Home | History | Annotate | Download | only in lsan 
      1 //=-- lsan_common_linux.cc ------------------------------------------------===//
      2 //
      3 //                     The LLVM Compiler Infrastructure
      4 //
      5 // This file is distributed under the University of Illinois Open Source
      6 // License. See LICENSE.TXT for details.
      7 //
      8 //===----------------------------------------------------------------------===//
      9 //
     10 // This file is a part of LeakSanitizer.
     11 // Implementation of common leak checking functionality. Linux-specific code.
     12 //
     13 //===----------------------------------------------------------------------===//
     14 
     15 #include "sanitizer_common/sanitizer_platform.h"
     16 #include "lsan_common.h"
     17 
     18 #if CAN_SANITIZE_LEAKS && SANITIZER_LINUX
     19 #include <link.h>
     20 
     21 #include "sanitizer_common/sanitizer_common.h"
     22 #include "sanitizer_common/sanitizer_flags.h"
     23 #include "sanitizer_common/sanitizer_linux.h"
     24 #include "sanitizer_common/sanitizer_stackdepot.h"
     25 
     26 namespace __lsan {
     27 
     28 static const char kLinkerName[] = "ld";
     29 // We request 2 modules matching "ld", so we can print a warning if there's more
     30 // than one match. But only the first one is actually used.
     31 static char linker_placeholder[2 * sizeof(LoadedModule)] ALIGNED(64);
     32 static LoadedModule *linker = 0;
     33 
     34 static bool IsLinker(const char* full_name) {
     35   return LibraryNameIs(full_name, kLinkerName);
     36 }
     37 
     38 void InitializePlatformSpecificModules() {
     39   internal_memset(linker_placeholder, 0, sizeof(linker_placeholder));
     40   uptr num_matches = GetListOfModules(
     41       reinterpret_cast<LoadedModule *>(linker_placeholder), 2, IsLinker);
     42   if (num_matches == 1) {
     43     linker = reinterpret_cast<LoadedModule *>(linker_placeholder);
     44     return;
     45   }
     46   if (num_matches == 0)
     47     VReport(1, "LeakSanitizer: Dynamic linker not found. "
     48             "TLS will not be handled correctly.\n");
     49   else if (num_matches > 1)
     50     VReport(1, "LeakSanitizer: Multiple modules match \"%s\". "
     51             "TLS will not be handled correctly.\n", kLinkerName);
     52   linker = 0;
     53 }
     54 
     55 static int ProcessGlobalRegionsCallback(struct dl_phdr_info *info, size_t size,
     56                                         void *data) {
     57   Frontier *frontier = reinterpret_cast<Frontier *>(data);
     58   for (uptr j = 0; j < info->dlpi_phnum; j++) {
     59     const ElfW(Phdr) *phdr = &(info->dlpi_phdr[j]);
     60     // We're looking for .data and .bss sections, which reside in writeable,
     61     // loadable segments.
     62     if (!(phdr->p_flags & PF_W) || (phdr->p_type != PT_LOAD) ||
     63         (phdr->p_memsz == 0))
     64       continue;
     65     uptr begin = info->dlpi_addr + phdr->p_vaddr;
     66     uptr end = begin + phdr->p_memsz;
     67     uptr allocator_begin = 0, allocator_end = 0;
     68     GetAllocatorGlobalRange(&allocator_begin, &allocator_end);
     69     if (begin <= allocator_begin && allocator_begin < end) {
     70       CHECK_LE(allocator_begin, allocator_end);
     71       CHECK_LT(allocator_end, end);
     72       if (begin < allocator_begin)
     73         ScanRangeForPointers(begin, allocator_begin, frontier, "GLOBAL",
     74                              kReachable);
     75       if (allocator_end < end)
     76         ScanRangeForPointers(allocator_end, end, frontier, "GLOBAL",
     77                              kReachable);
     78     } else {
     79       ScanRangeForPointers(begin, end, frontier, "GLOBAL", kReachable);
     80     }
     81   }
     82   return 0;
     83 }
     84 
     85 // Scans global variables for heap pointers.
