This is an archive of the discontinued LLVM Phabricator instance.

Differential D33325

[sanitizer] Avoid possible deadlock in child process after fork
ClosedPublic

Authored by m.ostapenko on May 18 2017, 10:46 AM.

Details

Reviewers
eugenis
vitalybuka
alekseyshl
dvyukov
Commits
rG62a0f55930d0: [sanitizer] Avoid possible deadlock in child process after fork
rCRT304285: [sanitizer] Avoid possible deadlock in child process after fork
rL304285: [sanitizer] Avoid possible deadlock in child process after fork
Summary

This patch addresses https://github.com/google/sanitizers/issues/774
When we fork a multi-threaded process it's possible to deadlock if some thread acquired StackDepot or allocator internal lock just before fork. In this case the lock will never be released in child process causing deadlock on following memory alloc/dealloc routine.

Diff Detail

Repository
rL LLVM

Event Timeline

m.ostapenko created this revision.May 18 2017, 10:46 AM
Herald added a subscriber: kubamracek. · View Herald TranscriptMay 18 2017, 10:46 AM
kcc added a subscriber: kcc.May 18 2017, 10:55 AM

is a test possible?

m.ostapenko added a comment.May 18 2017, 11:10 AM
In D33325#758753, @kcc wrote:

is a test possible?

I'm trying to cook. Need to have concurrent fork with malloc/free and the StackDepot lock to be acquired when fork is called. But the window is too small :(. Can we widen it somehow?

eugenis edited edge metadata.May 18 2017, 11:17 AM

Look at test/msan/fork.cc, it should be possible to replace copy_uninit_thread2 with an allocation loop.

m.ostapenko added a comment.May 18 2017, 11:39 AM
In D33325#758766, @eugenis wrote:

Look at test/msan/fork.cc, it should be possible to replace copy_uninit_thread2 with an allocation loop.

Thank you, will try tomorrow.

m.ostapenko updated this revision to Diff 99565.May 19 2017, 7:22 AM

Updating. When adapting test/msan/fork.cc for ASan I've noticed that deadlock can also happen if the whole allocator is locked when we calling fork. Corresponding backtrace looks like this:

#0  atomic_exchange<__sanitizer::atomic_uint32_t> () at /home/max/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_atomic_clang.h:68
#1  Lock () at /home/max/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_linux.cc:541
#2  0x000000000041e9f9 in GenericScopedLock () at /home/max/src/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_mutex.h:187
#3  GetFromAllocator () at /home/max/src/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_primary64.h:134
#4  0x000000000041e99b in Refill () at /home/max/src/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_local_cache.h:108
#5  0x000000000041e550 in Allocate () at /home/max/src/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_local_cache.h:50
#6  0x000000000041e443 in Allocate () at /home/max/src/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_combined.h:68
#7  0x000000000041b6cb in Allocate () at /home/max/src/llvm/projects/compiler-rt/lib/asan/asan_allocator.cc:407
#8  0x00000000004b9148 in __interceptor_malloc () at /home/max/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67
#9  0x00000000004e878d in child () at fork.cc:47
#10 0x00000000004e8968 in test () at fork.cc:67
#11 0x00000000004e8a38 in main () at fork.cc:78

Thus we need to lock allocator as well.

eugenis added a comment.May 19 2017, 11:12 AM

Good catch. This is a problem for MSan as well, is not it? Do you mind fixing it in both tools?

For bonus points, TSan. I see it locks something
void ForkBefore(ThreadState *thr, uptr pc) {

ctx->thread_registry->Lock();
ctx->report_mtx.Lock();

}

But again, not the allocator.

m.ostapenko added a comment.May 19 2017, 1:58 PM
In D33325#759703, @eugenis wrote:

Good catch. This is a problem for MSan as well, is not it? Do you mind fixing it in both tools?

Sure, we can fix it for all sanitizers if the problem exists, I'll check this more carefully. FWIW I've run the attached testcase with MSan and TSan, but it didn't hang (as opposed to ASan). Do they use allocator caches (that can lock on refilling)?

For bonus points, TSan. I see it locks something
void ForkBefore(ThreadState *thr, uptr pc) {

ctx->thread_registry->Lock();
ctx->report_mtx.Lock();

}

But again, not the allocator.

eugenis added a comment.May 19 2017, 2:22 PM

I think they do.

m.ostapenko updated this revision to Diff 99781.May 22 2017, 9:28 AM
m.ostapenko retitled this revision from [asan] Avoid possible deadlock in child process after fork to [sanitizer] Avoid possible deadlock in child process after fork.

Updating. Lock allocator on fork for {A, M, T}San and moving testcase to sanitizer_common. I've also managed to reproduce the deadlock with MSan, but still not with TSan.

eugenis added inline comments.May 22 2017, 2:44 PM
lib/msan/msan_interceptors.cc
1231 ↗(On Diff #99781)

just a nit: ASan takes these locks in a different order, please be consistent.

test/sanitizer_common/TestCases/Linux/allocator_fork_no_hang.cc
32 ↗(On Diff #99781)

A volatile or -O0 flag would not hurt to make sure this is not optimized out.
I'm not sure how this can cause cache refill without quarantine. I think it would just keep reallocating the same chunk. Could it be the reason the problem does not reproduce on TSan?

