llvm-project
631 строка · 22.9 Кб
1//===-- sanitizer_stoptheworld_linux_libcdep.cpp --------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// See sanitizer_stoptheworld.h for details.
10// This implementation was inspired by Markus Gutschke's linuxthreads.cc.
11//
12//===----------------------------------------------------------------------===//
13
14#include "sanitizer_platform.h"15
16#if SANITIZER_LINUX && \17(defined(__x86_64__) || defined(__mips__) || defined(__aarch64__) || \18defined(__powerpc64__) || defined(__s390__) || defined(__i386__) || \19defined(__arm__) || SANITIZER_RISCV64 || SANITIZER_LOONGARCH64)20
21#include "sanitizer_stoptheworld.h"22
23#include "sanitizer_platform_limits_posix.h"24#include "sanitizer_atomic.h"25
26#include <errno.h>27#include <sched.h> // for CLONE_* definitions28#include <stddef.h>29#include <sys/prctl.h> // for PR_* definitions30#include <sys/ptrace.h> // for PTRACE_* definitions31#include <sys/types.h> // for pid_t32#include <sys/uio.h> // for iovec33#include <elf.h> // for NT_PRSTATUS34#if (defined(__aarch64__) || SANITIZER_RISCV64 || SANITIZER_LOONGARCH64) && \35!SANITIZER_ANDROID36// GLIBC 2.20+ sys/user does not include asm/ptrace.h
37# include <asm/ptrace.h>38#endif39#include <sys/user.h> // for user_regs_struct40#if SANITIZER_ANDROID && SANITIZER_MIPS41# include <asm/reg.h> // for mips SP register in sys/user.h42#endif43#include <sys/wait.h> // for signal-related stuff44
45#ifdef sa_handler46# undef sa_handler47#endif48
49#ifdef sa_sigaction50# undef sa_sigaction51#endif52
53#include "sanitizer_common.h"54#include "sanitizer_flags.h"55#include "sanitizer_libc.h"56#include "sanitizer_linux.h"57#include "sanitizer_mutex.h"58#include "sanitizer_placement_new.h"59
60// Sufficiently old kernel headers don't provide this value, but we can still
61// call prctl with it. If the runtime kernel is new enough, the prctl call will
62// have the desired effect; if the kernel is too old, the call will error and we
63// can ignore said error.
64#ifndef PR_SET_PTRACER65#define PR_SET_PTRACER 0x59616d6166#endif67
68// This module works by spawning a Linux task which then attaches to every
69// thread in the caller process with ptrace. This suspends the threads, and
70// PTRACE_GETREGS can then be used to obtain their register state. The callback
71// supplied to StopTheWorld() is run in the tracer task while the threads are
72// suspended.
73// The tracer task must be placed in a different thread group for ptrace to
74// work, so it cannot be spawned as a pthread. Instead, we use the low-level
75// clone() interface (we want to share the address space with the caller
76// process, so we prefer clone() over fork()).
77//
78// We don't use any libc functions, relying instead on direct syscalls. There
79// are two reasons for this:
80// 1. calling a library function while threads are suspended could cause a
81// deadlock, if one of the treads happens to be holding a libc lock;
82// 2. it's generally not safe to call libc functions from the tracer task,
83// because clone() does not set up a thread-local storage for it. Any
84// thread-local variables used by libc will be shared between the tracer task
85// and the thread which spawned it.
86
87namespace __sanitizer {88
89class SuspendedThreadsListLinux final : public SuspendedThreadsList {90public:91SuspendedThreadsListLinux() { thread_ids_.reserve(1024); }92
93tid_t GetThreadID(uptr index) const override;94uptr ThreadCount() const override;95bool ContainsTid(tid_t thread_id) const;96void Append(tid_t tid);97
98PtraceRegistersStatus GetRegistersAndSP(uptr index,99InternalMmapVector<uptr> *buffer,100uptr *sp) const override;101
102private:103InternalMmapVector<tid_t> thread_ids_;104};105
106// Structure for passing arguments into the tracer thread.
