1//===-- sanitizer_stoptheworld_linux_libcdep.cc ---------------------------===//
2//
3//                     The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// See sanitizer_stoptheworld.h for details.
11// This implementation was inspired by Markus Gutschke's linuxthreads.cc.
12//
13//===----------------------------------------------------------------------===//
14
15#include "sanitizer_platform.h"
16
17#if SANITIZER_LINUX && (defined(__x86_64__) || defined(__mips__) || \
18                        defined(__aarch64__) || defined(__powerpc64__))
19
20#include "sanitizer_stoptheworld.h"
21
22#include "sanitizer_platform_limits_posix.h"
23#include "sanitizer_atomic.h"
24
25#include <errno.h>
26#include <sched.h> // for CLONE_* definitions
27#include <stddef.h>
28#include <sys/prctl.h> // for PR_* definitions
29#include <sys/ptrace.h> // for PTRACE_* definitions
30#include <sys/types.h> // for pid_t
31#include <sys/uio.h> // for iovec
32#include <elf.h> // for NT_PRSTATUS
33#if SANITIZER_ANDROID && defined(__arm__)
34# include <linux/user.h>  // for pt_regs
35#else
36# ifdef __aarch64__
37// GLIBC 2.20+ sys/user does not include asm/ptrace.h
38#  include <asm/ptrace.h>
39# endif
40# include <sys/user.h>  // for user_regs_struct
41#endif
42#include <sys/wait.h> // for signal-related stuff
43
44#ifdef sa_handler
45# undef sa_handler
46#endif
47
48#ifdef sa_sigaction
49# undef sa_sigaction
50#endif
51
52#include "sanitizer_common.h"
53#include "sanitizer_flags.h"
54#include "sanitizer_libc.h"
55#include "sanitizer_linux.h"
56#include "sanitizer_mutex.h"
57#include "sanitizer_placement_new.h"
58
59// This module works by spawning a Linux task which then attaches to every
60// thread in the caller process with ptrace. This suspends the threads, and
61// PTRACE_GETREGS can then be used to obtain their register state. The callback
62// supplied to StopTheWorld() is run in the tracer task while the threads are
63// suspended.
64// The tracer task must be placed in a different thread group for ptrace to
65// work, so it cannot be spawned as a pthread. Instead, we use the low-level
66// clone() interface (we want to share the address space with the caller
67// process, so we prefer clone() over fork()).
68//
69// We don't use any libc functions, relying instead on direct syscalls. There
70// are two reasons for this:
71// 1. calling a library function while threads are suspended could cause a
72// deadlock, if one of the treads happens to be holding a libc lock;
73// 2. it's generally not safe to call libc functions from the tracer task,
74// because clone() does not set up a thread-local storage for it. Any
75// thread-local variables used by libc will be shared between the tracer task
76// and the thread which spawned it.
77
78COMPILER_CHECK(sizeof(SuspendedThreadID) == sizeof(pid_t));
79
80namespace __sanitizer {
81
82// Structure for passing arguments into the tracer thread.
83struct TracerThreadArgument {
84  StopTheWorldCallback callback;
85  void *callback_argument;
86  // The tracer thread waits on this mutex while the parent finishes its
87  // preparations.
88  BlockingMutex mutex;
89  // Tracer thread signals its completion by setting done.
90  atomic_uintptr_t done;
91  uptr parent_pid;
92};
93
94// This class handles thread suspending/unsuspending in the tracer thread.
95class ThreadSuspender {
96 public:
97  explicit ThreadSuspender(pid_t pid, TracerThreadArgument *arg)
98    : arg(arg)
99    , pid_(pid) {
100      CHECK_GE(pid, 0);
101    }
102  bool SuspendAllThreads();
103  void ResumeAllThreads();
104  void KillAllThreads();
105  SuspendedThreadsList &suspended_threads_list() {
106    return suspended_threads_list_;
107  }
108  TracerThreadArgument *arg;
109 private:
110  SuspendedThreadsList suspended_threads_list_;
111  pid_t pid_;
112  bool SuspendThread(SuspendedThreadID thread_id);
113};
114
115bool ThreadSuspender::SuspendThread(SuspendedThreadID tid) {
116  // Are we already attached to this thread?
117  // Currently this check takes linear time, however the number of threads is
118  // usually small.