41 ↗(On Diff #99781)

What are these hash table cells?

m.ostapenko added inline comments.May 23 2017, 4:58 AM
test/sanitizer_common/TestCases/Linux/allocator_fork_no_hang.cc
41 ↗(On Diff #99781)

Oh, this comment reflects to StackDepotLockAll(). I'll remove it.

m.ostapenko updated this revision to Diff 99890.May 23 2017, 5:48 AM
m.ostapenko added a reviewer: dvyukov.

Updating. Reproduced the deadlock with TSan and LSan on adjusted testcase. Adding Dmitry since the patch now affects TSan code as well.

dvyukov edited edge metadata.EditedMay 23 2017, 6:18 AM

I don't completely understand this. allocator_fork_no_hang.cc is broken and deserves deadlocking. Why are we trying to fix this program only under sanitizers rather than detecting and reporting the bug? Sanitizers are meant to be less forgiving than production environment. Why are we trying to conceal the bug?

m.ostapenko added a comment.May 23 2017, 7:01 AM
In D33325#761941, @dvyukov wrote:

I don't completely understand this. allocator_fork_no_hang.cc is broken and deserves deadlocking. Why are we trying to fix this program only under sanitizers rather than detecting and reporting the bug? Sanitizers are meant to be less forgiving than production environment. Why are we trying to conceal the bug?

Yes, the testcase deserves deadlocking (malloc is not async signal safe). And the actual bug is reported here: https://bugzilla.gnome.org/show_bug.cgi?id=738620.
The motivation for "fixing" this in sanitizers is that most of modern allocators (Glibc, tcmalloc, jemalloc) are actually fork safe, so why not to do the same in sanitizers. And despite the fact that calling malloc after multi-threaded fork is not allowed, many people still would expect their code to work (since it works with Glibc/tcmalloc/jemalloc etc).

dvyukov added a comment.May 23 2017, 7:29 AM
In D33325#761980, @m.ostapenko wrote:
In D33325#761941, @dvyukov wrote:

I don't completely understand this. allocator_fork_no_hang.cc is broken and deserves deadlocking. Why are we trying to fix this program only under sanitizers rather than detecting and reporting the bug? Sanitizers are meant to be less forgiving than production environment. Why are we trying to conceal the bug?

Yes, the testcase deserves deadlocking (malloc is not async signal safe). And the actual bug is reported here: https://bugzilla.gnome.org/show_bug.cgi?id=738620.
The motivation for "fixing" this in sanitizers is that most of modern allocators (Glibc, tcmalloc, jemalloc) are actually fork safe, so why not to do the same in sanitizers. And despite the fact that calling malloc after multi-threaded fork is not allowed, many people still would expect their code to work (since it works with Glibc/tcmalloc/jemalloc etc).

okay

dvyukov added inline comments.May 23 2017, 7:32 AM
lib/tsan/rtl/tsan_dense_alloc.h
94 ↗(On Diff #99890)

This is no more than Lock, please call it Lock. ForceLock produces a false impression that this is something more than just Lock.

98 ↗(On Diff #99890)

Same here.

lib/tsan/rtl/tsan_rtl.cc
458 ↗(On Diff #99890)

Also StackDepotLockAll.

lib/tsan/rtl/tsan_sync.h
128 ↗(On Diff #99890)

Same here.

130 ↗(On Diff #99890)

Same here.

m.ostapenko updated this revision to Diff 99924.May 23 2017, 8:50 AM
m.ostapenko edited the summary of this revision. (Show Details)

Addressing Dmitry's comments.

dvyukov added inline comments.May 24 2017, 1:19 AM
lib/tsan/rtl/tsan_rtl.cc
460 ↗(On Diff #99924)

Now looking at this more closely and paging in some context.
This change is not necessary for tsan. To make it work we need to lock whole lot of mutexes. Memory allocator is less of a problem, when plain memory accesses can cause deadlock. We would need to lock trace mutexes of all threads, all sync objects, deadlock detector, internal allocator, annotations mutex, atexit mutex, global proc mutex and probably some more. Moreover we need to lock then in the proper order. For example, this change will cause deadlocks in otherwise working programs because allocator mutex needs to be locked after report mutex (see CanLockTab in tsan_mutex.cc for some ordering constraints).
Because of that tsan uses a different mechanism to systematically prevent deadlocks (grep for after_multithreaded_fork). So if the test works under tsan, let's leave tsan alone.

m.ostapenko updated this revision to Diff 100110.May 24 2017, 9:08 AM

Removing TSan part. The attached testcase still hangs with TSan, but since locking allocator is problematic let's leave TSan alone.

m.ostapenko updated this revision to Diff 100706.May 30 2017, 7:23 AM

Rebased. Gentle reminder.

eugenis accepted this revision.May 30 2017, 12:50 PM

LGTM

This revision is now accepted and ready to land.May 30 2017, 12:50 PM
Closed by commit rL304285: [sanitizer] Avoid possible deadlock in child process after fork (authored by chefmax). · Explain WhyMay 31 2017, 12:28 AM
This revision was automatically updated to reflect the committed changes.
eugenis added a comment.Jun 5 2017, 2:08 PM

This change is causing problems on Linux. The immediate issue is Tcl, which creates new threads from a pthread_atfork() child handler. The handler is called from libc's fork(), and pthread_create tries to acquire the StackDepot lock before it is released in the fork interceptor.

