xref: /freebsd/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp (revision 0fca6ea1d4eea4c934cfff25ac9ee8ad6fe95583)
1 //===-- tsan_platform_linux.cpp -------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file is a part of ThreadSanitizer (TSan), a race detector.
10 //
11 // Linux- and BSD-specific code.
12 //===----------------------------------------------------------------------===//
13 
14 #include "sanitizer_common/sanitizer_platform.h"
15 #if SANITIZER_LINUX || SANITIZER_FREEBSD || SANITIZER_NETBSD
16 
17 #include "sanitizer_common/sanitizer_common.h"
18 #include "sanitizer_common/sanitizer_libc.h"
19 #include "sanitizer_common/sanitizer_linux.h"
20 #include "sanitizer_common/sanitizer_platform_limits_netbsd.h"
21 #include "sanitizer_common/sanitizer_platform_limits_posix.h"
22 #include "sanitizer_common/sanitizer_posix.h"
23 #include "sanitizer_common/sanitizer_procmaps.h"
24 #include "sanitizer_common/sanitizer_stackdepot.h"
25 #include "sanitizer_common/sanitizer_stoptheworld.h"
26 #include "tsan_flags.h"
27 #include "tsan_platform.h"
28 #include "tsan_rtl.h"
29 
30 #include <fcntl.h>
31 #include <pthread.h>
32 #include <signal.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <stdarg.h>
37 #include <sys/mman.h>
38 #if SANITIZER_LINUX
39 #include <sys/personality.h>
40 #include <setjmp.h>
41 #endif
42 #include <sys/syscall.h>
43 #include <sys/socket.h>
44 #include <sys/time.h>
45 #include <sys/types.h>
46 #include <sys/resource.h>
47 #include <sys/stat.h>
48 #include <unistd.h>
49 #include <sched.h>
50 #include <dlfcn.h>
51 #if SANITIZER_LINUX
52 #define __need_res_state
53 #include <resolv.h>
54 #endif
55 
56 #ifdef sa_handler
57 # undef sa_handler
58 #endif
59 
60 #ifdef sa_sigaction
61 # undef sa_sigaction
62 #endif
63 
64 #if SANITIZER_FREEBSD
65 extern "C" void *__libc_stack_end;
66 void *__libc_stack_end = 0;
67 #endif
68 
69 #if SANITIZER_LINUX && (defined(__aarch64__) || defined(__loongarch_lp64)) && \
70     !SANITIZER_GO
71 # define INIT_LONGJMP_XOR_KEY 1
72 #else
73 # define INIT_LONGJMP_XOR_KEY 0
74 #endif
75 
76 #if INIT_LONGJMP_XOR_KEY
77 #include "interception/interception.h"
78 // Must be declared outside of other namespaces.
79 DECLARE_REAL(int, _setjmp, void *env)
80 #endif
81 
82 namespace __tsan {
83 
84 #if INIT_LONGJMP_XOR_KEY
85 static void InitializeLongjmpXorKey();
86 static uptr longjmp_xor_key;
87 #endif
88 
89 // Runtime detected VMA size.