107struct TracerThreadArgument {108StopTheWorldCallback callback;109void *callback_argument;110// The tracer thread waits on this mutex while the parent finishes its111// preparations.112Mutex mutex;113// Tracer thread signals its completion by setting done.114atomic_uintptr_t done;115uptr parent_pid;116};117
118// This class handles thread suspending/unsuspending in the tracer thread.
119class ThreadSuspender {120public:121explicit ThreadSuspender(pid_t pid, TracerThreadArgument *arg)122: arg(arg)123, pid_(pid) {124CHECK_GE(pid, 0);125}126bool SuspendAllThreads();127void ResumeAllThreads();128void KillAllThreads();129SuspendedThreadsListLinux &suspended_threads_list() {130return suspended_threads_list_;131}132TracerThreadArgument *arg;133private:134SuspendedThreadsListLinux suspended_threads_list_;135pid_t pid_;136bool SuspendThread(tid_t thread_id);137};138
139bool ThreadSuspender::SuspendThread(tid_t tid) {140// Are we already attached to this thread?141// Currently this check takes linear time, however the number of threads is142// usually small.143if (suspended_threads_list_.ContainsTid(tid)) return false;144int pterrno;145if (internal_iserror(internal_ptrace(PTRACE_ATTACH, tid, nullptr, nullptr),146&pterrno)) {147// Either the thread is dead, or something prevented us from attaching.148// Log this event and move on.149VReport(1, "Could not attach to thread %zu (errno %d).\n", (uptr)tid,150pterrno);151return false;152} else {153VReport(2, "Attached to thread %zu.\n", (uptr)tid);154// The thread is not guaranteed to stop before ptrace returns, so we must155// wait on it. Note: if the thread receives a signal concurrently,156// we can get notification about the signal before notification about stop.157// In such case we need to forward the signal to the thread, otherwise158// the signal will be missed (as we do PTRACE_DETACH with arg=0) and159// any logic relying on signals will break. After forwarding we need to160// continue to wait for stopping, because the thread is not stopped yet.161// We do ignore delivery of SIGSTOP, because we want to make stop-the-world162// as invisible as possible.163for (;;) {164int status;165uptr waitpid_status;166HANDLE_EINTR(waitpid_status, internal_waitpid(tid, &status, __WALL));167int wperrno;168if (internal_iserror(waitpid_status, &wperrno)) {169// Got a ECHILD error. I don't think this situation is possible, but it170// doesn't hurt to report it.171VReport(1, "Waiting on thread %zu failed, detaching (errno %d).\n",172(uptr)tid, wperrno);173internal_ptrace(PTRACE_DETACH, tid, nullptr, nullptr);174return false;175}176if (WIFSTOPPED(status) && WSTOPSIG(status) != SIGSTOP) {177internal_ptrace(PTRACE_CONT, tid, nullptr,178(void*)(uptr)WSTOPSIG(status));179continue;180}181break;182}183suspended_threads_list_.Append(tid);184return true;185}186}
187
188void ThreadSuspender::ResumeAllThreads() {189for (uptr i = 0; i < suspended_threads_list_.ThreadCount(); i++) {190pid_t tid = suspended_threads_list_.GetThreadID(i);191int pterrno;192if (!internal_iserror(internal_ptrace(PTRACE_DETACH, tid, nullptr, nullptr),193&pterrno)) {194VReport(2, "Detached from thread %d.\n", tid);195} else {196// Either the thread is dead, or we are already detached.197// The latter case is possible, for instance, if this function was called198// from a signal handler.199VReport(1, "Could not detach from thread %d (errno %d).\n", tid, pterrno);200}201}202}
203
204void ThreadSuspender::KillAllThreads() {205for (uptr i = 0; i < suspended_threads_list_.ThreadCount(); i++)206internal_ptrace(PTRACE_KILL, suspended_threads_list_.GetThreadID(i),207nullptr, nullptr);208}
209
210bool ThreadSuspender::SuspendAllThreads() {211ThreadLister thread_lister(pid_);212bool retry = true;213InternalMmapVector<tid_t> threads;214threads.reserve(128);215for (int i = 0; i < 30 && retry; ++i) {216retry = false;217switch (thread_lister.ListThreads(&threads)) {218case ThreadLister::Error:219ResumeAllThreads();220return false;221case ThreadLister::Incomplete:222retry = true;223break;224case ThreadLister::Ok:225break;226}227for (tid_t tid : threads) {228if (SuspendThread(tid))229retry = true;230}231}232return suspended_threads_list_.ThreadCount();233}
234
235// Pointer to the ThreadSuspender instance for use in signal handler.