Tcl is broken, of course:

If a fork() call in a multi-threaded process leads to a child fork handler calling any function that is not async-signal-safe, the behavior is undefined.

But in general, even malloc() called from pthread_atfork() will deadlock with this change.
It looks like the right way to do this is call pthread_atfork() as early as possible to setup lock/unlock handlers for the allocator and the stack depot.

I'll revert this change in the meantime.

eugenis added a comment.Jun 5 2017, 2:21 PM

Reverted in r304735

m.ostapenko added a comment.Jun 5 2017, 2:57 PM

Oh, sorry.

In D33325#773286, @eugenis wrote:

This change is causing problems on Linux. The immediate issue is Tcl, which creates new threads from a pthread_atfork() child handler. The handler is called from libc's fork(), and pthread_create tries to acquire the StackDepot lock before it is released in the fork interceptor.

Won't this deadlock with MSan as well? AFAIK it also locks StackDepot in fork interceptor...

Tcl is broken, of course:

If a fork() call in a multi-threaded process leads to a child fork handler calling any function that is not async-signal-safe, the behavior is undefined.

But in general, even malloc() called from pthread_atfork() will deadlock with this change.
It looks like the right way to do this is call pthread_atfork() as early as possible to setup lock/unlock handlers for the allocator and the stack depot.

Perhaps we can do it from asan_init? From man:
"The order of calls to pthread_atfork() is significant. The parent and child fork handlers shall be called in the order in which they were established by calls to pthread_atfork(). The prepare fork handlers shall be called in the opposite order."

So in this case our unlock routines will be called before others. This still can deadlock when preloading asan to noinstrumented binary though.

I'll revert this change in the meantime.

eugenis added a comment.Jun 5 2017, 3:15 PM
In D33325#773322, @m.ostapenko wrote:

Oh, sorry.

In D33325#773286, @eugenis wrote:

This change is causing problems on Linux. The immediate issue is Tcl, which creates new threads from a pthread_atfork() child handler. The handler is called from libc's fork(), and pthread_create tries to acquire the StackDepot lock before it is released in the fork interceptor.

Won't this deadlock with MSan as well? AFAIK it also locks StackDepot in fork interceptor...

Maybe it does not use StackDepot in pthread_create?

Tcl is broken, of course:

If a fork() call in a multi-threaded process leads to a child fork handler calling any function that is not async-signal-safe, the behavior is undefined.

But in general, even malloc() called from pthread_atfork() will deadlock with this change.
It looks like the right way to do this is call pthread_atfork() as early as possible to setup lock/unlock handlers for the allocator and the stack depot.

Perhaps we can do it from asan_init? From man:
"The order of calls to pthread_atfork() is significant. The parent and child fork handlers shall be called in the order in which they were established by calls to pthread_atfork(). The prepare fork handlers shall be called in the opposite order."

So in this case our unlock routines will be called before others. This still can deadlock when preloading asan to noinstrumented binary though.

Sounds like that's the best we can do. If we are lucky, sanitizer initialization will happen early enough due to ENSURE_ASAN_INIT in one of the interceptors.

I'll revert this change in the meantime.

m.ostapenko added a comment.Jun 8 2017, 9:14 AM
In D33325#773332, @eugenis wrote:
In D33325#773322, @m.ostapenko wrote:

Oh, sorry.

In D33325#773286, @eugenis wrote:

This change is causing problems on Linux. The immediate issue is Tcl, which creates new threads from a pthread_atfork() child handler. The handler is called from libc's fork(), and pthread_create tries to acquire the StackDepot lock before it is released in the fork interceptor.

Won't this deadlock with MSan as well? AFAIK it also locks StackDepot in fork interceptor...

Maybe it does not use StackDepot in pthread_create?

Tcl is broken, of course:

If a fork() call in a multi-threaded process leads to a child fork handler calling any function that is not async-signal-safe, the behavior is undefined.

But in general, even malloc() called from pthread_atfork() will deadlock with this change.
It looks like the right way to do this is call pthread_atfork() as early as possible to setup lock/unlock handlers for the allocator and the stack depot.

Perhaps we can do it from asan_init? From man:
"The order of calls to pthread_atfork() is significant. The parent and child fork handlers shall be called in the order in which they were established by calls to pthread_atfork(). The prepare fork handlers shall be called in the opposite order."

So in this case our unlock routines will be called before others. This still can deadlock when preloading asan to noinstrumented binary though.

Sounds like that's the best we can do. If we are lucky, sanitizer initialization will happen early enough due to ENSURE_ASAN_INIT in one of the interceptors.

Hm, perhaps we can just intercept pthread_atfork and force ENSURE_ASAN_INITED? And install allocator hooks in AsanInitFromRtl?