119  if (suspended_threads_list_.Contains(tid))
120    return false;
121  int pterrno;
122  if (internal_iserror(internal_ptrace(PTRACE_ATTACH, tid, nullptr, nullptr),
123                       &pterrno)) {
124    // Either the thread is dead, or something prevented us from attaching.
125    // Log this event and move on.
126    VReport(1, "Could not attach to thread %d (errno %d).\n", tid, pterrno);
127    return false;
128  } else {
129    VReport(2, "Attached to thread %d.\n", tid);
130    // The thread is not guaranteed to stop before ptrace returns, so we must
131    // wait on it. Note: if the thread receives a signal concurrently,
132    // we can get notification about the signal before notification about stop.
133    // In such case we need to forward the signal to the thread, otherwise
134    // the signal will be missed (as we do PTRACE_DETACH with arg=0) and
135    // any logic relying on signals will break. After forwarding we need to
136    // continue to wait for stopping, because the thread is not stopped yet.
137    // We do ignore delivery of SIGSTOP, because we want to make stop-the-world
138    // as invisible as possible.
139    for (;;) {
140      int status;
141      uptr waitpid_status;
142      HANDLE_EINTR(waitpid_status, internal_waitpid(tid, &status, __WALL));
143      int wperrno;
144      if (internal_iserror(waitpid_status, &wperrno)) {
145        // Got a ECHILD error. I don't think this situation is possible, but it
146        // doesn't hurt to report it.
147        VReport(1, "Waiting on thread %d failed, detaching (errno %d).\n",
148                tid, wperrno);
149        internal_ptrace(PTRACE_DETACH, tid, nullptr, nullptr);
150        return false;
151      }
152      if (WIFSTOPPED(status) && WSTOPSIG(status) != SIGSTOP) {
153        internal_ptrace(PTRACE_CONT, tid, nullptr,
154                        (void*)(uptr)WSTOPSIG(status));
155        continue;
156      }
157      break;
158    }
159    suspended_threads_list_.Append(tid);
160    return true;
161  }
162}
163
164void ThreadSuspender::ResumeAllThreads() {
165  for (uptr i = 0; i < suspended_threads_list_.thread_count(); i++) {
166    pid_t tid = suspended_threads_list_.GetThreadID(i);
167    int pterrno;
168    if (!internal_iserror(internal_ptrace(PTRACE_DETACH, tid, nullptr, nullptr),
169                          &pterrno)) {
170      VReport(2, "Detached from thread %d.\n", tid);
171    } else {
172      // Either the thread is dead, or we are already detached.
173      // The latter case is possible, for instance, if this function was called
174      // from a signal handler.
175      VReport(1, "Could not detach from thread %d (errno %d).\n", tid, pterrno);
176    }
177  }
178}
179
180void ThreadSuspender::KillAllThreads() {
181  for (uptr i = 0; i < suspended_threads_list_.thread_count(); i++)
182    internal_ptrace(PTRACE_KILL, suspended_threads_list_.GetThreadID(i),
183                    nullptr, nullptr);
184}
185
186bool ThreadSuspender::SuspendAllThreads() {
187  ThreadLister thread_lister(pid_);
188  bool added_threads;
189  do {
190    // Run through the directory entries once.
191    added_threads = false;
192    pid_t tid = thread_lister.GetNextTID();
193    while (tid >= 0) {
194      if (SuspendThread(tid))
195        added_threads = true;
196      tid = thread_lister.GetNextTID();
197    }
198    if (thread_lister.error()) {
199      // Detach threads and fail.
200      ResumeAllThreads();
201      return false;
202    }
203    thread_lister.Reset();
204  } while (added_threads);
205  return true;
206}
207
208// Pointer to the ThreadSuspender instance for use in signal handler.
209static ThreadSuspender *thread_suspender_instance = nullptr;
210
211// Synchronous signals that should not be blocked.
212static const int kSyncSignals[] = { SIGABRT, SIGILL, SIGFPE, SIGSEGV, SIGBUS,
213                                    SIGXCPU, SIGXFSZ };
214
215static void TracerThreadDieCallback() {
216  // Generally a call to Die() in the tracer thread should be fatal to the
217  // parent process as well, because they share the address space.
218  // This really only works correctly if all the threads are suspended at this
219  // point. So we correctly handle calls to Die() from within the callback, but
220  // not those that happen before or after the callback. Hopefully there aren't
221  // a lot of opportunities for that to happen...