236static ThreadSuspender *thread_suspender_instance = nullptr;237
238// Synchronous signals that should not be blocked.
239static const int kSyncSignals[] = { SIGABRT, SIGILL, SIGFPE, SIGSEGV, SIGBUS,240SIGXCPU, SIGXFSZ };241
242static void TracerThreadDieCallback() {243// Generally a call to Die() in the tracer thread should be fatal to the244// parent process as well, because they share the address space.245// This really only works correctly if all the threads are suspended at this246// point. So we correctly handle calls to Die() from within the callback, but247// not those that happen before or after the callback. Hopefully there aren't248// a lot of opportunities for that to happen...249ThreadSuspender *inst = thread_suspender_instance;250if (inst && stoptheworld_tracer_pid == internal_getpid()) {251inst->KillAllThreads();252thread_suspender_instance = nullptr;253}254}
255
256// Signal handler to wake up suspended threads when the tracer thread dies.
257static void TracerThreadSignalHandler(int signum, __sanitizer_siginfo *siginfo,258void *uctx) {259SignalContext ctx(siginfo, uctx);260Printf("Tracer caught signal %d: addr=0x%zx pc=0x%zx sp=0x%zx\n", signum,261ctx.addr, ctx.pc, ctx.sp);262ThreadSuspender *inst = thread_suspender_instance;263if (inst) {264if (signum == SIGABRT)265inst->KillAllThreads();266else267inst->ResumeAllThreads();268RAW_CHECK(RemoveDieCallback(TracerThreadDieCallback));269thread_suspender_instance = nullptr;270atomic_store(&inst->arg->done, 1, memory_order_relaxed);271}272internal__exit((signum == SIGABRT) ? 1 : 2);273}
274
275// Size of alternative stack for signal handlers in the tracer thread.
276static const int kHandlerStackSize = 8192;277
278// This function will be run as a cloned task.
279static int TracerThread(void* argument) {280TracerThreadArgument *tracer_thread_argument =281(TracerThreadArgument *)argument;282
283internal_prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);284// Check if parent is already dead.285if (internal_getppid() != tracer_thread_argument->parent_pid)286internal__exit(4);287
288// Wait for the parent thread to finish preparations.289tracer_thread_argument->mutex.Lock();290tracer_thread_argument->mutex.Unlock();291
292RAW_CHECK(AddDieCallback(TracerThreadDieCallback));293
294ThreadSuspender thread_suspender(internal_getppid(), tracer_thread_argument);295// Global pointer for the signal handler.296thread_suspender_instance = &thread_suspender;297
298// Alternate stack for signal handling.299InternalMmapVector<char> handler_stack_memory(kHandlerStackSize);300stack_t handler_stack;301internal_memset(&handler_stack, 0, sizeof(handler_stack));302handler_stack.ss_sp = handler_stack_memory.data();303handler_stack.ss_size = kHandlerStackSize;304internal_sigaltstack(&handler_stack, nullptr);305
306// Install our handler for synchronous signals. Other signals should be307// blocked by the mask we inherited from the parent thread.308for (uptr i = 0; i < ARRAY_SIZE(kSyncSignals); i++) {309__sanitizer_sigaction act;310internal_memset(&act, 0, sizeof(act));311act.sigaction = TracerThreadSignalHandler;312act.sa_flags = SA_ONSTACK | SA_SIGINFO;313internal_sigaction_norestorer(kSyncSignals[i], &act, 0);314}315
316int exit_code = 0;317if (!thread_suspender.SuspendAllThreads()) {318VReport(1, "Failed suspending threads.\n");319exit_code = 3;320} else {321tracer_thread_argument->callback(thread_suspender.suspended_threads_list(),322tracer_thread_argument->callback_argument);323thread_suspender.ResumeAllThreads();324exit_code = 0;325}326RAW_CHECK(RemoveDieCallback(TracerThreadDieCallback));327thread_suspender_instance = nullptr;328atomic_store(&tracer_thread_argument->done, 1, memory_order_relaxed);329return exit_code;330}
331
332class ScopedStackSpaceWithGuard {333public:334explicit ScopedStackSpaceWithGuard(uptr stack_size) {335stack_size_ = stack_size;336guard_size_ = GetPageSizeCached();337// FIXME: Omitting MAP_STACK here works in current kernels but might break338// in the future.339guard_start_ = (uptr)MmapOrDie(stack_size_ + guard_size_,340"ScopedStackWithGuard");341CHECK(MprotectNoAccess((uptr)guard_start_, guard_size_));342}343~ScopedStackSpaceWithGuard() {344UnmapOrDie((void *)guard_start_, stack_size_ + guard_size_);345}346void *Bottom() const {347return (void *)(guard_start_ + stack_size_ + guard_size_);348}349
350private:351uptr stack_size_;352uptr guard_size_;353uptr guard_start_;354};355
356// We have a limitation on the stack frame size, so some stuff had to be moved
357// into globals.
