This is an archive of the discontinued LLVM Phabricator instance.

[asan/win] Use SRW locks to fix a race in BlockingMutex
ClosedPublic

Authored by rnk on Jul 26 2018, 5:35 PM.

Download Raw Diff

Details

Reviewers

kcc
vitalybuka

Commits

rGa5ed43c1c9c4: [asan/win] Use SRW locks to fix a race in BlockingMutex
rCRT338331: [asan/win] Use SRW locks to fix a race in BlockingMutex
rL338331: [asan/win] Use SRW locks to fix a race in BlockingMutex

Summary

Before my change, BlockingMutex used Windows critial sections. Critical
sections can only be initialized by calling InitializeCriticalSection,
dynamically.

The primary sanitizer allocator expects to be able to reinterpret zero
initialized memory as a BlockingMutex and immediately lock it.
RegionInfo contains a mutex, and it placement new is never called for
it. These objects are accessed via:

RegionInfo *GetRegionInfo(uptr class_id) const {
  DCHECK_LT(class_id, kNumClasses);
  RegionInfo *regions = reinterpret_cast<RegionInfo *>(SpaceEnd());
  return &regions[class_id];
}

The memory comes from the OS without any other initialization.

For various reasons described in the comments, BlockingMutex::Lock would
check if the object appeared to be zero-initialized, and it would lazily
call the LinkerInitialized constructor to initialize the critical
section. This pattern is obviously racy, and the code had a bunch of
FIXMEs about it.

The best fix here is to use slim reader writer locks, which can start
out zero-initialized. They are available starting in Windows Vista. I
think it's safe to go ahead and use them today.

Diff Detail

Repository: rL LLVM

Event Timeline

rnk created this revision.Jul 26 2018, 5:35 PM

Herald added a subscriber: kubamracek. · View Herald TranscriptJul 26 2018, 5:35 PM

I'd like to try to get this in the next clang roll, since we're doing one for code coverage anyway. It'll help with https://crbug.com/783296#c57.

@vitalybuka is OOO, so let's put this in and see how it goes.

This revision was not accepted when it landed; it landed in state Needs Review.Jul 30 2018, 4:32 PM

Closed by commit rL338331: [asan/win] Use SRW locks to fix a race in BlockingMutex (authored by rnk). · Explain Why

This revision was automatically updated to reflect the committed changes.

Herald added a subscriber: delcypher. · View Herald TranscriptJul 30 2018, 4:32 PM

Revision Contents

Path

Size

compiler-rt/

trunk/

lib/

sanitizer_common/

sanitizer_mutex.h

7 lines

sanitizer_win.cc

35 lines

Diff 158130

compiler-rt/trunk/lib/sanitizer_common/sanitizer_mutex.h

	Show First 20 Lines • Show All 67 Lines • ▼ Show 20 Lines

	private:			private:
	SpinMutex(const SpinMutex&);			SpinMutex(const SpinMutex&);
	void operator=(const SpinMutex&);			void operator=(const SpinMutex&);
	};			};

	class BlockingMutex {			class BlockingMutex {
	public:			public:
	#if SANITIZER_WINDOWS
	// Windows does not currently support LinkerInitialized
	explicit BlockingMutex(LinkerInitialized);
	#else
	explicit constexpr BlockingMutex(LinkerInitialized)			explicit constexpr BlockingMutex(LinkerInitialized)
	: opaque_storage_ {0, }, owner_(0) {}			: opaque_storage_ {0, }, owner_{0} {}
	#endif
	BlockingMutex();			BlockingMutex();
	void Lock();			void Lock();
	void Unlock();			void Unlock();

	// This function does not guarantee an explicit check that the calling thread			// This function does not guarantee an explicit check that the calling thread
	// is the thread which owns the mutex. This behavior, while more strictly			// is the thread which owns the mutex. This behavior, while more strictly
	// correct, causes problems in cases like StopTheWorld, where a parent thread			// correct, causes problems in cases like StopTheWorld, where a parent thread
	// owns the mutex but a child checks that it is locked. Rather than			// owns the mutex but a child checks that it is locked. Rather than
	▲ Show 20 Lines • Show All 139 Lines • Show Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_win.cc

Show First 20 Lines • Show All 761 Lines • ▼ Show 20 Lines	if (!GetProcessMemoryInfo(GetCurrentProcess(), &counters, sizeof(counters)))
return 0;		return 0;
return counters.WorkingSetSize;		return counters.WorkingSetSize;
}		}

void internal_start_thread(void (func)(void arg), void arg) { return 0; }		void internal_start_thread(void (func)(void arg), void arg) { return 0; }
void internal_join_thread(void *th) { }		void internal_join_thread(void *th) { }

// ---------------------- BlockingMutex ---------------- {{{1		// ---------------------- BlockingMutex ---------------- {{{1
const uptr LOCK_UNINITIALIZED = 0;
const uptr LOCK_READY = (uptr)-1;

BlockingMutex::BlockingMutex(LinkerInitialized li) {
// FIXME: see comments in BlockingMutex::Lock() for the details.
CHECK(li == LINKER_INITIALIZED \|\| owner_ == LOCK_UNINITIALIZED);

CHECK(sizeof(CRITICAL_SECTION) <= sizeof(opaque_storage_));
InitializeCriticalSection((LPCRITICAL_SECTION)opaque_storage_);
owner_ = LOCK_READY;
}

BlockingMutex::BlockingMutex() {		BlockingMutex::BlockingMutex() {
CHECK(sizeof(CRITICAL_SECTION) <= sizeof(opaque_storage_));		CHECK(sizeof(SRWLOCK) <= sizeof(opaque_storage_));
InitializeCriticalSection((LPCRITICAL_SECTION)opaque_storage_);		internal_memset(this, 0, sizeof(*this));
owner_ = LOCK_READY;
}		}

void BlockingMutex::Lock() {		void BlockingMutex::Lock() {
if (owner_ == LOCK_UNINITIALIZED) {		AcquireSRWLockExclusive((PSRWLOCK)opaque_storage_);
// FIXME: hm, global BlockingMutex objects are not initialized?!?		CHECK_EQ(owner_, 0);
// This might be a side effect of the clang+cl+link Frankenbuild...
new(this) BlockingMutex((LinkerInitialized)(LINKER_INITIALIZED + 1));

// FIXME: If it turns out the linker doesn't invoke our
// constructors, we should probably manually Lock/Unlock all the global
// locks while we're starting in one thread to avoid double-init races.
}
EnterCriticalSection((LPCRITICAL_SECTION)opaque_storage_);
CHECK_EQ(owner_, LOCK_READY);
owner_ = GetThreadSelf();		owner_ = GetThreadSelf();
}		}

void BlockingMutex::Unlock() {		void BlockingMutex::Unlock() {
CHECK_EQ(owner_, GetThreadSelf());		CheckLocked();
owner_ = LOCK_READY;		owner_ = 0;
LeaveCriticalSection((LPCRITICAL_SECTION)opaque_storage_);		ReleaseSRWLockExclusive((PSRWLOCK)opaque_storage_);
}		}

void BlockingMutex::CheckLocked() {		void BlockingMutex::CheckLocked() {
CHECK_EQ(owner_, GetThreadSelf());		CHECK_EQ(owner_, GetThreadSelf());
}		}

uptr GetTlsSize() {		uptr GetTlsSize() {
return 0;		return 0;
▲ Show 20 Lines • Show All 263 Lines • Show Last 20 Lines