90 uptr vmaSize;
91 
92 enum {
93   MemTotal,
94   MemShadow,
95   MemMeta,
96   MemFile,
97   MemMmap,
98   MemHeap,
99   MemOther,
100   MemCount,
101 };
102 
FillProfileCallback(uptr p,uptr rss,bool file,uptr * mem)103 void FillProfileCallback(uptr p, uptr rss, bool file, uptr *mem) {
104   mem[MemTotal] += rss;
105   if (p >= ShadowBeg() && p < ShadowEnd())
106     mem[MemShadow] += rss;
107   else if (p >= MetaShadowBeg() && p < MetaShadowEnd())
108     mem[MemMeta] += rss;
109   else if ((p >= LoAppMemBeg() && p < LoAppMemEnd()) ||
110            (p >= MidAppMemBeg() && p < MidAppMemEnd()) ||
111            (p >= HiAppMemBeg() && p < HiAppMemEnd()))
112     mem[file ? MemFile : MemMmap] += rss;
113   else if (p >= HeapMemBeg() && p < HeapMemEnd())
114     mem[MemHeap] += rss;
115   else
116     mem[MemOther] += rss;
117 }
118 
WriteMemoryProfile(char * buf,uptr buf_size,u64 uptime_ns)119 void WriteMemoryProfile(char *buf, uptr buf_size, u64 uptime_ns) {
120   uptr mem[MemCount];
121   internal_memset(mem, 0, sizeof(mem));
122   GetMemoryProfile(FillProfileCallback, mem);
123   auto meta = ctx->metamap.GetMemoryStats();
124   StackDepotStats stacks = StackDepotGetStats();
125   uptr nthread, nlive;
126   ctx->thread_registry.GetNumberOfThreads(&nthread, &nlive);
127   uptr trace_mem;
128   {
129     Lock l(&ctx->slot_mtx);
130     trace_mem = ctx->trace_part_total_allocated * sizeof(TracePart);
131   }
132   uptr internal_stats[AllocatorStatCount];
133   internal_allocator()->GetStats(internal_stats);
134   // All these are allocated from the common mmap region.
135   mem[MemMmap] -= meta.mem_block + meta.sync_obj + trace_mem +
136                   stacks.allocated + internal_stats[AllocatorStatMapped];
137   if (s64(mem[MemMmap]) < 0)
138     mem[MemMmap] = 0;
139   internal_snprintf(
140       buf, buf_size,
141       "==%zu== %llus [%zu]: RSS %zd MB: shadow:%zd meta:%zd file:%zd"
142       " mmap:%zd heap:%zd other:%zd intalloc:%zd memblocks:%zd syncobj:%zu"
143       " trace:%zu stacks=%zd threads=%zu/%zu\n",
144       internal_getpid(), uptime_ns / (1000 * 1000 * 1000), ctx->global_epoch,
145       mem[MemTotal] >> 20, mem[MemShadow] >> 20, mem[MemMeta] >> 20,
146       mem[MemFile] >> 20, mem[MemMmap] >> 20, mem[MemHeap] >> 20,
147       mem[MemOther] >> 20, internal_stats[AllocatorStatMapped] >> 20,
148       meta.mem_block >> 20, meta.sync_obj >> 20, trace_mem >> 20,
149       stacks.allocated >> 20, nlive, nthread);
150 }
151 
152 #if !SANITIZER_GO
153 // Mark shadow for .rodata sections with the special Shadow::kRodata marker.
154 // Accesses to .rodata can't race, so this saves time, memory and trace space.
MapRodata(char * buffer,uptr size)155 static NOINLINE void MapRodata(char* buffer, uptr size) {
156   // First create temp file.
157   const char *tmpdir = GetEnv("TMPDIR");
158   if (tmpdir == 0)
159     tmpdir = GetEnv("TEST_TMPDIR");
160 #ifdef P_tmpdir
161   if (tmpdir == 0)
162     tmpdir = P_tmpdir;
163 #endif
164   if (tmpdir == 0)
165     return;
166   internal_snprintf(buffer, size, "%s/tsan.rodata.%d",
167                     tmpdir, (int)internal_getpid());
168   uptr openrv = internal_open(buffer, O_RDWR | O_CREAT | O_EXCL, 0600);
169   if (internal_iserror(openrv))
170     return;
171   internal_unlink(buffer);  // Unlink it now, so that we can reuse the buffer.
172   fd_t fd = openrv;
173   // Fill the file with Shadow::kRodata.
174   const uptr kMarkerSize = 512 * 1024 / sizeof(RawShadow);
175   InternalMmapVector<RawShadow> marker(kMarkerSize);
176   // volatile to prevent insertion of memset
177   for (volatile RawShadow *p = marker.data(); p < marker.data() + kMarkerSize;
178        p++)
179     *p = Shadow::kRodata;
180   internal_write(fd, marker.data(), marker.size() * sizeof(RawShadow));
181   // Map the file into memory.
182   uptr page = internal_mmap(0, GetPageSizeCached(), PROT_READ | PROT_WRITE,
183                             MAP_PRIVATE | MAP_ANONYMOUS, fd, 0);
184   if (internal_iserror(page)) {
185     internal_close(fd);
186     return;
187   }
188   // Map the file into shadow of .rodata sections.