222  ThreadSuspender *inst = thread_suspender_instance;
223  if (inst && stoptheworld_tracer_pid == internal_getpid()) {
224    inst->KillAllThreads();
225    thread_suspender_instance = nullptr;
226  }
227}
228
229// Signal handler to wake up suspended threads when the tracer thread dies.
230static void TracerThreadSignalHandler(int signum, void *siginfo, void *uctx) {
231  SignalContext ctx = SignalContext::Create(siginfo, uctx);
232  VPrintf(1, "Tracer caught signal %d: addr=0x%zx pc=0x%zx sp=0x%zx\n",
233      signum, ctx.addr, ctx.pc, ctx.sp);
234  ThreadSuspender *inst = thread_suspender_instance;
235  if (inst) {
236    if (signum == SIGABRT)
237      inst->KillAllThreads();
238    else
239      inst->ResumeAllThreads();
240    RAW_CHECK(RemoveDieCallback(TracerThreadDieCallback));
241    thread_suspender_instance = nullptr;
242    atomic_store(&inst->arg->done, 1, memory_order_relaxed);
243  }
244  internal__exit((signum == SIGABRT) ? 1 : 2);
245}
246
247// Size of alternative stack for signal handlers in the tracer thread.
248static const int kHandlerStackSize = 4096;
249
250// This function will be run as a cloned task.
251static int TracerThread(void* argument) {
252  TracerThreadArgument *tracer_thread_argument =
253      (TracerThreadArgument *)argument;
254
255  internal_prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
256  // Check if parent is already dead.
257  if (internal_getppid() != tracer_thread_argument->parent_pid)
258    internal__exit(4);
259
260  // Wait for the parent thread to finish preparations.
261  tracer_thread_argument->mutex.Lock();
262  tracer_thread_argument->mutex.Unlock();
263
264  RAW_CHECK(AddDieCallback(TracerThreadDieCallback));
265
266  ThreadSuspender thread_suspender(internal_getppid(), tracer_thread_argument);
267  // Global pointer for the signal handler.
268  thread_suspender_instance = &thread_suspender;
269
270  // Alternate stack for signal handling.
271  InternalScopedBuffer<char> handler_stack_memory(kHandlerStackSize);
272  struct sigaltstack handler_stack;
273  internal_memset(&handler_stack, 0, sizeof(handler_stack));
274  handler_stack.ss_sp = handler_stack_memory.data();
275  handler_stack.ss_size = kHandlerStackSize;
276  internal_sigaltstack(&handler_stack, nullptr);
277
278  // Install our handler for synchronous signals. Other signals should be
279  // blocked by the mask we inherited from the parent thread.
280  for (uptr i = 0; i < ARRAY_SIZE(kSyncSignals); i++) {
281    __sanitizer_sigaction act;
282    internal_memset(&act, 0, sizeof(act));
283    act.sigaction = TracerThreadSignalHandler;
284    act.sa_flags = SA_ONSTACK | SA_SIGINFO;
285    internal_sigaction_norestorer(kSyncSignals[i], &act, 0);
286  }
287
288  int exit_code = 0;
289  if (!thread_suspender.SuspendAllThreads()) {
290    VReport(1, "Failed suspending threads.\n");
291    exit_code = 3;
292  } else {
293    tracer_thread_argument->callback(thread_suspender.suspended_threads_list(),
294                                     tracer_thread_argument->callback_argument);
295    thread_suspender.ResumeAllThreads();
296    exit_code = 0;
297  }
298  RAW_CHECK(RemoveDieCallback(TracerThreadDieCallback));
299  thread_suspender_instance = nullptr;
300  atomic_store(&tracer_thread_argument->done, 1, memory_order_relaxed);
301  return exit_code;
302}
303
304class ScopedStackSpaceWithGuard {
305 public:
306  explicit ScopedStackSpaceWithGuard(uptr stack_size) {
307    stack_size_ = stack_size;
308    guard_size_ = GetPageSizeCached();
309    // FIXME: Omitting MAP_STACK here works in current kernels but might break
310    // in the future.