358static __sanitizer_sigset_t blocked_sigset;359static __sanitizer_sigset_t old_sigset;360
361class StopTheWorldScope {362public:363StopTheWorldScope() {364// Make this process dumpable. Processes that are not dumpable cannot be365// attached to.366process_was_dumpable_ = internal_prctl(PR_GET_DUMPABLE, 0, 0, 0, 0);367if (!process_was_dumpable_)368internal_prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);369}370
371~StopTheWorldScope() {372// Restore the dumpable flag.373if (!process_was_dumpable_)374internal_prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);375}376
377private:378int process_was_dumpable_;379};380
381// When sanitizer output is being redirected to file (i.e. by using log_path),
382// the tracer should write to the parent's log instead of trying to open a new
383// file. Alert the logging code to the fact that we have a tracer.
384struct ScopedSetTracerPID {385explicit ScopedSetTracerPID(uptr tracer_pid) {386stoptheworld_tracer_pid = tracer_pid;387stoptheworld_tracer_ppid = internal_getpid();388}389~ScopedSetTracerPID() {390stoptheworld_tracer_pid = 0;391stoptheworld_tracer_ppid = 0;392}393};394
395void StopTheWorld(StopTheWorldCallback callback, void *argument) {396StopTheWorldScope in_stoptheworld;397// Prepare the arguments for TracerThread.398struct TracerThreadArgument tracer_thread_argument;399tracer_thread_argument.callback = callback;400tracer_thread_argument.callback_argument = argument;401tracer_thread_argument.parent_pid = internal_getpid();402atomic_store(&tracer_thread_argument.done, 0, memory_order_relaxed);403const uptr kTracerStackSize = 2 * 1024 * 1024;404ScopedStackSpaceWithGuard tracer_stack(kTracerStackSize);405// Block the execution of TracerThread until after we have set ptrace406// permissions.407tracer_thread_argument.mutex.Lock();408// Signal handling story.409// We don't want async signals to be delivered to the tracer thread,410// so we block all async signals before creating the thread. An async signal411// handler can temporary modify errno, which is shared with this thread.412// We ought to use pthread_sigmask here, because sigprocmask has undefined413// behavior in multithreaded programs. However, on linux sigprocmask is414// equivalent to pthread_sigmask with the exception that pthread_sigmask415// does not allow to block some signals used internally in pthread416// implementation. We are fine with blocking them here, we are really not417// going to pthread_cancel the thread.418// The tracer thread should not raise any synchronous signals. But in case it419// does, we setup a special handler for sync signals that properly kills the420// parent as well. Note: we don't pass CLONE_SIGHAND to clone, so handlers421// in the tracer thread won't interfere with user program. Double note: if a422// user does something along the lines of 'kill -11 pid', that can kill the423// process even if user setup own handler for SEGV.424// Thing to watch out for: this code should not change behavior of user code425// in any observable way. In particular it should not override user signal426// handlers.427internal_sigfillset(&blocked_sigset);428for (uptr i = 0; i < ARRAY_SIZE(kSyncSignals); i++)429internal_sigdelset(&blocked_sigset, kSyncSignals[i]);430int rv = internal_sigprocmask(SIG_BLOCK, &blocked_sigset, &old_sigset);431CHECK_EQ(rv, 0);432uptr tracer_pid = internal_clone(433TracerThread, tracer_stack.Bottom(),434CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_UNTRACED,435&tracer_thread_argument, nullptr /* parent_tidptr */,436nullptr /* newtls */, nullptr /* child_tidptr */);437internal_sigprocmask(SIG_SETMASK, &old_sigset, 0);438int local_errno = 0;439if (internal_iserror(tracer_pid, &local_errno)) {440VReport(1, "Failed spawning a tracer thread (errno %d).