I'll revert this change in the meantime.

eugenis added a comment.Jun 8 2017, 11:21 AM

Sounds good.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
asan/
2 lines
4 lines
13 lines
lsan/
20 lines
msan/
97 lines
96 lines
2 lines
test/
sanitizer_common/
TestCases/
Linux/
118 lines

Diff 100827

compiler-rt/trunk/lib/asan/asan_allocator.h

Show First 20 LinesShow All 207 Lines▼ Show 20 Lines
uptr asan_mz_size(const void *ptr); uptr asan_mz_size(const void *ptr);
void asan_mz_force_lock(); void asan_mz_force_lock();
void asan_mz_force_unlock(); void asan_mz_force_unlock();
void PrintInternalAllocatorStats(); void PrintInternalAllocatorStats();
void AsanSoftRssLimitExceededCallback(bool exceeded); void AsanSoftRssLimitExceededCallback(bool exceeded);
AsanAllocator &get_allocator();
} // namespace __asan } // namespace __asan
#endif // ASAN_ALLOCATOR_H #endif // ASAN_ALLOCATOR_H

compiler-rt/trunk/lib/asan/asan_allocator.cc

Show First 20 LinesShow All 41 Lines▼ Show 20 Linesstatic u32 RZSize2Log(u32 rz_size) {
CHECK_GE(rz_size, 16); CHECK_GE(rz_size, 16);
CHECK_LE(rz_size, 2048); CHECK_LE(rz_size, 2048);
CHECK(IsPowerOfTwo(rz_size)); CHECK(IsPowerOfTwo(rz_size));
u32 res = Log2(rz_size) - 4; u32 res = Log2(rz_size) - 4;
CHECK_EQ(rz_size, RZLog2Size(res)); CHECK_EQ(rz_size, RZLog2Size(res));
return res; return res;
} }
static AsanAllocator &get_allocator();
// The memory chunk allocated from the underlying allocator looks like this: // The memory chunk allocated from the underlying allocator looks like this:
// L L L L L L H H U U U U U U R R // L L L L L L H H U U U U U U R R
// L -- left redzone words (0 or more bytes) // L -- left redzone words (0 or more bytes)
// H -- ChunkHeader (16 bytes), which is also a part of the left redzone. // H -- ChunkHeader (16 bytes), which is also a part of the left redzone.
// U -- user memory. // U -- user memory.
// R -- right redzone (0 or more bytes) // R -- right redzone (0 or more bytes)
// ChunkBase consists of ChunkHeader and other bytes that overlap with user // ChunkBase consists of ChunkHeader and other bytes that overlap with user
// memory. // memory.
▲ Show 20 LinesShow All 654 Lines▼ Show 20 Lines#endif
void ForceUnlock() { void ForceUnlock() {
fallback_mutex.Unlock(); fallback_mutex.Unlock();
allocator.ForceUnlock(); allocator.ForceUnlock();
} }
}; };
static Allocator instance(LINKER_INITIALIZED); static Allocator instance(LINKER_INITIALIZED);
static AsanAllocator &get_allocator() { AsanAllocator &get_allocator() {
return instance.allocator; return instance.allocator;
} }
bool AsanChunkView::IsValid() const { bool AsanChunkView::IsValid() const {
return chunk_ && chunk_->chunk_state != CHUNK_AVAILABLE; return chunk_ && chunk_->chunk_state != CHUNK_AVAILABLE;
} }
bool AsanChunkView::IsAllocated() const { bool AsanChunkView::IsAllocated() const {
return chunk_ && chunk_->chunk_state == CHUNK_ALLOCATED; return chunk_ && chunk_->chunk_state == CHUNK_ALLOCATED;
▲ Show 20 LinesShow All 266 LinesShow Last 20 Lines

compiler-rt/trunk/lib/asan/asan_interceptors.cc

Show All 16 Lines
#include "asan_internal.h" #include "asan_internal.h"
#include "asan_mapping.h" #include "asan_mapping.h"
#include "asan_poisoning.h" #include "asan_poisoning.h"
#include "asan_report.h" #include "asan_report.h"
#include "asan_stack.h" #include "asan_stack.h"
#include "asan_stats.h" #include "asan_stats.h"
#include "asan_suppressions.h" #include "asan_suppressions.h"
#include "lsan/lsan_common.h" #include "lsan/lsan_common.h"
#include "sanitizer_common/sanitizer_stackdepot.h"
#include "sanitizer_common/sanitizer_libc.h" #include "sanitizer_common/sanitizer_libc.h"
#if SANITIZER_POSIX #if SANITIZER_POSIX
#include "sanitizer_common/sanitizer_posix.h" #include "sanitizer_common/sanitizer_posix.h"
#endif #endif
#if defined(__i386) && SANITIZER_LINUX #if defined(__i386) && SANITIZER_LINUX
#define ASAN_PTHREAD_CREATE_VERSION "GLIBC_2.1" #define ASAN_PTHREAD_CREATE_VERSION "GLIBC_2.1"
▲ Show 20 LinesShow All 667 Lines▼ Show 20 Lines#endif
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
int res = REAL(__cxa_atexit)(func, arg, dso_handle); int res = REAL(__cxa_atexit)(func, arg, dso_handle);
REAL(__cxa_atexit)(AtCxaAtexit, nullptr, nullptr); REAL(__cxa_atexit)(AtCxaAtexit, nullptr, nullptr);
return res; return res;
} }
#endif // ASAN_INTERCEPT___CXA_ATEXIT #endif // ASAN_INTERCEPT___CXA_ATEXIT
#if ASAN_INTERCEPT_FORK #if ASAN_INTERCEPT_FORK
static void BeforeFork() {
get_allocator().ForceLock();
StackDepotLockAll();
}
static void AfterFork() {
StackDepotUnlockAll();
get_allocator().ForceUnlock();
}
INTERCEPTOR(int, fork, void) { INTERCEPTOR(int, fork, void) {
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
BeforeFork();
if (common_flags()->coverage) CovBeforeFork(); if (common_flags()->coverage) CovBeforeFork();
int pid = REAL(fork)(); int pid = REAL(fork)();
if (common_flags()->coverage) CovAfterFork(pid); if (common_flags()->coverage) CovAfterFork(pid);
AfterFork();
return pid; return pid;
} }
#endif // ASAN_INTERCEPT_FORK #endif // ASAN_INTERCEPT_FORK
// ---------------------- InitializeAsanInterceptors ---------------- {{{1 // ---------------------- InitializeAsanInterceptors ---------------- {{{1
namespace __asan { namespace __asan {
void InitializeAsanInterceptors() { void InitializeAsanInterceptors() {
static bool was_called_once; static bool was_called_once;
▲ Show 20 LinesShow All 78 LinesShow Last 20 Lines