189   MemoryMappingLayout proc_maps(/*cache_enabled*/true);
190   // Reusing the buffer 'buffer'.
191   MemoryMappedSegment segment(buffer, size);
192   while (proc_maps.Next(&segment)) {
193     if (segment.filename[0] != 0 && segment.filename[0] != '[' &&
194         segment.IsReadable() && segment.IsExecutable() &&
195         !segment.IsWritable() && IsAppMem(segment.start)) {
196       // Assume it's .rodata
197       char *shadow_start = (char *)MemToShadow(segment.start);
198       char *shadow_end = (char *)MemToShadow(segment.end);
199       for (char *p = shadow_start; p < shadow_end;
200            p += marker.size() * sizeof(RawShadow)) {
201         internal_mmap(
202             p, Min<uptr>(marker.size() * sizeof(RawShadow), shadow_end - p),
203             PROT_READ, MAP_PRIVATE | MAP_FIXED, fd, 0);
204       }
205     }
206   }
207   internal_close(fd);
208 }
209 
InitializeShadowMemoryPlatform()210 void InitializeShadowMemoryPlatform() {
211   char buffer[256];  // Keep in a different frame.
212   MapRodata(buffer, sizeof(buffer));
213 }
214 
215 #endif  // #if !SANITIZER_GO
216 
217 #  if !SANITIZER_GO
ReExecIfNeeded(bool ignore_heap)218 static void ReExecIfNeeded(bool ignore_heap) {
219   // Go maps shadow memory lazily and works fine with limited address space.
220   // Unlimited stack is not a problem as well, because the executable
221   // is not compiled with -pie.
222   bool reexec = false;
223   // TSan doesn't play well with unlimited stack size (as stack
224   // overlaps with shadow memory). If we detect unlimited stack size,
225   // we re-exec the program with limited stack size as a best effort.
226   if (StackSizeIsUnlimited()) {
227     const uptr kMaxStackSize = 32 * 1024 * 1024;
228     VReport(1,
229             "Program is run with unlimited stack size, which wouldn't "
230             "work with ThreadSanitizer.\n"
231             "Re-execing with stack size limited to %zd bytes.\n",
232             kMaxStackSize);
233     SetStackSizeLimitInBytes(kMaxStackSize);
234     reexec = true;
235   }
236 
237   if (!AddressSpaceIsUnlimited()) {
238     Report(
239         "WARNING: Program is run with limited virtual address space,"
240         " which wouldn't work with ThreadSanitizer.\n");
241     Report("Re-execing with unlimited virtual address space.\n");
242     SetAddressSpaceUnlimited();
243     reexec = true;
244   }
245 
246 #    if SANITIZER_LINUX
247 #      if SANITIZER_ANDROID && (defined(__aarch64__) || defined(__x86_64__))
248   // ASLR personality check.
249   int old_personality = personality(0xffffffff);
250   bool aslr_on =
251       (old_personality != -1) && ((old_personality & ADDR_NO_RANDOMIZE) == 0);
252 
253   // After patch "arm64: mm: support ARCH_MMAP_RND_BITS." is introduced in
254   // linux kernel, the random gap between stack and mapped area is increased
255   // from 128M to 36G on 39-bit aarch64. As it is almost impossible to cover
256   // this big range, we should disable randomized virtual space on aarch64.
257   if (aslr_on) {
258     VReport(1,
259             "WARNING: Program is run with randomized virtual address "
260             "space, which wouldn't work with ThreadSanitizer on Android.\n"
261             "Re-execing with fixed virtual address space.\n");
262     CHECK_NE(personality(old_personality | ADDR_NO_RANDOMIZE), -1);
263     reexec = true;
264   }
265 #      endif
266 
267   if (reexec) {
268     // Don't check the address space since we're going to re-exec anyway.
269   } else if (!CheckAndProtect(false, ignore_heap, false)) {
270     // ASLR personality check.