\n", local_errno);441tracer_thread_argument.mutex.Unlock();442} else {443ScopedSetTracerPID scoped_set_tracer_pid(tracer_pid);444// On some systems we have to explicitly declare that we want to be traced445// by the tracer thread.446internal_prctl(PR_SET_PTRACER, tracer_pid, 0, 0, 0);447// Allow the tracer thread to start.448tracer_thread_argument.mutex.Unlock();449// NOTE: errno is shared between this thread and the tracer thread.450// internal_waitpid() may call syscall() which can access/spoil errno,451// so we can't call it now. Instead we for the tracer thread to finish using452// the spin loop below. Man page for sched_yield() says "In the Linux453// implementation, sched_yield() always succeeds", so let's hope it does not454// spoil errno. Note that this spin loop runs only for brief periods before455// the tracer thread has suspended us and when it starts unblocking threads.456while (atomic_load(&tracer_thread_argument.done, memory_order_relaxed) == 0)457sched_yield();458// Now the tracer thread is about to exit and does not touch errno,459// wait for it.460for (;;) {461uptr waitpid_status = internal_waitpid(tracer_pid, nullptr, __WALL);462if (!internal_iserror(waitpid_status, &local_errno))463break;464if (local_errno == EINTR)465continue;466VReport(1, "Waiting on the tracer thread failed (errno %d).\n",467local_errno);468break;469}470}471}
472
473// Platform-specific methods from SuspendedThreadsList.
474#if SANITIZER_ANDROID && defined(__arm__)475typedef pt_regs regs_struct;476#define REG_SP ARM_sp477
478#elif SANITIZER_LINUX && defined(__arm__)479typedef user_regs regs_struct;480#define REG_SP uregs[13]481
482#elif defined(__i386__) || defined(__x86_64__)483typedef user_regs_struct regs_struct;484#if defined(__i386__)485#define REG_SP esp486#else487#define REG_SP rsp488#endif489#define ARCH_IOVEC_FOR_GETREGSET490// Support ptrace extensions even when compiled without required kernel support
491#ifndef NT_X86_XSTATE492#define NT_X86_XSTATE 0x202493#endif494#ifndef PTRACE_GETREGSET495#define PTRACE_GETREGSET 0x4204496#endif497// Compiler may use FP registers to store pointers.
498static constexpr uptr kExtraRegs[] = {NT_X86_XSTATE, NT_FPREGSET};499
500#elif defined(__powerpc__) || defined(__powerpc64__)501typedef pt_regs regs_struct;502#define REG_SP gpr[PT_R1]503
504#elif defined(__mips__)505typedef struct user regs_struct;506# if SANITIZER_ANDROID507# define REG_SP regs[EF_R29]508# else509# define REG_SP regs[EF_REG29]510# endif511
512#elif defined(__aarch64__)513typedef struct user_pt_regs regs_struct;514#define REG_SP sp515static constexpr uptr kExtraRegs[] = {0};516#define ARCH_IOVEC_FOR_GETREGSET517
518#elif defined(__loongarch__)519typedef struct user_pt_regs regs_struct;520#define REG_SP regs[3]521static constexpr uptr kExtraRegs[] = {0};522#define ARCH_IOVEC_FOR_GETREGSET523
524#elif SANITIZER_RISCV64525typedef struct user_regs_struct regs_struct;526// sys/ucontext.h already defines REG_SP as 2. Undefine it first.
