
    // We need this to reside in user memory to properly catch races on it.

88
    void *p = user_alloc_internal(thr, pc, size, kDefaultAlignment, false);

89
    internal_memset(p, 0, size);

90
    MemoryResetRange(thr, (uptr)&fddesc, (uptr)p, size);

91
    if (atomic_compare_exchange_strong(pl1, &l1, (uptr)p, memory_order_acq_rel))

92
      l1 = (uptr)p;

93
    else

94
      user_free(thr, pc, p, false);

95
  }

96
  FdDesc *fds = reinterpret_cast<FdDesc *>(l1);

97
  return &fds[fd % kTableSizeL2];

98
}

99


100
// pd must be already ref'ed.

101
static void init(ThreadState *thr, uptr pc, int fd, FdSync *s,

102
    bool write = true) {

103
  FdDesc *d = fddesc(thr, pc, fd);

104
  // As a matter of fact, we don't intercept all close calls.

105
  // See e.g. libc __res_iclose().

106
  if (d->sync) {

107
    unref(thr, pc, d->sync);

108
    d->sync = 0;

109
  }

110
  unref(thr, pc,

111
        reinterpret_cast<FdSync *>(

112
            atomic_load(&d->aux_sync, memory_order_relaxed)));

113
  atomic_store(&d->aux_sync, 0, memory_order_relaxed);

114
  if (flags()->io_sync == 0) {

115
    unref(thr, pc, s);

116
  } else if (flags()->io_sync == 1) {

117
    d->sync = s;

118
  } else if (flags()->io_sync == 2) {

119
    unref(thr, pc, s);

120
    d->sync = &fdctx.globsync;

121
  }

122
  d->creation_tid = thr->tid;

123
  d->creation_stack = CurrentStackId(thr, pc);

124
  d->closed = false;

125
  // This prevents false positives on fd_close_norace3.cpp test.

126
  // The mechanics of the false positive are not completely clear,

127
  // but it happens only if global reset is enabled (flush_memory_ms=1)

128
  // and may be related to lost writes during asynchronous MADV_DONTNEED.

129
  SlotLocker locker(thr);

130
  if (write) {

131
    // To catch races between fd usage and open.

132
    MemoryRangeImitateWrite(thr, pc, (uptr)d, 8);

133
  } else {

134
    // See the dup-related comment in FdClose.

135
    MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead | kAccessSlotLocked);

136
  }

137
}

138


139
void FdInit() {

140
  atomic_store(&fdctx.globsync.rc, (u64)-1, memory_order_relaxed);

141
  atomic_store(&fdctx.filesync.rc, (u64)-1, memory_order_relaxed);

142
  atomic_store(&fdctx.socksync.rc, (u64)-1, memory_order_relaxed);

143
}

144


145
void FdOnFork(ThreadState *thr, uptr pc) {

146
  // On fork() we need to reset all fd's, because the child is going

147
  // close all them, and that will cause races between previous read/write

148
  // and the close.

149
  for (int l1 = 0; l1 < kTableSizeL1; l1++) {

150
    FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);

151
    if (tab == 0)

152
      break;

153
    for (int l2 = 0; l2 < kTableSizeL2; l2++) {

154
      FdDesc *d = &tab[l2];

155
      MemoryResetRange(thr, pc, (uptr)d, 8);

156
    }

157
  }

158
}

159


160
bool FdLocation(uptr addr, int *fd, Tid *tid, StackID *stack, bool *closed) {

161
  for (int l1 = 0; l1 < kTableSizeL1; l1++) {

162
    FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);

163
    if (tab == 0)

164
      break;

165
    if (addr >= (uptr)tab && addr < (uptr)(tab + kTableSizeL2)) {

166
      int l2 = (addr - (uptr)tab) / sizeof(FdDesc);

167
      FdDesc *d = &tab[l2];

168
      *fd = l1 * kTableSizeL1 + l2;

169
      *tid = d->creation_tid;

170
      *stack = d->creation_stack;

171
      *closed = d->closed;

172
      return true;

173
    }

174
  }

175
  return false;

176
}

177


178
void FdAcquire(ThreadState *thr, uptr pc, int fd) {

179
  if (bogusfd(fd))

180
    return;

181
  FdDesc *d = fddesc(thr, pc, fd);

182
  FdSync *s = d->sync;

183
  DPrintf("#%d: FdAcquire(%d) -> %p\n", thr->tid, fd, s);

184
  MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead);

185
  if (s)