271     // N.B. 'personality' is sometimes forbidden by sandboxes, so we only call
272     // this as a last resort (when the memory mapping is incompatible and TSan
273     // would fail anyway).
274     int old_personality = personality(0xffffffff);
275     bool aslr_on =
276         (old_personality != -1) && ((old_personality & ADDR_NO_RANDOMIZE) == 0);
277 
278     if (aslr_on) {
279       // Disable ASLR if the memory layout was incompatible.
280       // Alternatively, we could just keep re-execing until we get lucky
281       // with a compatible randomized layout, but the risk is that if it's
282       // not an ASLR-related issue, we will be stuck in an infinite loop of
283       // re-execing (unless we change ReExec to pass a parameter of the
284       // number of retries allowed.)
285       VReport(1,
286               "WARNING: ThreadSanitizer: memory layout is incompatible, "
287               "possibly due to high-entropy ASLR.\n"
288               "Re-execing with fixed virtual address space.\n"
289               "N.B. reducing ASLR entropy is preferable.\n");
290       CHECK_NE(personality(old_personality | ADDR_NO_RANDOMIZE), -1);
291       reexec = true;
292     } else {
293       Printf(
294           "FATAL: ThreadSanitizer: memory layout is incompatible, "
295           "even though ASLR is disabled.\n"
296           "Please file a bug.\n");
297       DumpProcessMap();
298       Die();
299     }
300   }
301 #    endif  // SANITIZER_LINUX
302 
303   if (reexec)
304     ReExec();
305 }
306 #  endif
307 
InitializePlatformEarly()308 void InitializePlatformEarly() {
309   vmaSize =
310     (MostSignificantSetBitIndex(GET_CURRENT_FRAME()) + 1);
311 #if defined(__aarch64__)
312 # if !SANITIZER_GO
313   if (vmaSize != 39 && vmaSize != 42 && vmaSize != 48) {
314     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
315     Printf("FATAL: Found %zd - Supported 39, 42 and 48\n", vmaSize);
316     Die();
317   }
318 #else
319   if (vmaSize != 48) {
320     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
321     Printf("FATAL: Found %zd - Supported 48\n", vmaSize);
322     Die();
323   }
324 #endif
325 #elif SANITIZER_LOONGARCH64
326 # if !SANITIZER_GO
327   if (vmaSize != 47) {
328     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
329     Printf("FATAL: Found %zd - Supported 47\n", vmaSize);
330     Die();
331   }
332 #    else
333   if (vmaSize != 47) {
334     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
335     Printf("FATAL: Found %zd - Supported 47\n", vmaSize);
336     Die();
337   }
338 #    endif
339 #elif defined(__powerpc64__)
340 # if !SANITIZER_GO
341   if (vmaSize != 44 && vmaSize != 46 && vmaSize != 47) {
342     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
343     Printf("FATAL: Found %zd - Supported 44, 46, and 47\n", vmaSize);
344     Die();
345   }
346 # else
347   if (vmaSize != 46 && vmaSize != 47) {
348     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
349     Printf("FATAL: Found %zd - Supported 46, and 47\n", vmaSize);
350     Die();
351   }
352 # endif
353 #elif defined(__mips64)
354 # if !SANITIZER_GO
355   if (vmaSize != 40) {
356     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
357     Printf("FATAL: Found %zd - Supported 40\n", vmaSize);
358     Die();
359   }
360 # else
361   if (vmaSize != 47) {
362     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
363     Printf("FATAL: Found %zd - Supported 47\n", vmaSize);
364     Die();
365   }
366 # endif
367 #  elif SANITIZER_RISCV64
368   // the bottom half of vma is allocated for userspace
369   vmaSize = vmaSize + 1;
370 #    if !SANITIZER_GO
371   if (vmaSize != 39 && vmaSize != 48) {
372     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
373     Printf("FATAL: Found %zd - Supported 39 and 48\n", vmaSize);
374     Die();
375   }
376 #    endif
377 #  endif
378 
379 #  if !SANITIZER_GO
380   // Heap has not been allocated yet
381   ReExecIfNeeded(false);
382 #  endif
383 }
384 
InitializePlatform()385 void InitializePlatform() {
386   DisableCoreDumperIfNecessary();
387 
388   // Go maps shadow memory lazily and works fine with limited address space.
