xref: /freebsd/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_fd.cpp (revision 0e8011faf58b743cc652e3b2ad0f7671227610df)
1 //===-- tsan_fd.cpp -------------------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file is a part of ThreadSanitizer (TSan), a race detector.
10 //
11 //===----------------------------------------------------------------------===//
12 
13 #include "tsan_fd.h"
14 
15 #include <sanitizer_common/sanitizer_atomic.h>
16 
17 #include "tsan_interceptors.h"
18 #include "tsan_rtl.h"
19 
20 namespace __tsan {
21 
22 const int kTableSizeL1 = 1024;
23 const int kTableSizeL2 = 1024;
24 const int kTableSize = kTableSizeL1 * kTableSizeL2;
25 
26 struct FdSync {
27   atomic_uint64_t rc;
28 };
29 
30 struct FdDesc {
31   FdSync *sync;
32   // This is used to establish write -> epoll_wait synchronization
33   // where epoll_wait receives notification about the write.
34   atomic_uintptr_t aux_sync;  // FdSync*
35   Tid creation_tid;
36   StackID creation_stack;
37   bool closed;
38 };
39 
40 struct FdContext {
41   atomic_uintptr_t tab[kTableSizeL1];
42   // Addresses used for synchronization.
43   FdSync globsync;
44   FdSync filesync;
45   FdSync socksync;
46   u64 connectsync;
47 };
48 
49 static FdContext fdctx;
50 
51 static bool bogusfd(int fd) {
52   // Apparently a bogus fd value.
53   return fd < 0 || fd >= kTableSize;
54 }
55 
56 static FdSync *allocsync(ThreadState *thr, uptr pc) {
57   FdSync *s = (FdSync*)user_alloc_internal(thr, pc, sizeof(FdSync),
58       kDefaultAlignment, false);
59   atomic_store(&s->rc, 1, memory_order_relaxed);
60   return s;
61 }
62 
63 static FdSync *ref(FdSync *s) {
64   if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1)
65     atomic_fetch_add(&s->rc, 1, memory_order_relaxed);
66   return s;
67 }
68 
69 static void unref(ThreadState *thr, uptr pc, FdSync *s) {
70   if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1) {
71     if (atomic_fetch_sub(&s->rc, 1, memory_order_acq_rel) == 1) {
72       CHECK_NE(s, &fdctx.globsync);
73       CHECK_NE(s, &fdctx.filesync);
74       CHECK_NE(s, &fdctx.socksync);
75       user_free(thr, pc, s, false);
76     }
77   }
78 }
79 
80 static FdDesc *fddesc(ThreadState *thr, uptr pc, int fd) {
81   CHECK_GE(fd, 0);
82   CHECK_LT(fd, kTableSize);
83   atomic_uintptr_t *pl1 = &fdctx.tab[fd / kTableSizeL2];
84   uptr l1 = atomic_load(pl1, memory_order_consume);
85   if (l1 == 0) {
86     uptr size = kTableSizeL2 * sizeof(FdDesc);
87     // We need this to reside in user memory to properly catch races on it.
88     void *p = user_alloc_internal(thr, pc, size, kDefaultAlignment, false);
89     internal_memset(p, 0, size);
90     MemoryResetRange(thr, (uptr)&fddesc, (uptr)p, size);
91     if (atomic_compare_exchange_strong(pl1, &l1, (uptr)p, memory_order_acq_rel))
92       l1 = (uptr)p;
93     else
94       user_free(thr, pc, p, false);
95   }
96   FdDesc *fds = reinterpret_cast<FdDesc *>(l1);
97   return &fds[fd % kTableSizeL2];
98 }
99 
100 // pd must be already ref'ed.
101 static void init(ThreadState *thr, uptr pc, int fd, FdSync *s,
102     bool write = true) {
103   FdDesc *d = fddesc(thr, pc, fd);
104   // As a matter of fact, we don't intercept all close calls.
