1//===-- tsan_fd.cc --------------------------------------------------------===//
2//
3//                     The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file is a part of ThreadSanitizer (TSan), a race detector.
11//
12//===----------------------------------------------------------------------===//
13
14#include "tsan_fd.h"
15#include "tsan_rtl.h"
16#include <sanitizer_common/sanitizer_atomic.h>
17
18namespace __tsan {
19
20const int kTableSizeL1 = 1024;
21const int kTableSizeL2 = 1024;
22const int kTableSize = kTableSizeL1 * kTableSizeL2;
23
24struct FdSync {
25  atomic_uint64_t rc;
26};
27
28struct FdDesc {
29  FdSync *sync;
30  int creation_tid;
31  u32 creation_stack;
32};
33
34struct FdContext {
35  atomic_uintptr_t tab[kTableSizeL1];
36  // Addresses used for synchronization.
37  FdSync globsync;
38  FdSync filesync;
39  FdSync socksync;
40  u64 connectsync;
41};
42
43static FdContext fdctx;
44
45static bool bogusfd(int fd) {
46  // Apparently a bogus fd value.
47  return fd < 0 || fd >= kTableSize;
48}
49
50static FdSync *allocsync(ThreadState *thr, uptr pc) {
51  FdSync *s = (FdSync*)user_alloc(thr, pc, sizeof(FdSync), kDefaultAlignment,
52      false);
53  atomic_store(&s->rc, 1, memory_order_relaxed);
54  return s;
55}
56
57static FdSync *ref(FdSync *s) {
58  if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1)
59    atomic_fetch_add(&s->rc, 1, memory_order_relaxed);
60  return s;
61}
62
63static void unref(ThreadState *thr, uptr pc, FdSync *s) {
64  if (s && atomic_load(&s->rc, memory_order_relaxed) != (u64)-1) {
65    if (atomic_fetch_sub(&s->rc, 1, memory_order_acq_rel) == 1) {
66      CHECK_NE(s, &fdctx.globsync);
67      CHECK_NE(s, &fdctx.filesync);
68      CHECK_NE(s, &fdctx.socksync);
69      user_free(thr, pc, s, false);
70    }
71  }
72}
73
74static FdDesc *fddesc(ThreadState *thr, uptr pc, int fd) {
75  CHECK_GE(fd, 0);
76  CHECK_LT(fd, kTableSize);
77  atomic_uintptr_t *pl1 = &fdctx.tab[fd / kTableSizeL2];
78  uptr l1 = atomic_load(pl1, memory_order_consume);
79  if (l1 == 0) {
80    uptr size = kTableSizeL2 * sizeof(FdDesc);
81    // We need this to reside in user memory to properly catch races on it.
82    void *p = user_alloc(thr, pc, size, kDefaultAlignment, false);
83    internal_memset(p, 0, size);
84    MemoryResetRange(thr, (uptr)&fddesc, (uptr)p, size);
85    if (atomic_compare_exchange_strong(pl1, &l1, (uptr)p, memory_order_acq_rel))
86      l1 = (uptr)p;
87    else
88      user_free(thr, pc, p, false);
89  }
90  return &((FdDesc*)l1)[fd % kTableSizeL2];  // NOLINT
91}
92
93// pd must be already ref'ed.
94static void init(ThreadState *thr, uptr pc, int fd, FdSync *s) {
95  FdDesc *d = fddesc(thr, pc, fd);
96  // As a matter of fact, we don't intercept all close calls.
97  // See e.g. libc __res_iclose().
98  if (d->sync) {
99    unref(thr, pc, d->sync);
100    d->sync = 0;
101  }
102  if (flags()->io_sync == 0) {
103    unref(thr, pc, s);
104  } else if (flags()->io_sync == 1) {
105    d->sync = s;
106  } else if (flags()->io_sync == 2) {
107    unref(thr, pc, s);
108    d->sync = &fdctx.globsync;
109  }
110  d->creation_tid = thr->tid;
111  d->creation_stack = CurrentStackId(thr, pc);
112  // To catch races between fd usage and open.