527#undef REG_SP528#define REG_SP sp529static constexpr uptr kExtraRegs[] = {0};530#define ARCH_IOVEC_FOR_GETREGSET531
532#elif defined(__s390__)533typedef _user_regs_struct regs_struct;534#define REG_SP gprs[15]535static constexpr uptr kExtraRegs[] = {0};536#define ARCH_IOVEC_FOR_GETREGSET537
538#else539#error "Unsupported architecture"540#endif // SANITIZER_ANDROID && defined(__arm__)541
542tid_t SuspendedThreadsListLinux::GetThreadID(uptr index) const {543CHECK_LT(index, thread_ids_.size());544return thread_ids_[index];545}
546
547uptr SuspendedThreadsListLinux::ThreadCount() const {548return thread_ids_.size();549}
550
551bool SuspendedThreadsListLinux::ContainsTid(tid_t thread_id) const {552for (uptr i = 0; i < thread_ids_.size(); i++) {553if (thread_ids_[i] == thread_id) return true;554}555return false;556}
557
558void SuspendedThreadsListLinux::Append(tid_t tid) {559thread_ids_.push_back(tid);560}
561
562PtraceRegistersStatus SuspendedThreadsListLinux::GetRegistersAndSP(563uptr index, InternalMmapVector<uptr> *buffer, uptr *sp) const {564pid_t tid = GetThreadID(index);565constexpr uptr uptr_sz = sizeof(uptr);566int pterrno;567#ifdef ARCH_IOVEC_FOR_GETREGSET568auto AppendF = [&](uptr regset) {569uptr size = buffer->size();570// NT_X86_XSTATE requires 64bit alignment.571uptr size_up = RoundUpTo(size, 8 / uptr_sz);572buffer->reserve(Max<uptr>(1024, size_up));573struct iovec regset_io;574for (;; buffer->resize(buffer->capacity() * 2)) {575buffer->resize(buffer->capacity());576uptr available_bytes = (buffer->size() - size_up) * uptr_sz;577regset_io.iov_base = buffer->data() + size_up;578regset_io.iov_len = available_bytes;579bool fail =580internal_iserror(internal_ptrace(PTRACE_GETREGSET, tid,581(void *)regset, (void *)®set_io),582&pterrno);583if (fail) {584VReport(1, "Could not get regset %p from thread %d (errno %d).\n",585(void *)regset, tid, pterrno);586buffer->resize(size);587return false;588}589
590// Far enough from the buffer size, no need to resize and repeat.591if (regset_io.iov_len + 64 < available_bytes)592break;593}594buffer->resize(size_up + RoundUpTo(regset_io.iov_len, uptr_sz) / uptr_sz);595return true;596};597
598buffer->clear();599bool fail = !AppendF(NT_PRSTATUS);600if (!fail) {601// Accept the first available and do not report errors.602for (uptr regs : kExtraRegs)603if (regs && AppendF(regs))604break;605}606#else607buffer->resize(RoundUpTo(sizeof(regs_struct), uptr_sz) / uptr_sz);608bool fail = internal_iserror(609internal_ptrace(PTRACE_GETREGS, tid, nullptr, buffer->data()), &pterrno);610if (fail)611VReport(1, "Could not get registers from thread %d (errno %d).\n", tid,612pterrno);613#endif614if (fail) {615// ESRCH means that the given thread is not suspended or already dead.616// Therefore it's unsafe to inspect its data (e.g. walk through stack) and617// we should notify caller about this.618return pterrno == ESRCH ? REGISTERS_UNAVAILABLE_FATAL619: REGISTERS_UNAVAILABLE;620}621
622*sp = reinterpret_cast<regs_struct *>(buffer->data())[0].REG_SP;623return REGISTERS_AVAILABLE;624}
625
626} // namespace __sanitizer627
628#endif // SANITIZER_LINUX && (defined(__x86_64__) || defined(__mips__)629// || defined(__aarch64__) || defined(__powerpc64__)630// || defined(__s390__) || defined(__i386__) || defined(__arm__)631// || SANITIZER_LOONGARCH64632