186
    Acquire(thr, pc, (uptr)s);

187
}

188


189
void FdRelease(ThreadState *thr, uptr pc, int fd) {

190
  if (bogusfd(fd))

191
    return;

192
  FdDesc *d = fddesc(thr, pc, fd);

193
  FdSync *s = d->sync;

194
  DPrintf("#%d: FdRelease(%d) -> %p\n", thr->tid, fd, s);

195
  MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead);

196
  if (s)

197
    Release(thr, pc, (uptr)s);

198
  if (uptr aux_sync = atomic_load(&d->aux_sync, memory_order_acquire))

199
    Release(thr, pc, aux_sync);

200
}

201


202
void FdAccess(ThreadState *thr, uptr pc, int fd) {

203
  DPrintf("#%d: FdAccess(%d)\n", thr->tid, fd);

204
  if (bogusfd(fd))

205
    return;

206
  FdDesc *d = fddesc(thr, pc, fd);

207
  MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead);

208
}

209


210
void FdClose(ThreadState *thr, uptr pc, int fd, bool write) {

211
  DPrintf("#%d: FdClose(%d)\n", thr->tid, fd);

212
  if (bogusfd(fd))

213
    return;

214
  FdDesc *d = fddesc(thr, pc, fd);

215
  {

216
    // Need to lock the slot to make MemoryAccess and MemoryResetRange atomic

217
    // with respect to global reset. See the comment in MemoryRangeFreed.

218
    SlotLocker locker(thr);

219
    if (!MustIgnoreInterceptor(thr)) {

220
      if (write) {

221
        // To catch races between fd usage and close.

222
        MemoryAccess(thr, pc, (uptr)d, 8,

223
                     kAccessWrite | kAccessCheckOnly | kAccessSlotLocked);

224
      } else {

225
        // This path is used only by dup2/dup3 calls.

226
        // We do read instead of write because there is a number of legitimate

227
        // cases where write would lead to false positives:

228
        // 1. Some software dups a closed pipe in place of a socket before

229
        // closing

230
        //    the socket (to prevent races actually).

231
        // 2. Some daemons dup /dev/null in place of stdin/stdout.

232
        // On the other hand we have not seen cases when write here catches real

233
        // bugs.

234
        MemoryAccess(thr, pc, (uptr)d, 8,

235
                     kAccessRead | kAccessCheckOnly | kAccessSlotLocked);

236
      }

237
    }

238
    // We need to clear it, because if we do not intercept any call out there

239
    // that creates fd, we will hit false postives.

240
    MemoryResetRange(thr, pc, (uptr)d, 8);

241
  }

242
  unref(thr, pc, d->sync);

243
  d->sync = 0;

244
  unref(thr, pc,

245
        reinterpret_cast<FdSync *>(

246
            atomic_load(&d->aux_sync, memory_order_relaxed)));

247
  atomic_store(&d->aux_sync, 0, memory_order_relaxed);

248
  d->closed = true;

249
  d->creation_tid = thr->tid;

250
  d->creation_stack = CurrentStackId(thr, pc);

251
}

252


253
void FdFileCreate(ThreadState *thr, uptr pc, int fd) {

254
  DPrintf("#%d: FdFileCreate(%d)\n", thr->tid, fd);

255
  if (bogusfd(fd))

256
    return;

257
  init(thr, pc, fd, &fdctx.filesync);

258
}

259


260
void FdDup(ThreadState *thr, uptr pc, int oldfd, int newfd, bool write) {

261
  DPrintf("#%d: FdDup(%d, %d)\n", thr->tid, oldfd, newfd);

262
  if (bogusfd(oldfd) || bogusfd(newfd))

263
    return;

264
  // Ignore the case when user dups not yet connected socket.