311    guard_start_ = (uptr)MmapOrDie(stack_size_ + guard_size_,
312                                   "ScopedStackWithGuard");
313    CHECK(MprotectNoAccess((uptr)guard_start_, guard_size_));
314  }
315  ~ScopedStackSpaceWithGuard() {
316    UnmapOrDie((void *)guard_start_, stack_size_ + guard_size_);
317  }
318  void *Bottom() const {
319    return (void *)(guard_start_ + stack_size_ + guard_size_);
320  }
321
322 private:
323  uptr stack_size_;
324  uptr guard_size_;
325  uptr guard_start_;
326};
327
328// We have a limitation on the stack frame size, so some stuff had to be moved
329// into globals.
330static __sanitizer_sigset_t blocked_sigset;
331static __sanitizer_sigset_t old_sigset;
332
333class StopTheWorldScope {
334 public:
335  StopTheWorldScope() {
336    // Make this process dumpable. Processes that are not dumpable cannot be
337    // attached to.
338    process_was_dumpable_ = internal_prctl(PR_GET_DUMPABLE, 0, 0, 0, 0);
339    if (!process_was_dumpable_)
340      internal_prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
341  }
342
343  ~StopTheWorldScope() {
344    // Restore the dumpable flag.
345    if (!process_was_dumpable_)
346      internal_prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
347  }
348
349 private:
350  int process_was_dumpable_;
351};
352
353// When sanitizer output is being redirected to file (i.e. by using log_path),
354// the tracer should write to the parent's log instead of trying to open a new
355// file. Alert the logging code to the fact that we have a tracer.
356struct ScopedSetTracerPID {
357  explicit ScopedSetTracerPID(uptr tracer_pid) {
358    stoptheworld_tracer_pid = tracer_pid;
359    stoptheworld_tracer_ppid = internal_getpid();
360  }
361  ~ScopedSetTracerPID() {
362    stoptheworld_tracer_pid = 0;
363    stoptheworld_tracer_ppid = 0;
364  }
365};
366
367void StopTheWorld(StopTheWorldCallback callback, void *argument) {
368  StopTheWorldScope in_stoptheworld;
369  // Prepare the arguments for TracerThread.
370  struct TracerThreadArgument tracer_thread_argument;
371  tracer_thread_argument.callback = callback;
372  tracer_thread_argument.callback_argument = argument;
373  tracer_thread_argument.parent_pid = internal_getpid();
374  atomic_store(&tracer_thread_argument.done, 0, memory_order_relaxed);
375  const uptr kTracerStackSize = 2 * 1024 * 1024;
376  ScopedStackSpaceWithGuard tracer_stack(kTracerStackSize);
377  // Block the execution of TracerThread until after we have set ptrace
378  // permissions.
379  tracer_thread_argument.mutex.Lock();
380  // Signal handling story.
381  // We don't want async signals to be delivered to the tracer thread,
382  // so we block all async signals before creating the thread. An async signal
383  // handler can temporary modify errno, which is shared with this thread.
384  // We ought to use pthread_sigmask here, because sigprocmask has undefined
385  // behavior in multithreaded programs. However, on linux sigprocmask is
386  // equivalent to pthread_sigmask with the exception that pthread_sigmask
387  // does not allow to block some signals used internally in pthread
388  // implementation. We are fine with blocking them here, we are really not
389  // going to pthread_cancel the thread.
390  // The tracer thread should not raise any synchronous signals. But in case it
391  // does, we setup a special handler for sync signals that properly kills the
392  // parent as well. Note: we don't pass CLONE_SIGHAND to clone, so handlers
393  // in the tracer thread won't interfere with user program. Double note: if a
394  // user does something along the lines of 'kill -11 pid', that can kill the
395  // process even if user setup own handler for SEGV.
396  // Thing to watch out for: this code should not change behavior of user code
397  // in any observable way. In particular it should not override user signal
398  // handlers.
399  internal_sigfillset(&blocked_sigset);
400  for (uptr i = 0; i < ARRAY_SIZE(kSyncSignals); i++)
401    internal_sigdelset(&blocked_sigset, kSyncSignals[i]);
402  int rv = internal_sigprocmask(SIG_BLOCK, &blocked_sigset, &old_sigset);
403  CHECK_EQ(rv, 0);
404  uptr tracer_pid = internal_clone(
405      TracerThread, tracer_stack.Bottom(),
406      CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_UNTRACED,
407      &tracer_thread_argument, nullptr /* parent_tidptr */,
408      nullptr /* newtls */, nullptr /* child_tidptr */);
409  internal_sigprocmask(SIG_SETMASK, &old_sigset, 0);
410  int local_errno = 0;
411  if (internal_iserror(tracer_pid, &local_errno)) {
412    VReport(1, "Failed spawning a tracer thread (errno %d).\n", local_errno);
413    tracer_thread_argument.mutex.Unlock();
414  } else {
415    ScopedSetTracerPID scoped_set_tracer_pid(tracer_pid);
416    // On some systems we have to explicitly declare that we want to be traced
417    // by the tracer thread.