compiler-rt/trunk/lib/lsan/lsan_interceptors.cc

Show All 16 Lines
#include "sanitizer_common/sanitizer_atomic.h" #include "sanitizer_common/sanitizer_atomic.h"
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
#include "sanitizer_common/sanitizer_flags.h" #include "sanitizer_common/sanitizer_flags.h"
#include "sanitizer_common/sanitizer_internal_defs.h" #include "sanitizer_common/sanitizer_internal_defs.h"
#include "sanitizer_common/sanitizer_linux.h" #include "sanitizer_common/sanitizer_linux.h"
#include "sanitizer_common/sanitizer_platform_interceptors.h" #include "sanitizer_common/sanitizer_platform_interceptors.h"
#include "sanitizer_common/sanitizer_platform_limits_posix.h" #include "sanitizer_common/sanitizer_platform_limits_posix.h"
#include "sanitizer_common/sanitizer_posix.h" #include "sanitizer_common/sanitizer_posix.h"
#include "sanitizer_common/sanitizer_stackdepot.h"
#include "sanitizer_common/sanitizer_tls_get_addr.h" #include "sanitizer_common/sanitizer_tls_get_addr.h"
#include "lsan.h" #include "lsan.h"
#include "lsan_allocator.h" #include "lsan_allocator.h"
#include "lsan_common.h" #include "lsan_common.h"
#include "lsan_thread.h" #include "lsan_thread.h"
#include <stddef.h> #include <stddef.h>
▲ Show 20 LinesShow All 59 Lines▼ Show 20 Lines
INTERCEPTOR(void*, valloc, uptr size) { INTERCEPTOR(void*, valloc, uptr size) {
ENSURE_LSAN_INITED; ENSURE_LSAN_INITED;
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
return lsan_valloc(size, stack); return lsan_valloc(size, stack);
} }
#endif #endif
static void BeforeFork() {
LockAllocator();
StackDepotLockAll();
}
static void AfterFork() {
StackDepotUnlockAll();
UnlockAllocator();
}
INTERCEPTOR(int, fork, void) {
ENSURE_LSAN_INITED;
BeforeFork();
int pid = REAL(fork)();
AfterFork();
return pid;
}
#if SANITIZER_INTERCEPT_MEMALIGN #if SANITIZER_INTERCEPT_MEMALIGN
INTERCEPTOR(void*, memalign, uptr alignment, uptr size) { INTERCEPTOR(void*, memalign, uptr alignment, uptr size) {
ENSURE_LSAN_INITED; ENSURE_LSAN_INITED;
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
return lsan_memalign(alignment, size, stack); return lsan_memalign(alignment, size, stack);
} }
#define LSAN_MAYBE_INTERCEPT_MEMALIGN INTERCEPT_FUNCTION(memalign) #define LSAN_MAYBE_INTERCEPT_MEMALIGN INTERCEPT_FUNCTION(memalign)
▲ Show 20 LinesShow All 223 Lines▼ Show 20 Linesvoid InitializeInterceptors() {
INTERCEPT_FUNCTION(posix_memalign); INTERCEPT_FUNCTION(posix_memalign);
INTERCEPT_FUNCTION(valloc); INTERCEPT_FUNCTION(valloc);
LSAN_MAYBE_INTERCEPT_PVALLOC; LSAN_MAYBE_INTERCEPT_PVALLOC;
LSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE; LSAN_MAYBE_INTERCEPT_MALLOC_USABLE_SIZE;
LSAN_MAYBE_INTERCEPT_MALLINFO; LSAN_MAYBE_INTERCEPT_MALLINFO;
LSAN_MAYBE_INTERCEPT_MALLOPT; LSAN_MAYBE_INTERCEPT_MALLOPT;
INTERCEPT_FUNCTION(pthread_create); INTERCEPT_FUNCTION(pthread_create);
INTERCEPT_FUNCTION(pthread_join); INTERCEPT_FUNCTION(pthread_join);
INTERCEPT_FUNCTION(fork);
if (pthread_key_create(&g_thread_finalize_key, &thread_finalize)) { if (pthread_key_create(&g_thread_finalize_key, &thread_finalize)) {
Report("LeakSanitizer: failed to create thread key.\n"); Report("LeakSanitizer: failed to create thread key.\n");
Die(); Die();
} }
} }
} // namespace __lsan } // namespace __lsan