105   // See e.g. libc __res_iclose().
106   if (d->sync) {
107     unref(thr, pc, d->sync);
108     d->sync = 0;
109   }
110   unref(thr, pc,
111         reinterpret_cast<FdSync *>(
112             atomic_load(&d->aux_sync, memory_order_relaxed)));
113   atomic_store(&d->aux_sync, 0, memory_order_relaxed);
114   if (flags()->io_sync == 0) {
115     unref(thr, pc, s);
116   } else if (flags()->io_sync == 1) {
117     d->sync = s;
118   } else if (flags()->io_sync == 2) {
119     unref(thr, pc, s);
120     d->sync = &fdctx.globsync;
121   }
122   d->creation_tid = thr->tid;
123   d->creation_stack = CurrentStackId(thr, pc);
124   d->closed = false;
125   // This prevents false positives on fd_close_norace3.cpp test.
126   // The mechanics of the false positive are not completely clear,
127   // but it happens only if global reset is enabled (flush_memory_ms=1)
128   // and may be related to lost writes during asynchronous MADV_DONTNEED.
129   SlotLocker locker(thr);
130   if (write) {
131     // To catch races between fd usage and open.
132     MemoryRangeImitateWrite(thr, pc, (uptr)d, 8);
133   } else {
134     // See the dup-related comment in FdClose.
135     MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead | kAccessSlotLocked);
136   }
137 }
138 
139 void FdInit() {
140   atomic_store(&fdctx.globsync.rc, (u64)-1, memory_order_relaxed);
141   atomic_store(&fdctx.filesync.rc, (u64)-1, memory_order_relaxed);
142   atomic_store(&fdctx.socksync.rc, (u64)-1, memory_order_relaxed);
143 }
144 
145 void FdOnFork(ThreadState *thr, uptr pc) {
146   // On fork() we need to reset all fd's, because the child is going
147   // close all them, and that will cause races between previous read/write
148   // and the close.
149   for (int l1 = 0; l1 < kTableSizeL1; l1++) {
150     FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);
151     if (tab == 0)
152       break;
153     for (int l2 = 0; l2 < kTableSizeL2; l2++) {
154       FdDesc *d = &tab[l2];
155       MemoryResetRange(thr, pc, (uptr)d, 8);
156     }
157   }
158 }
159 
160 bool FdLocation(uptr addr, int *fd, Tid *tid, StackID *stack, bool *closed) {
161   for (int l1 = 0; l1 < kTableSizeL1; l1++) {
162     FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);
163     if (tab == 0)
164       break;
165     if (addr >= (uptr)tab && addr < (uptr)(tab + kTableSizeL2)) {
166       int l2 = (addr - (uptr)tab) / sizeof(FdDesc);
167       FdDesc *d = &tab[l2];
168       *fd = l1 * kTableSizeL1 + l2;
169       *tid = d->creation_tid;
170       *stack = d->creation_stack;
171       *closed = d->closed;
172       return true;
173     }
174   }
175   return false;
176 }
177 
178 void FdAcquire(ThreadState *thr, uptr pc, int fd) {
179   if (bogusfd(fd))
180     return;
181   FdDesc *d = fddesc(thr, pc, fd);
182   FdSync *s = d->sync;
183   DPrintf("#%d: FdAcquire(%d) -> %p\n", thr->tid, fd, s);
184   MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead);
185   if (s)
186     Acquire(thr, pc, (uptr)s);
187 }
188 
189 void FdRelease(ThreadState *thr, uptr pc, int fd) {
190   if (bogusfd(fd))
191     return;
192   FdDesc *d = fddesc(thr, pc, fd);
193   FdSync *s = d->sync;
194   DPrintf("#%d: FdRelease(%d) -> %p\n", thr->tid, fd, s);
195   MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead);
196   if (s)
197     Release(thr, pc, (uptr)s);
198   if (uptr aux_sync = atomic_load(&d->aux_sync, memory_order_acquire))
199     Release(thr, pc, aux_sync);
200 }
201 
202 void FdAccess(ThreadState *thr, uptr pc, int fd) {
203   DPrintf("#%d: FdAccess(%d)\n", thr->tid, fd);
204   if (bogusfd(fd))
205     return;
206   FdDesc *d = fddesc(thr, pc, fd);
207   MemoryAccess(thr, pc, (uptr)d, 8, kAccessRead);
208 }
209 
210 void FdClose(ThreadState *thr, uptr pc, int fd, bool write) {
211   DPrintf("#%d: FdClose(%d)\n", thr->tid, fd);
212   if (bogusfd(fd))
213     return;
214   FdDesc *d = fddesc(thr, pc, fd);
215   {
216     // Need to lock the slot to make MemoryAccess and MemoryResetRange atomic
217     // with respect to global reset. See the comment in MemoryRangeFreed.