389   // Unlimited stack is not a problem as well, because the executable
390   // is not compiled with -pie.
391 #if !SANITIZER_GO
392   {
393 #    if SANITIZER_LINUX && (defined(__aarch64__) || defined(__loongarch_lp64))
394     // Initialize the xor key used in {sig}{set,long}jump.
395     InitializeLongjmpXorKey();
396 #    endif
397   }
398 
399   // We called ReExecIfNeeded() in InitializePlatformEarly(), but there are
400   // intervening allocations that result in an edge case:
401   // 1) InitializePlatformEarly(): memory layout is compatible
402   // 2) Intervening allocations happen
403   // 3) InitializePlatform(): memory layout is incompatible and fails
404   //    CheckAndProtect()
405 #    if !SANITIZER_GO
406   // Heap has already been allocated
407   ReExecIfNeeded(true);
408 #    endif
409 
410   // Earlier initialization steps already re-exec'ed until we got a compatible
411   // memory layout, so we don't expect any more issues here.
412   if (!CheckAndProtect(true, true, true)) {
413     Printf(
414         "FATAL: ThreadSanitizer: unexpectedly found incompatible memory "
415         "layout.\n");
416     Printf("FATAL: Please file a bug.\n");
417     DumpProcessMap();
418     Die();
419   }
420 
421   InitTlsSize();
422 #endif  // !SANITIZER_GO
423 }
424 
425 #if !SANITIZER_GO
426 // Extract file descriptors passed to glibc internal __res_iclose function.
427 // This is required to properly "close" the fds, because we do not see internal
428 // closes within glibc. The code is a pure hack.
ExtractResolvFDs(void * state,int * fds,int nfd)429 int ExtractResolvFDs(void *state, int *fds, int nfd) {
430 #if SANITIZER_LINUX && !SANITIZER_ANDROID
431   int cnt = 0;
432   struct __res_state *statp = (struct __res_state*)state;
433   for (int i = 0; i < MAXNS && cnt < nfd; i++) {
434     if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1)
435       fds[cnt++] = statp->_u._ext.nssocks[i];
436   }
437   return cnt;
438 #else
439   return 0;
440 #endif
441 }
442 
443 // Extract file descriptors passed via UNIX domain sockets.
444 // This is required to properly handle "open" of these fds.
445 // see 'man recvmsg' and 'man 3 cmsg'.
ExtractRecvmsgFDs(void * msgp,int * fds,int nfd)446 int ExtractRecvmsgFDs(void *msgp, int *fds, int nfd) {
447   int res = 0;
448   msghdr *msg = (msghdr*)msgp;
449   struct cmsghdr *cmsg = CMSG_FIRSTHDR(msg);
450   for (; cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
451     if (cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_type != SCM_RIGHTS)
452       continue;
453     int n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(fds[0]);
454     for (int i = 0; i < n; i++) {
455       fds[res++] = ((int*)CMSG_DATA(cmsg))[i];
456       if (res == nfd)
457         return res;
458     }
459   }
460   return res;
461 }
462 
463 // Reverse operation of libc stack pointer mangling
UnmangleLongJmpSp(uptr mangled_sp)464 static uptr UnmangleLongJmpSp(uptr mangled_sp) {
465 #if defined(__x86_64__)
466 # if SANITIZER_LINUX
467   // Reverse of:
468   //   xor  %fs:0x30, %rsi
469   //   rol  $0x11, %rsi
470   uptr sp;
471   asm("ror  $0x11,     %0 \n"
472       "xor  %%fs:0x30, %0 \n"
473       : "=r" (sp)
474       : "0" (mangled_sp));
475   return sp;
476 # else