compiler-rt/trunk/lib/msan/msan_allocator.h

Show All 9 Lines
// This file is a part of MemorySanitizer. // This file is a part of MemorySanitizer.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef MSAN_ALLOCATOR_H #ifndef MSAN_ALLOCATOR_H
#define MSAN_ALLOCATOR_H #define MSAN_ALLOCATOR_H
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
#include "sanitizer_common/sanitizer_allocator.h"
#include "sanitizer_common/sanitizer_allocator_interface.h"
namespace __msan { namespace __msan {
struct Metadata {
uptr requested_size;
};
struct MsanMapUnmapCallback {
void OnMap(uptr p, uptr size) const {}
void OnUnmap(uptr p, uptr size) const {
__msan_unpoison((void *)p, size);
// We are about to unmap a chunk of user memory.
// Mark the corresponding shadow memory as not needed.
uptr shadow_p = MEM_TO_SHADOW(p);
ReleaseMemoryPagesToOS(shadow_p, shadow_p + size);
if (__msan_get_track_origins()) {
uptr origin_p = MEM_TO_ORIGIN(p);
ReleaseMemoryPagesToOS(origin_p, origin_p + size);
}
}
};
#if defined(__mips64)
static const uptr kMaxAllowedMallocSize = 2UL << 30;
static const uptr kRegionSizeLog = 20;
static const uptr kNumRegions = SANITIZER_MMAP_RANGE_SIZE >> kRegionSizeLog;
typedef TwoLevelByteMap<(kNumRegions >> 12), 1 << 12> ByteMap;
struct AP32 {
static const uptr kSpaceBeg = 0;
static const u64 kSpaceSize = SANITIZER_MMAP_RANGE_SIZE;
static const uptr kMetadataSize = sizeof(Metadata);
typedef __sanitizer::CompactSizeClassMap SizeClassMap;
static const uptr kRegionSizeLog = __msan::kRegionSizeLog;
typedef __msan::ByteMap ByteMap;
typedef MsanMapUnmapCallback MapUnmapCallback;
static const uptr kFlags = 0;
};
typedef SizeClassAllocator32<AP32> PrimaryAllocator;
#elif defined(__x86_64__)
#if SANITIZER_LINUX && !defined(MSAN_LINUX_X86_64_OLD_MAPPING)
static const uptr kAllocatorSpace = 0x700000000000ULL;
#else
static const uptr kAllocatorSpace = 0x600000000000ULL;
#endif
static const uptr kMaxAllowedMallocSize = 8UL << 30;
struct AP64 { // Allocator64 parameters. Deliberately using a short name.
static const uptr kSpaceBeg = kAllocatorSpace;
static const uptr kSpaceSize = 0x40000000000; // 4T.
static const uptr kMetadataSize = sizeof(Metadata);
typedef DefaultSizeClassMap SizeClassMap;
typedef MsanMapUnmapCallback MapUnmapCallback;
static const uptr kFlags = 0;
};
typedef SizeClassAllocator64<AP64> PrimaryAllocator;
#elif defined(__powerpc64__)
static const uptr kMaxAllowedMallocSize = 2UL << 30; // 2G
struct AP64 { // Allocator64 parameters. Deliberately using a short name.
static const uptr kSpaceBeg = 0x300000000000;
static const uptr kSpaceSize = 0x020000000000; // 2T.
static const uptr kMetadataSize = sizeof(Metadata);
typedef DefaultSizeClassMap SizeClassMap;
typedef MsanMapUnmapCallback MapUnmapCallback;
static const uptr kFlags = 0;
};
typedef SizeClassAllocator64<AP64> PrimaryAllocator;
#elif defined(__aarch64__)
static const uptr kMaxAllowedMallocSize = 2UL << 30; // 2G
static const uptr kRegionSizeLog = 20;
static const uptr kNumRegions = SANITIZER_MMAP_RANGE_SIZE >> kRegionSizeLog;
typedef TwoLevelByteMap<(kNumRegions >> 12), 1 << 12> ByteMap;
struct AP32 {
static const uptr kSpaceBeg = 0;
static const u64 kSpaceSize = SANITIZER_MMAP_RANGE_SIZE;
static const uptr kMetadataSize = sizeof(Metadata);
typedef __sanitizer::CompactSizeClassMap SizeClassMap;
static const uptr kRegionSizeLog = __msan::kRegionSizeLog;
typedef __msan::ByteMap ByteMap;
typedef MsanMapUnmapCallback MapUnmapCallback;
static const uptr kFlags = 0;
};
typedef SizeClassAllocator32<AP32> PrimaryAllocator;
#endif
typedef SizeClassAllocatorLocalCache<PrimaryAllocator> AllocatorCache;
typedef LargeMmapAllocator<MsanMapUnmapCallback> SecondaryAllocator;
typedef CombinedAllocator<PrimaryAllocator, AllocatorCache,
SecondaryAllocator> Allocator;
Allocator &get_allocator();
struct MsanThreadLocalMallocStorage { struct MsanThreadLocalMallocStorage {
uptr quarantine_cache[16]; uptr quarantine_cache[16];
// Allocator cache contains atomic_uint64_t which must be 8-byte aligned. // Allocator cache contains atomic_uint64_t which must be 8-byte aligned.
ALIGNED(8) uptr allocator_cache[96 * (512 * 8 + 16)]; // Opaque. ALIGNED(8) uptr allocator_cache[96 * (512 * 8 + 16)]; // Opaque.
void CommitBack(); void CommitBack();
private: private:
// These objects are allocated via mmap() and are zero-initialized. // These objects are allocated via mmap() and are zero-initialized.
MsanThreadLocalMallocStorage() {} MsanThreadLocalMallocStorage() {}
}; };
} // namespace __msan } // namespace __msan
#endif // MSAN_ALLOCATOR_H #endif // MSAN_ALLOCATOR_H