218     SlotLocker locker(thr);
219     if (!MustIgnoreInterceptor(thr)) {
220       if (write) {
221         // To catch races between fd usage and close.
222         MemoryAccess(thr, pc, (uptr)d, 8,
223                      kAccessWrite | kAccessCheckOnly | kAccessSlotLocked);
224       } else {
225         // This path is used only by dup2/dup3 calls.
226         // We do read instead of write because there is a number of legitimate
227         // cases where write would lead to false positives:
228         // 1. Some software dups a closed pipe in place of a socket before
229         // closing
230         //    the socket (to prevent races actually).
231         // 2. Some daemons dup /dev/null in place of stdin/stdout.
232         // On the other hand we have not seen cases when write here catches real
233         // bugs.
234         MemoryAccess(thr, pc, (uptr)d, 8,
235                      kAccessRead | kAccessCheckOnly | kAccessSlotLocked);
236       }
237     }
238     // We need to clear it, because if we do not intercept any call out there
239     // that creates fd, we will hit false postives.
240     MemoryResetRange(thr, pc, (uptr)d, 8);
241   }
242   unref(thr, pc, d->sync);
243   d->sync = 0;
244   unref(thr, pc,
245         reinterpret_cast<FdSync *>(
246             atomic_load(&d->aux_sync, memory_order_relaxed)));
247   atomic_store(&d->aux_sync, 0, memory_order_relaxed);
248   d->closed = true;
249   d->creation_tid = thr->tid;
250   d->creation_stack = CurrentStackId(thr, pc);
251 }
252 
253 void FdFileCreate(ThreadState *thr, uptr pc, int fd) {
254   DPrintf("#%d: FdFileCreate(%d)\n", thr->tid, fd);
255   if (bogusfd(fd))
256     return;
257   init(thr, pc, fd, &fdctx.filesync);
258 }
259 
260 void FdDup(ThreadState *thr, uptr pc, int oldfd, int newfd, bool write) {
261   DPrintf("#%d: FdDup(%d, %d)\n", thr->tid, oldfd, newfd);
262   if (bogusfd(oldfd) || bogusfd(newfd))
263     return;
264   // Ignore the case when user dups not yet connected socket.