113  MemoryRangeImitateWrite(thr, pc, (uptr)d, 8);
114}
115
116void FdInit() {
117  atomic_store(&fdctx.globsync.rc, (u64)-1, memory_order_relaxed);
118  atomic_store(&fdctx.filesync.rc, (u64)-1, memory_order_relaxed);
119  atomic_store(&fdctx.socksync.rc, (u64)-1, memory_order_relaxed);
120}
121
122void FdOnFork(ThreadState *thr, uptr pc) {
123  // On fork() we need to reset all fd's, because the child is going
124  // close all them, and that will cause races between previous read/write
125  // and the close.
126  for (int l1 = 0; l1 < kTableSizeL1; l1++) {
127    FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);
128    if (tab == 0)
129      break;
130    for (int l2 = 0; l2 < kTableSizeL2; l2++) {
131      FdDesc *d = &tab[l2];
132      MemoryResetRange(thr, pc, (uptr)d, 8);
133    }
134  }
135}
136
137bool FdLocation(uptr addr, int *fd, int *tid, u32 *stack) {
138  for (int l1 = 0; l1 < kTableSizeL1; l1++) {
139    FdDesc *tab = (FdDesc*)atomic_load(&fdctx.tab[l1], memory_order_relaxed);
140    if (tab == 0)
141      break;
142    if (addr >= (uptr)tab && addr < (uptr)(tab + kTableSizeL2)) {
143      int l2 = (addr - (uptr)tab) / sizeof(FdDesc);
144      FdDesc *d = &tab[l2];
145      *fd = l1 * kTableSizeL1 + l2;
146      *tid = d->creation_tid;
147      *stack = d->creation_stack;
148      return true;
149    }
150  }
151  return false;
152}
153
154void FdAcquire(ThreadState *thr, uptr pc, int fd) {
155  if (bogusfd(fd))
156    return;
157  FdDesc *d = fddesc(thr, pc, fd);
158  FdSync *s = d->sync;
159  DPrintf("#%d: FdAcquire(%d) -> %p\n", thr->tid, fd, s);
160  MemoryRead(thr, pc, (uptr)d, kSizeLog8);
161  if (s)
162    Acquire(thr, pc, (uptr)s);
163}
164
165void FdRelease(ThreadState *thr, uptr pc, int fd) {
166  if (bogusfd(fd))
167    return;
168  FdDesc *d = fddesc(thr, pc, fd);
169  FdSync *s = d->sync;
170  DPrintf("#%d: FdRelease(%d) -> %p\n", thr->tid, fd, s);
171  MemoryRead(thr, pc, (uptr)d, kSizeLog8);
172  if (s)
173    Release(thr, pc, (uptr)s);
174}
175
176void FdAccess(ThreadState *thr, uptr pc, int fd) {
177  DPrintf("#%d: FdAccess(%d)\n", thr->tid, fd);
178  if (bogusfd(fd))
179    return;
180  FdDesc *d = fddesc(thr, pc, fd);
181  MemoryRead(thr, pc, (uptr)d, kSizeLog8);
182}
183
184void FdClose(ThreadState *thr, uptr pc, int fd) {
185  DPrintf("#%d: FdClose(%d)\n", thr->tid, fd);
186  if (bogusfd(fd))
187    return;
188  FdDesc *d = fddesc(thr, pc, fd);
189  // To catch races between fd usage and close.
190  MemoryWrite(thr, pc, (uptr)d, kSizeLog8);
191  // We need to clear it, because if we do not intercept any call out there
192  // that creates fd, we will hit false postives.