     86 void ProcessGlobalRegions(Frontier *frontier) {
     87   if (!flags()->use_globals) return;
     88   // FIXME: dl_iterate_phdr acquires a linker lock, so we run a risk of
     89   // deadlocking by running this under StopTheWorld. However, the lock is
     90   // reentrant, so we should be able to fix this by acquiring the lock before
     91   // suspending threads.
     92   dl_iterate_phdr(ProcessGlobalRegionsCallback, frontier);
     93 }
     94 
     95 static uptr GetCallerPC(u32 stack_id, StackDepotReverseMap *map) {
     96   CHECK(stack_id);
     97   uptr size = 0;
     98   const uptr *trace = map->Get(stack_id, &size);
     99   // The top frame is our malloc/calloc/etc. The next frame is the caller.
    100   if (size >= 2)
    101     return trace[1];
    102   return 0;
    103 }
    104 
    105 struct ProcessPlatformAllocParam {
    106   Frontier *frontier;
    107   StackDepotReverseMap *stack_depot_reverse_map;
    108 };
    109 
    110 // ForEachChunk callback. Identifies unreachable chunks which must be treated as
    111 // reachable. Marks them as reachable and adds them to the frontier.
    112 static void ProcessPlatformSpecificAllocationsCb(uptr chunk, void *arg) {
    113   CHECK(arg);
    114   ProcessPlatformAllocParam *param =
    115       reinterpret_cast<ProcessPlatformAllocParam *>(arg);
    116   chunk = GetUserBegin(chunk);
    117   LsanMetadata m(chunk);
    118   if (m.allocated() && m.tag() != kReachable) {
    119     u32 stack_id = m.stack_trace_id();
    120     uptr caller_pc = 0;
    121     if (stack_id > 0)
    122       caller_pc = GetCallerPC(stack_id, param->stack_depot_reverse_map);
    123     // If caller_pc is unknown, this chunk may be allocated in a coroutine. Mark
    124     // it as reachable, as we can't properly report its allocation stack anyway.
    125     if (caller_pc == 0 || linker->containsAddress(caller_pc)) {
    126       m.set_tag(kReachable);
    127       param->frontier->push_back(chunk);
    128     }
    129   }
    130 }
    131 
    132 // Handles dynamically allocated TLS blocks by treating all chunks allocated
    133 // from ld-linux.so as reachable.
    134 // Dynamic TLS blocks contain the TLS variables of dynamically loaded modules.
    135 // They are allocated with a __libc_memalign() call in allocate_and_init()
    136 // (elf/dl-tls.c). Glibc won't tell us the address ranges occupied by those
    137 // blocks, but we can make sure they come from our own allocator by intercepting
    138 // __libc_memalign(). On top of that, there is no easy way to reach them. Their
    139 // addresses are stored in a dynamically allocated array (the DTV) which is
    140 // referenced from the static TLS. Unfortunately, we can't just rely on the DTV
    141 // being reachable from the static TLS, and the dynamic TLS being reachable from
    142 // the DTV. This is because the initial DTV is allocated before our interception
    143 // mechanism kicks in, and thus we don't recognize it as allocated memory. We
    144 // can't special-case it either, since we don't know its size.
    145 // Our solution is to include in the root set all allocations made from
    146 // ld-linux.so (which is where allocate_and_init() is implemented). This is
    147 // guaranteed to include all dynamic TLS blocks (and possibly other allocations
    148 // which we don't care about).
    149 void ProcessPlatformSpecificAllocations(Frontier *frontier) {
    150   if (!flags()->use_tls) return;
    151   if (!linker) return;
    152   StackDepotReverseMap stack_depot_reverse_map;
    153   ProcessPlatformAllocParam arg = {frontier, &stack_depot_reverse_map};
    154   ForEachChunk(ProcessPlatformSpecificAllocationsCb, &arg);
    155 }
    156 
    157 }  // namespace __lsan
    158 #endif  // CAN_SANITIZE_LEAKS && SANITIZER_LINUX
    159