265   FdDesc *od = fddesc(thr, pc, oldfd);
266   MemoryAccess(thr, pc, (uptr)od, 8, kAccessRead);
267   FdClose(thr, pc, newfd, write);
268   init(thr, pc, newfd, ref(od->sync), write);
269 }
270 
271 void FdPipeCreate(ThreadState *thr, uptr pc, int rfd, int wfd) {
272   DPrintf("#%d: FdCreatePipe(%d, %d)\n", thr->tid, rfd, wfd);
273   FdSync *s = allocsync(thr, pc);
274   init(thr, pc, rfd, ref(s));
275   init(thr, pc, wfd, ref(s));
276   unref(thr, pc, s);
277 }
278 
279 void FdEventCreate(ThreadState *thr, uptr pc, int fd) {
280   DPrintf("#%d: FdEventCreate(%d)\n", thr->tid, fd);
281   if (bogusfd(fd))
282     return;
283   init(thr, pc, fd, allocsync(thr, pc));
284 }
285 
286 void FdSignalCreate(ThreadState *thr, uptr pc, int fd) {
287   DPrintf("#%d: FdSignalCreate(%d)\n", thr->tid, fd);
288   if (bogusfd(fd))
289     return;
290   init(thr, pc, fd, 0);
291 }
292 
293 void FdInotifyCreate(ThreadState *thr, uptr pc, int fd) {
294   DPrintf("#%d: FdInotifyCreate(%d)\n", thr->tid, fd);
295   if (bogusfd(fd))
296     return;
297   init(thr, pc, fd, 0);
298 }
299 
300 void FdPollCreate(ThreadState *thr, uptr pc, int fd) {
301   DPrintf("#%d: FdPollCreate(%d)\n", thr->tid, fd);
302   if (bogusfd(fd))
303     return;
304   init(thr, pc, fd, allocsync(thr, pc));
305 }
306 
307 void FdPollAdd(ThreadState *thr, uptr pc, int epfd, int fd) {
308   DPrintf("#%d: FdPollAdd(%d, %d)\n", thr->tid, epfd, fd);
309   if (bogusfd(epfd) || bogusfd(fd))
310     return;
311   FdDesc *d = fddesc(thr, pc, fd);
312   // Associate fd with epoll fd only once.
313   // While an fd can be associated with multiple epolls at the same time,
314   // or with different epolls during different phases of lifetime,
315   // synchronization semantics (and examples) of this are unclear.
316   // So we don't support this for now.
317   // If we change the association, it will also create lifetime management
318   // problem for FdRelease which accesses the aux_sync.
319   if (atomic_load(&d->aux_sync, memory_order_relaxed))
320     return;
321   FdDesc *epd = fddesc(thr, pc, epfd);
322   FdSync *s = epd->sync;
323   if (!s)
324     return;
325   uptr cmp = 0;
326   if (atomic_compare_exchange_strong(
327           &d->aux_sync, &cmp, reinterpret_cast<uptr>(s), memory_order_release))
328     ref(s);
329 }
330 
331 void FdSocketCreate(ThreadState *thr, uptr pc, int fd) {
332   DPrintf("#%d: FdSocketCreate(%d)\n", thr->tid, fd);
333   if (bogusfd(fd))
334     return;
335   // It can be a UDP socket.
336   init(thr, pc, fd, &fdctx.socksync);
337 }
338 
339 void FdSocketAccept(ThreadState *thr, uptr pc, int fd, int newfd) {
340   DPrintf("#%d: FdSocketAccept(%d, %d)\n", thr->tid, fd, newfd);
341   if (bogusfd(fd))
342     return;
343   // Synchronize connect->accept.
344   Acquire(thr, pc, (uptr)&fdctx.connectsync);
345   init(thr, pc, newfd, &fdctx.socksync);
346 }
347 
348 void FdSocketConnecting(ThreadState *thr, uptr pc, int fd) {
349   DPrintf("#%d: FdSocketConnecting(%d)\n", thr->tid, fd);
350   if (bogusfd(fd))
351     return;
352   // Synchronize connect->accept.
353   Release(thr, pc, (uptr)&fdctx.connectsync);
354 }
355 
356 void FdSocketConnect(ThreadState *thr, uptr pc, int fd) {
357   DPrintf("#%d: FdSocketConnect(%d)\n", thr->tid, fd);
358   if (bogusfd(fd))
359     return;
360   init(thr, pc, fd, &fdctx.socksync);
361 }
362 
363 uptr File2addr(const char *path) {
364   (void)path;
365   static u64 addr;
366   return (uptr)&addr;
367 }
368 
369 uptr Dir2addr(const char *path) {
370   (void)path;
371   static u64 addr;
372   return (uptr)&addr;
373 }
374 
375 }  //  namespace __tsan
376