193  MemoryResetRange(thr, pc, (uptr)d, 8);
194  unref(thr, pc, d->sync);
195  d->sync = 0;
196  d->creation_tid = 0;
197  d->creation_stack = 0;
198}
199
200void FdFileCreate(ThreadState *thr, uptr pc, int fd) {
201  DPrintf("#%d: FdFileCreate(%d)\n", thr->tid, fd);
202  if (bogusfd(fd))
203    return;
204  init(thr, pc, fd, &fdctx.filesync);
205}
206
207void FdDup(ThreadState *thr, uptr pc, int oldfd, int newfd) {
208  DPrintf("#%d: FdDup(%d, %d)\n", thr->tid, oldfd, newfd);
209  if (bogusfd(oldfd) || bogusfd(newfd))
210    return;
211  // Ignore the case when user dups not yet connected socket.
212  FdDesc *od = fddesc(thr, pc, oldfd);
213  MemoryRead(thr, pc, (uptr)od, kSizeLog8);
214  FdClose(thr, pc, newfd);
215  init(thr, pc, newfd, ref(od->sync));
216}
217
218void FdPipeCreate(ThreadState *thr, uptr pc, int rfd, int wfd) {
219  DPrintf("#%d: FdCreatePipe(%d, %d)\n", thr->tid, rfd, wfd);
220  FdSync *s = allocsync(thr, pc);
221  init(thr, pc, rfd, ref(s));
222  init(thr, pc, wfd, ref(s));
223  unref(thr, pc, s);
224}
225
226void FdEventCreate(ThreadState *thr, uptr pc, int fd) {
227  DPrintf("#%d: FdEventCreate(%d)\n", thr->tid, fd);
228  if (bogusfd(fd))
229    return;
230  init(thr, pc, fd, allocsync(thr, pc));
231}
232
233void FdSignalCreate(ThreadState *thr, uptr pc, int fd) {
234  DPrintf("#%d: FdSignalCreate(%d)\n", thr->tid, fd);
235  if (bogusfd(fd))
236    return;
237  init(thr, pc, fd, 0);
238}
239
240void FdInotifyCreate(ThreadState *thr, uptr pc, int fd) {
241  DPrintf("#%d: FdInotifyCreate(%d)\n", thr->tid, fd);
242  if (bogusfd(fd))
243    return;
244  init(thr, pc, fd, 0);
245}
246
247void FdPollCreate(ThreadState *thr, uptr pc, int fd) {
248  DPrintf("#%d: FdPollCreate(%d)\n", thr->tid, fd);
249  if (bogusfd(fd))
250    return;
251  init(thr, pc, fd, allocsync(thr, pc));
252}
253
254void FdSocketCreate(ThreadState *thr, uptr pc, int fd) {
255  DPrintf("#%d: FdSocketCreate(%d)\n", thr->tid, fd);
256  if (bogusfd(fd))
257    return;
258  // It can be a UDP socket.
259  init(thr, pc, fd, &fdctx.socksync);
260}
261
262void FdSocketAccept(ThreadState *thr, uptr pc, int fd, int newfd) {
263  DPrintf("#%d: FdSocketAccept(%d, %d)\n", thr->tid, fd, newfd);
264  if (bogusfd(fd))
265    return;
266  // Synchronize connect->accept.
267  Acquire(thr, pc, (uptr)&fdctx.connectsync);
268  init(thr, pc, newfd, &fdctx.socksync);
269}
270
271void FdSocketConnecting(ThreadState *thr, uptr pc, int fd) {
272  DPrintf("#%d: FdSocketConnecting(%d)\n", thr->tid, fd);
273  if (bogusfd(fd))
274    return;
275  // Synchronize connect->accept.
276  Release(thr, pc, (uptr)&fdctx.connectsync);
277}
278
279void FdSocketConnect(ThreadState *thr, uptr pc, int fd) {
280  DPrintf("#%d: FdSocketConnect(%d)\n", thr->tid, fd);
281  if (bogusfd(fd))
282    return;
283  init(thr, pc, fd, &fdctx.socksync);
284}
285
286uptr File2addr(const char *path) {
287  (void)path;
288  static u64 addr;
289  return (uptr)&addr;
290}
291
292uptr Dir2addr(const char *path) {
293  (void)path;
294  static u64 addr;
295  return (uptr)&addr;
296}
297
298}  //  namespace __tsan
299