418#ifdef PR_SET_PTRACER
419    internal_prctl(PR_SET_PTRACER, tracer_pid, 0, 0, 0);
420#endif
421    // Allow the tracer thread to start.
422    tracer_thread_argument.mutex.Unlock();
423    // NOTE: errno is shared between this thread and the tracer thread.
424    // internal_waitpid() may call syscall() which can access/spoil errno,
425    // so we can't call it now. Instead we for the tracer thread to finish using
426    // the spin loop below. Man page for sched_yield() says "In the Linux
427    // implementation, sched_yield() always succeeds", so let's hope it does not
428    // spoil errno. Note that this spin loop runs only for brief periods before
429    // the tracer thread has suspended us and when it starts unblocking threads.
430    while (atomic_load(&tracer_thread_argument.done, memory_order_relaxed) == 0)
431      sched_yield();
432    // Now the tracer thread is about to exit and does not touch errno,
433    // wait for it.
434    for (;;) {
435      uptr waitpid_status = internal_waitpid(tracer_pid, nullptr, __WALL);
436      if (!internal_iserror(waitpid_status, &local_errno))
437        break;
438      if (local_errno == EINTR)
439        continue;
440      VReport(1, "Waiting on the tracer thread failed (errno %d).\n",
441              local_errno);
442      break;
443    }
444  }
445}
446
447// Platform-specific methods from SuspendedThreadsList.
448#if SANITIZER_ANDROID && defined(__arm__)
449typedef pt_regs regs_struct;
450#define REG_SP ARM_sp
451
452#elif SANITIZER_LINUX && defined(__arm__)
453typedef user_regs regs_struct;
454#define REG_SP uregs[13]
455
456#elif defined(__i386__) || defined(__x86_64__)
457typedef user_regs_struct regs_struct;
458#if defined(__i386__)
459#define REG_SP esp
460#else
461#define REG_SP rsp
462#endif
463
464#elif defined(__powerpc__) || defined(__powerpc64__)
465typedef pt_regs regs_struct;
466#define REG_SP gpr[PT_R1]
467
468#elif defined(__mips__)
469typedef struct user regs_struct;
470#define REG_SP regs[EF_REG29]
471
472#elif defined(__aarch64__)
473typedef struct user_pt_regs regs_struct;
474#define REG_SP sp
475#define ARCH_IOVEC_FOR_GETREGSET
476
477#else
478#error "Unsupported architecture"
479#endif // SANITIZER_ANDROID && defined(__arm__)
480
481int SuspendedThreadsList::GetRegistersAndSP(uptr index,
482                                            uptr *buffer,
483                                            uptr *sp) const {
484  pid_t tid = GetThreadID(index);
485  regs_struct regs;
486  int pterrno;
487#ifdef ARCH_IOVEC_FOR_GETREGSET
488  struct iovec regset_io;
489  regset_io.iov_base = &regs;
490  regset_io.iov_len = sizeof(regs_struct);
491  bool isErr = internal_iserror(internal_ptrace(PTRACE_GETREGSET, tid,
492                                (void*)NT_PRSTATUS, (void*)&regset_io),
493                                &pterrno);
494#else
495  bool isErr = internal_iserror(internal_ptrace(PTRACE_GETREGS, tid, nullptr,
496                                &regs), &pterrno);
497#endif
498  if (isErr) {
499    VReport(1, "Could not get registers from thread %d (errno %d).\n", tid,
500            pterrno);
501    return -1;
502  }
503
504  *sp = regs.REG_SP;
505  internal_memcpy(buffer, &regs, sizeof(regs));
506  return 0;
507}
508
509uptr SuspendedThreadsList::RegisterCount() {
510  return sizeof(regs_struct) / sizeof(uptr);
511}
512} // namespace __sanitizer
513
514#endif  // SANITIZER_LINUX && (defined(__x86_64__) || defined(__mips__)
515        // || defined(__aarch64__) || defined(__powerpc64__)
516