477   return mangled_sp;
478 # endif
479 #elif defined(__aarch64__)
480 # if SANITIZER_LINUX
481   return mangled_sp ^ longjmp_xor_key;
482 # else
483   return mangled_sp;
484 # endif
485 #elif defined(__loongarch_lp64)
486   return mangled_sp ^ longjmp_xor_key;
487 #elif defined(__powerpc64__)
488   // Reverse of:
489   //   ld   r4, -28696(r13)
490   //   xor  r4, r3, r4
491   uptr xor_key;
492   asm("ld  %0, -28696(%%r13)" : "=r" (xor_key));
493   return mangled_sp ^ xor_key;
494 #elif defined(__mips__)
495   return mangled_sp;
496 #    elif SANITIZER_RISCV64
497   return mangled_sp;
498 #    elif defined(__s390x__)
499   // tcbhead_t.stack_guard
500   uptr xor_key = ((uptr *)__builtin_thread_pointer())[5];
501   return mangled_sp ^ xor_key;
502 #    else
503 #      error "Unknown platform"
504 #    endif
505 }
506 
507 #if SANITIZER_NETBSD
508 # ifdef __x86_64__
509 #  define LONG_JMP_SP_ENV_SLOT 6
510 # else
511 #  error unsupported
512 # endif
513 #elif defined(__powerpc__)
514 # define LONG_JMP_SP_ENV_SLOT 0
515 #elif SANITIZER_FREEBSD
516 # ifdef __aarch64__
517 #  define LONG_JMP_SP_ENV_SLOT 1
518 # else
519 #  define LONG_JMP_SP_ENV_SLOT 2
520 # endif
521 #elif SANITIZER_LINUX
522 # ifdef __aarch64__
523 #  define LONG_JMP_SP_ENV_SLOT 13
524 # elif defined(__loongarch__)
525 #  define LONG_JMP_SP_ENV_SLOT 1
526 # elif defined(__mips64)
527 #  define LONG_JMP_SP_ENV_SLOT 1
528 #      elif SANITIZER_RISCV64
529 #        define LONG_JMP_SP_ENV_SLOT 13
530 #      elif defined(__s390x__)
531 #        define LONG_JMP_SP_ENV_SLOT 9
532 #      else
533 #        define LONG_JMP_SP_ENV_SLOT 6
534 #      endif
535 #endif
536 
ExtractLongJmpSp(uptr * env)537 uptr ExtractLongJmpSp(uptr *env) {
538   uptr mangled_sp = env[LONG_JMP_SP_ENV_SLOT];
539   return UnmangleLongJmpSp(mangled_sp);
540 }
541 
542 #if INIT_LONGJMP_XOR_KEY
543 // GLIBC mangles the function pointers in jmp_buf (used in {set,long}*jmp
544 // functions) by XORing them with a random key.  For AArch64 it is a global
545 // variable rather than a TCB one (as for x86_64/powerpc).  We obtain the key by
546 // issuing a setjmp and XORing the SP pointer values to derive the key.
InitializeLongjmpXorKey()547 static void InitializeLongjmpXorKey() {
548   // 1. Call REAL(setjmp), which stores the mangled SP in env.
549   jmp_buf env;
550   REAL(_setjmp)(env);
551 
552   // 2. Retrieve vanilla/mangled SP.
553   uptr sp;
554 #ifdef __loongarch__
555   asm("move  %0, $sp" : "=r" (sp));
556 #else
557   asm("mov  %0, sp" : "=r" (sp));
558 #endif
559   uptr mangled_sp = ((uptr *)&env)[LONG_JMP_SP_ENV_SLOT];
560 
561   // 3. xor SPs to obtain key.
562   longjmp_xor_key = mangled_sp ^ sp;
563 }
564 #endif
565 
__tsan_tls_initialization()566 extern "C" void __tsan_tls_initialization() {}
567 
ImitateTlsWrite(ThreadState * thr,uptr tls_addr,uptr tls_size)568 void ImitateTlsWrite(ThreadState *thr, uptr tls_addr, uptr tls_size) {
569   // Check that the thr object is in tls;
570   const uptr thr_beg = (uptr)thr;
571   const uptr thr_end = (uptr)thr + sizeof(*thr);
572   CHECK_GE(thr_beg, tls_addr);
573   CHECK_LE(thr_beg, tls_addr + tls_size);
574   CHECK_GE(thr_end, tls_addr);
575   CHECK_LE(thr_end, tls_addr + tls_size);
576   // Since the thr object is huge, skip it.
