compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp

   1 //===-- tsan_platform_linux.cpp -------------------------------------------===//
   2 //
   3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
   4 // See https://llvm.org/LICENSE.txt for license information.
   5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
   6 //
   7 //===----------------------------------------------------------------------===//
   8 //
   9 // This file is a part of ThreadSanitizer (TSan), a race detector.
  10 //
  11 // Linux- and BSD-specific code.
  12 //===----------------------------------------------------------------------===//
  13
  14 #include "sanitizer_common/sanitizer_platform.h"
  15 #if SANITIZER_LINUX || SANITIZER_FREEBSD || SANITIZER_NETBSD
  16
  17 #include "sanitizer_common/sanitizer_common.h"
  18 #include "sanitizer_common/sanitizer_libc.h"
  19 #include "sanitizer_common/sanitizer_linux.h"
  20 #include "sanitizer_common/sanitizer_platform_limits_netbsd.h"
  21 #include "sanitizer_common/sanitizer_platform_limits_posix.h"
  22 #include "sanitizer_common/sanitizer_posix.h"
  23 #include "sanitizer_common/sanitizer_procmaps.h"
  24 #include "sanitizer_common/sanitizer_stackdepot.h"
  25 #include "sanitizer_common/sanitizer_stoptheworld.h"
  26 #include "tsan_flags.h"
  27 #include "tsan_platform.h"
  28 #include "tsan_rtl.h"
  29
  30 #include <fcntl.h>
  31 #include <pthread.h>
  32 #include <signal.h>
  33 #include <stdio.h>
  34 #include <stdlib.h>
  35 #include <string.h>
  36 #include <stdarg.h>
  37 #include <sys/mman.h>
  38 #if SANITIZER_LINUX
  39 #include <sys/personality.h>
  40 #include <setjmp.h>
  41 #endif
  42 #include <sys/syscall.h>
  43 #include <sys/socket.h>
  44 #include <sys/time.h>
  45 #include <sys/types.h>
  46 #include <sys/resource.h>
  47 #include <sys/stat.h>
  48 #include <unistd.h>
  49 #include <sched.h>
  50 #include <dlfcn.h>
  51 #if SANITIZER_LINUX
  52 #define __need_res_state
  53 #include <resolv.h>
  54 #endif
  55
  56 #ifdef sa_handler
  57 # undef sa_handler
  58 #endif
  59
  60 #ifdef sa_sigaction
  61 # undef sa_sigaction
  62 #endif
  63
  64 #if SANITIZER_FREEBSD
  65 extern "C" void *__libc_stack_end;
  66 void *__libc_stack_end = 0;
  67 #endif
  68
  69 #if SANITIZER_LINUX && (defined(__aarch64__) || defined(__loongarch_lp64)) && \
  70     !SANITIZER_GO
  71 # define INIT_LONGJMP_XOR_KEY 1
  72 #else
  73 # define INIT_LONGJMP_XOR_KEY 0
  74 #endif
  75
  76 #if INIT_LONGJMP_XOR_KEY
  77 #include "interception/interception.h"
  78 // Must be declared outside of other namespaces.
  79 DECLARE_REAL(int, _setjmp, void *env)
  80 #endif
  81
  82 namespace __tsan {
  83
  84 #if INIT_LONGJMP_XOR_KEY
  85 static void InitializeLongjmpXorKey();
  86 static uptr longjmp_xor_key;
  87 #endif
  88
  89 // Runtime detected VMA size.
  90 uptr vmaSize;
  91
  92 enum {
  93   MemTotal,
  94   MemShadow,
  95   MemMeta,
  96   MemFile,
  97   MemMmap,
  98   MemHeap,
  99   MemOther,
 100   MemCount,
 101 };
 102
 103 void FillProfileCallback(uptr p, uptr rss, bool file, uptr *mem) {
 104   mem[MemTotal] += rss;
 105   if (p >= ShadowBeg() && p < ShadowEnd())
 106     mem[MemShadow] += rss;
 107   else if (p >= MetaShadowBeg() && p < MetaShadowEnd())
 108     mem[MemMeta] += rss;
 109   else if ((p >= LoAppMemBeg() && p < LoAppMemEnd()) ||
 110            (p >= MidAppMemBeg() && p < MidAppMemEnd()) ||
 111            (p >= HiAppMemBeg() && p < HiAppMemEnd()))
 112     mem[file ? MemFile : MemMmap] += rss;
 113   else if (p >= HeapMemBeg() && p < HeapMemEnd())
 114     mem[MemHeap] += rss;
 115   else
 116     mem[MemOther] += rss;
 117 }
 118
 119 void WriteMemoryProfile(char *buf, uptr buf_size, u64 uptime_ns) {
 120   uptr mem[MemCount];
 121   internal_memset(mem, 0, sizeof(mem));
 122   GetMemoryProfile(FillProfileCallback, mem);
 123   auto meta = ctx->metamap.GetMemoryStats();
 124   StackDepotStats stacks = StackDepotGetStats();
 125   uptr nthread, nlive;
 126   ctx->thread_registry.GetNumberOfThreads(&nthread, &nlive);
 127   uptr trace_mem;
 128   {
 129     Lock l(&ctx->slot_mtx);
 130     trace_mem = ctx->trace_part_total_allocated * sizeof(TracePart);
 131   }
 132   uptr internal_stats[AllocatorStatCount];
 133   internal_allocator()->GetStats(internal_stats);
 134   // All these are allocated from the common mmap region.