compiler-rt/trunk/lib/msan/msan_allocator.cc

//===-- msan_allocator.cc --------------------------- ---------------------===// //===-- msan_allocator.cc --------------------------- ---------------------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This file is a part of MemorySanitizer. // This file is a part of MemorySanitizer.
// //
// MemorySanitizer allocator. // MemorySanitizer allocator.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "sanitizer_common/sanitizer_allocator.h"
#include "sanitizer_common/sanitizer_allocator_interface.h"
#include "msan.h" #include "msan.h"
#include "msan_allocator.h" #include "msan_allocator.h"
#include "msan_origin.h" #include "msan_origin.h"
#include "msan_thread.h" #include "msan_thread.h"
#include "msan_poisoning.h" #include "msan_poisoning.h"
namespace __msan { namespace __msan {
struct Metadata {
uptr requested_size;
};
struct MsanMapUnmapCallback {
void OnMap(uptr p, uptr size) const {}
void OnUnmap(uptr p, uptr size) const {
__msan_unpoison((void *)p, size);
// We are about to unmap a chunk of user memory.
// Mark the corresponding shadow memory as not needed.
uptr shadow_p = MEM_TO_SHADOW(p);
ReleaseMemoryPagesToOS(shadow_p, shadow_p + size);
if (__msan_get_track_origins()) {
uptr origin_p = MEM_TO_ORIGIN(p);
ReleaseMemoryPagesToOS(origin_p, origin_p + size);
}
}
};
#if defined(__mips64)
static const uptr kMaxAllowedMallocSize = 2UL << 30;
static const uptr kRegionSizeLog = 20;
static const uptr kNumRegions = SANITIZER_MMAP_RANGE_SIZE >> kRegionSizeLog;
typedef TwoLevelByteMap<(kNumRegions >> 12), 1 << 12> ByteMap;
struct AP32 {
static const uptr kSpaceBeg = 0;
static const u64 kSpaceSize = SANITIZER_MMAP_RANGE_SIZE;
static const uptr kMetadataSize = sizeof(Metadata);
typedef __sanitizer::CompactSizeClassMap SizeClassMap;
static const uptr kRegionSizeLog = __msan::kRegionSizeLog;
typedef __msan::ByteMap ByteMap;
typedef MsanMapUnmapCallback MapUnmapCallback;
static const uptr kFlags = 0;
};
typedef SizeClassAllocator32<AP32> PrimaryAllocator;
#elif defined(__x86_64__)
#if SANITIZER_LINUX && !defined(MSAN_LINUX_X86_64_OLD_MAPPING)
static const uptr kAllocatorSpace = 0x700000000000ULL;
#else
static const uptr kAllocatorSpace = 0x600000000000ULL;
#endif
static const uptr kMaxAllowedMallocSize = 8UL << 30;
struct AP64 { // Allocator64 parameters. Deliberately using a short name.
static const uptr kSpaceBeg = kAllocatorSpace;
static const uptr kSpaceSize = 0x40000000000; // 4T.
static const uptr kMetadataSize = sizeof(Metadata);
typedef DefaultSizeClassMap SizeClassMap;
typedef MsanMapUnmapCallback MapUnmapCallback;
static const uptr kFlags = 0;
};
typedef SizeClassAllocator64<AP64> PrimaryAllocator;
#elif defined(__powerpc64__)
static const uptr kMaxAllowedMallocSize = 2UL << 30; // 2G
struct AP64 { // Allocator64 parameters. Deliberately using a short name.
static const uptr kSpaceBeg = 0x300000000000;
static const uptr kSpaceSize = 0x020000000000; // 2T.
static const uptr kMetadataSize = sizeof(Metadata);
typedef DefaultSizeClassMap SizeClassMap;
typedef MsanMapUnmapCallback MapUnmapCallback;
static const uptr kFlags = 0;
};
typedef SizeClassAllocator64<AP64> PrimaryAllocator;
#elif defined(__aarch64__)
static const uptr kMaxAllowedMallocSize = 2UL << 30; // 2G
static const uptr kRegionSizeLog = 20;
static const uptr kNumRegions = SANITIZER_MMAP_RANGE_SIZE >> kRegionSizeLog;
typedef TwoLevelByteMap<(kNumRegions >> 12), 1 << 12> ByteMap;
struct AP32 {
static const uptr kSpaceBeg = 0;
static const u64 kSpaceSize = SANITIZER_MMAP_RANGE_SIZE;
static const uptr kMetadataSize = sizeof(Metadata);
typedef __sanitizer::CompactSizeClassMap SizeClassMap;
static const uptr kRegionSizeLog = __msan::kRegionSizeLog;
typedef __msan::ByteMap ByteMap;
typedef MsanMapUnmapCallback MapUnmapCallback;
static const uptr kFlags = 0;
};
typedef SizeClassAllocator32<AP32> PrimaryAllocator;
#endif
typedef SizeClassAllocatorLocalCache<PrimaryAllocator> AllocatorCache;
typedef LargeMmapAllocator<MsanMapUnmapCallback> SecondaryAllocator;
typedef CombinedAllocator<PrimaryAllocator, AllocatorCache,
SecondaryAllocator> Allocator;
static Allocator allocator; static Allocator allocator;
static AllocatorCache fallback_allocator_cache; static AllocatorCache fallback_allocator_cache;
static SpinMutex fallback_mutex; static SpinMutex fallback_mutex;
Allocator &get_allocator() { return allocator; }
void MsanAllocatorInit() { void MsanAllocatorInit() {
allocator.Init( allocator.Init(
common_flags()->allocator_may_return_null, common_flags()->allocator_may_return_null,
common_flags()->allocator_release_to_os_interval_ms); common_flags()->allocator_release_to_os_interval_ms);
} }
AllocatorCache *GetAllocatorCache(MsanThreadLocalMallocStorage *ms) { AllocatorCache *GetAllocatorCache(MsanThreadLocalMallocStorage *ms) {
CHECK(ms); CHECK(ms);
▲ Show 20 LinesShow All 143 LinesShow Last 20 Lines