265
  FdDesc *od = fddesc(thr, pc, oldfd);

266
  MemoryAccess(thr, pc, (uptr)od, 8, kAccessRead);

267
  FdClose(thr, pc, newfd, write);

268
  init(thr, pc, newfd, ref(od->sync), write);

269
}

270


271
void FdPipeCreate(ThreadState *thr, uptr pc, int rfd, int wfd) {

272
  DPrintf("#%d: FdCreatePipe(%d, %d)\n", thr->tid, rfd, wfd);

273
  FdSync *s = allocsync(thr, pc);

274
  init(thr, pc, rfd, ref(s));

275
  init(thr, pc, wfd, ref(s));

276
  unref(thr, pc, s);

277
}

278


279
void FdEventCreate(ThreadState *thr, uptr pc, int fd) {

280
  DPrintf("#%d: FdEventCreate(%d)\n", thr->tid, fd);

281
  if (bogusfd(fd))

282
    return;

283
  init(thr, pc, fd, allocsync(thr, pc));

284
}

285


286
void FdSignalCreate(ThreadState *thr, uptr pc, int fd) {

287
  DPrintf("#%d: FdSignalCreate(%d)\n", thr->tid, fd);

288
  if (bogusfd(fd))

289
    return;

290
  init(thr, pc, fd, 0);

291
}

292


293
void FdInotifyCreate(ThreadState *thr, uptr pc, int fd) {

294
  DPrintf("#%d: FdInotifyCreate(%d)\n", thr->tid, fd);

295
  if (bogusfd(fd))

296
    return;

297
  init(thr, pc, fd, 0);

298
}

299


300
void FdPollCreate(ThreadState *thr, uptr pc, int fd) {

301
  DPrintf("#%d: FdPollCreate(%d)\n", thr->tid, fd);

302
  if (bogusfd(fd))

303
    return;

304
  init(thr, pc, fd, allocsync(thr, pc));

305
}

306


307
void FdPollAdd(ThreadState *thr, uptr pc, int epfd, int fd) {

308
  DPrintf("#%d: FdPollAdd(%d, %d)\n", thr->tid, epfd, fd);

309
  if (bogusfd(epfd) || bogusfd(fd))

310
    return;

311
  FdDesc *d = fddesc(thr, pc, fd);

312
  // Associate fd with epoll fd only once.

313
  // While an fd can be associated with multiple epolls at the same time,

314
  // or with different epolls during different phases of lifetime,

315
  // synchronization semantics (and examples) of this are unclear.

316
  // So we don't support this for now.

317
  // If we change the association, it will also create lifetime management

318
  // problem for FdRelease which accesses the aux_sync.

319
  if (atomic_load(&d->aux_sync, memory_order_relaxed))

320
    return;

321
  FdDesc *epd = fddesc(thr, pc, epfd);

322
  FdSync *s = epd->sync;

323
  if (!s)

324
    return;

325
  uptr cmp = 0;

326
  if (atomic_compare_exchange_strong(

327
          &d->aux_sync, &cmp, reinterpret_cast<uptr>(s), memory_order_release))

328
    ref(s);

329
}

330


331
void FdSocketCreate(ThreadState *thr, uptr pc, int fd) {

332
  DPrintf("#%d: FdSocketCreate(%d)\n", thr->tid, fd);

333
  if (bogusfd(fd))

334
    return;

335
  // It can be a UDP socket.

336
  init(thr, pc, fd, &fdctx.socksync);

337
}

338


339
void FdSocketAccept(ThreadState *thr, uptr pc, int fd, int newfd) {

340
  DPrintf("#%d: FdSocketAccept(%d, %d)\n", thr->tid, fd, newfd);

341
  if (bogusfd(fd))

342
    return;

343
  // Synchronize connect->accept.

344
  Acquire(thr, pc, (uptr)&fdctx.connectsync);

345
  init(thr, pc, newfd, &fdctx.socksync);

346
}

347


348
void FdSocketConnecting(ThreadState *thr, uptr pc, int fd) {

349
  DPrintf("#%d: FdSocketConnecting(%d)\n", thr->tid, fd);

350
  if (bogusfd(fd))

351
    return;

352
  // Synchronize connect->accept.

353
  Release(thr, pc, (uptr)&fdctx.connectsync);

354
}

355


356
void FdSocketConnect(ThreadState *thr, uptr pc, int fd) {

357
  DPrintf("#%d: FdSocketConnect(%d)\n", thr->tid, fd);

358
  if (bogusfd(fd))

359
    return;

360
  init(thr, pc, fd, &fdctx.socksync);

361
}

362


363
uptr File2addr(const char *path) {

364
  (void)path;

365
  static u64 addr;

366
  return (uptr)&addr;

367
}

368


369
uptr Dir2addr(const char *path) {

370
  (void)path;

371
  static u64 addr;

372
  return (uptr)&addr;

373
}

374


375
}  //  namespace __tsan

376


377