577   const uptr pc = StackTrace::GetNextInstructionPc(
578       reinterpret_cast<uptr>(__tsan_tls_initialization));
579   MemoryRangeImitateWrite(thr, pc, tls_addr, thr_beg - tls_addr);
580   MemoryRangeImitateWrite(thr, pc, thr_end, tls_addr + tls_size - thr_end);
581 }
582 
583 // Note: this function runs with async signals enabled,
584 // so it must not touch any tsan state.
call_pthread_cancel_with_cleanup(int (* fn)(void * arg),void (* cleanup)(void * arg),void * arg)585 int call_pthread_cancel_with_cleanup(int (*fn)(void *arg),
586                                      void (*cleanup)(void *arg), void *arg) {
587   // pthread_cleanup_push/pop are hardcore macros mess.
588   // We can't intercept nor call them w/o including pthread.h.
589   int res;
590   pthread_cleanup_push(cleanup, arg);
591   res = fn(arg);
592   pthread_cleanup_pop(0);
593   return res;
594 }
595 #endif  // !SANITIZER_GO
596 
597 #if !SANITIZER_GO
ReplaceSystemMalloc()598 void ReplaceSystemMalloc() { }
599 #endif
600 
601 #if !SANITIZER_GO
602 #if SANITIZER_ANDROID
603 // On Android, one thread can call intercepted functions after
604 // DestroyThreadState(), so add a fake thread state for "dead" threads.
605 static ThreadState *dead_thread_state = nullptr;
606 
cur_thread()607 ThreadState *cur_thread() {
608   ThreadState* thr = reinterpret_cast<ThreadState*>(*get_android_tls_ptr());
609   if (thr == nullptr) {
610     __sanitizer_sigset_t emptyset;
611     internal_sigfillset(&emptyset);
612     __sanitizer_sigset_t oldset;
613     CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &emptyset, &oldset));
614     thr = reinterpret_cast<ThreadState*>(*get_android_tls_ptr());
615     if (thr == nullptr) {
616       thr = reinterpret_cast<ThreadState*>(MmapOrDie(sizeof(ThreadState),
617                                                      "ThreadState"));
618       *get_android_tls_ptr() = reinterpret_cast<uptr>(thr);
619       if (dead_thread_state == nullptr) {
620         dead_thread_state = reinterpret_cast<ThreadState*>(
621             MmapOrDie(sizeof(ThreadState), "ThreadState"));
622         dead_thread_state->fast_state.SetIgnoreBit();
623         dead_thread_state->ignore_interceptors = 1;
624         dead_thread_state->is_dead = true;
625         *const_cast<u32*>(&dead_thread_state->tid) = -1;
626         CHECK_EQ(0, internal_mprotect(dead_thread_state, sizeof(ThreadState),
627                                       PROT_READ));
628       }
629     }
630     CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &oldset, nullptr));
631   }
632   return thr;
633 }
634 
set_cur_thread(ThreadState * thr)635 void set_cur_thread(ThreadState *thr) {
636   *get_android_tls_ptr() = reinterpret_cast<uptr>(thr);
637 }
638 
cur_thread_finalize()639 void cur_thread_finalize() {
640   __sanitizer_sigset_t emptyset;
641   internal_sigfillset(&emptyset);
642   __sanitizer_sigset_t oldset;
643   CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &emptyset, &oldset));
644   ThreadState* thr = reinterpret_cast<ThreadState*>(*get_android_tls_ptr());
645   if (thr != dead_thread_state) {
646     *get_android_tls_ptr() = reinterpret_cast<uptr>(dead_thread_state);
647     UnmapOrDie(thr, sizeof(ThreadState));
648   }
649   CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &oldset, nullptr));
650 }
651 #endif  // SANITIZER_ANDROID
652 #endif  // if !SANITIZER_GO
653 
654 }  // namespace __tsan
655 
656 #endif  // SANITIZER_LINUX || SANITIZER_FREEBSD || SANITIZER_NETBSD
657