compiler-rt/trunk/lib/msan/msan_interceptors.cc

Show First 20 LinesShow All 1,222 Lines▼ Show 20 Lines if (p != (void *)-1) {
if (!res) { if (!res) {
__msan_unpoison(p, ds.shm_segsz); __msan_unpoison(p, ds.shm_segsz);
} }
} }
return p; return p;
} }
static void BeforeFork() { static void BeforeFork() {
get_allocator().ForceLock();
StackDepotLockAll(); StackDepotLockAll();
ChainedOriginDepotLockAll(); ChainedOriginDepotLockAll();
} }
static void AfterFork() { static void AfterFork() {
ChainedOriginDepotUnlockAll(); ChainedOriginDepotUnlockAll();
StackDepotUnlockAll(); StackDepotUnlockAll();
get_allocator().ForceUnlock();
} }
INTERCEPTOR(int, fork, void) { INTERCEPTOR(int, fork, void) {
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
BeforeFork(); BeforeFork();
int pid = REAL(fork)(); int pid = REAL(fork)();
AfterFork(); AfterFork();
return pid; return pid;
▲ Show 20 LinesShow All 383 LinesShow Last 20 Lines

compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/allocator_fork_no_hang.cc

// https://github.com/google/sanitizers/issues/774
// Test that sanitizer allocator is fork-safe.
// Run a number of threads that perform memory allocation/deallocation, then fork
// and verify that malloc/free do not deadlock in the child process.
// RUN: %clangxx -std=c++11 -O0 %s -o %t
// RUN: ASAN_OPTIONS=detect_leaks=0 %run %t 2>&1 | FileCheck %s
// Fun fact: if test output is redirected to a file (as opposed to
// being piped directly to FileCheck), we may lose some "done"s due to
// a kernel bug:
// https://lkml.org/lkml/2014/2/17/324
// UNSUPPORTED: tsan
// Flaky on PPC64.
// UNSUPPORTED: powerpc64-target-arch
// UNSUPPORTED: powerpc64le-target-arch
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/time.h>
#include <signal.h>
#include <errno.h>
int done;
void *worker(void *arg) {
while (true) {
void *p = malloc(4);
if (__atomic_load_n(&done, __ATOMIC_RELAXED))
return 0;
}
return 0;
}
// Run through malloc/free in the child process.
// This can deadlock on allocator cache refilling.
void child() {
for (int i = 0; i < 10000; ++i) {
void *p = malloc(4);
}
write(2, "done\n", 5);
}
void test() {
const int kThreads = 10;
pthread_t t[kThreads];
for (int i = 0; i < kThreads; ++i)
pthread_create(&t[i], NULL, worker, (void*)(long)i);
usleep(100000);
pid_t pid = fork();
if (pid) {
// parent
__atomic_store_n(&done, 1, __ATOMIC_RELAXED);
pid_t p;
while ((p = wait(NULL)) == -1) { }
} else {
// child
child();
}
}
int main() {
const int kChildren = 30;
for (int i = 0; i < kChildren; ++i) {
pid_t pid = fork();
if (pid) {
// parent
} else {
test();
exit(0);
}
}
for (int i = 0; i < kChildren; ++i) {
pid_t p;
while ((p = wait(NULL)) == -1) { }
}
return 0;
}
// Expect 30 (== kChildren) "done" messages.
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done
// CHECK: done