 135   mem[MemMmap] -= meta.mem_block + meta.sync_obj + trace_mem +
 136                   stacks.allocated + internal_stats[AllocatorStatMapped];
 137   if (s64(mem[MemMmap]) < 0)
 138     mem[MemMmap] = 0;
 139   internal_snprintf(
 140       buf, buf_size,
 141       "==%zu== %llus [%zu]: RSS %zd MB: shadow:%zd meta:%zd file:%zd"
 142       " mmap:%zd heap:%zd other:%zd intalloc:%zd memblocks:%zd syncobj:%zu"
 143       " trace:%zu stacks=%zd threads=%zu/%zu\n",
 144       internal_getpid(), uptime_ns / (1000 * 1000 * 1000), ctx->global_epoch,
 145       mem[MemTotal] >> 20, mem[MemShadow] >> 20, mem[MemMeta] >> 20,
 146       mem[MemFile] >> 20, mem[MemMmap] >> 20, mem[MemHeap] >> 20,
 147       mem[MemOther] >> 20, internal_stats[AllocatorStatMapped] >> 20,
 148       meta.mem_block >> 20, meta.sync_obj >> 20, trace_mem >> 20,
 149       stacks.allocated >> 20, nlive, nthread);
 150 }
 151
 152 #if !SANITIZER_GO
 153 // Mark shadow for .rodata sections with the special Shadow::kRodata marker.
 154 // Accesses to .rodata can't race, so this saves time, memory and trace space.
 155 static NOINLINE void MapRodata(char* buffer, uptr size) {
 156   // First create temp file.
 157   const char *tmpdir = GetEnv("TMPDIR");
 158   if (tmpdir == 0)
 159     tmpdir = GetEnv("TEST_TMPDIR");
 160 #ifdef P_tmpdir
 161   if (tmpdir == 0)
 162     tmpdir = P_tmpdir;
 163 #endif
 164   if (tmpdir == 0)
 165     return;
 166   internal_snprintf(buffer, size, "%s/tsan.rodata.%d",
 167                     tmpdir, (int)internal_getpid());
 168   uptr openrv = internal_open(buffer, O_RDWR | O_CREAT | O_EXCL, 0600);
 169   if (internal_iserror(openrv))
 170     return;
 171   internal_unlink(buffer);  // Unlink it now, so that we can reuse the buffer.
 172   fd_t fd = openrv;
 173   // Fill the file with Shadow::kRodata.
 174   const uptr kMarkerSize = 512 * 1024 / sizeof(RawShadow);
 175   InternalMmapVector<RawShadow> marker(kMarkerSize);
 176   // volatile to prevent insertion of memset
 177   for (volatile RawShadow *p = marker.data(); p < marker.data() + kMarkerSize;
 178        p++)
 179     *p = Shadow::kRodata;
 180   internal_write(fd, marker.data(), marker.size() * sizeof(RawShadow));
 181   // Map the file into memory.
 182   uptr page = internal_mmap(0, GetPageSizeCached(), PROT_READ | PROT_WRITE,
 183                             MAP_PRIVATE | MAP_ANONYMOUS, fd, 0);
 184   if (internal_iserror(page)) {
 185     internal_close(fd);
 186     return;
 187   }
 188   // Map the file into shadow of .rodata sections.
 189   MemoryMappingLayout proc_maps(/*cache_enabled*/true);
 190   // Reusing the buffer 'buffer'.
 191   MemoryMappedSegment segment(buffer, size);
 192   while (proc_maps.Next(&segment)) {
 193     if (segment.filename[0] != 0 && segment.filename[0] != '[' &&
 194         segment.IsReadable() && segment.IsExecutable() &&
 195         !segment.IsWritable() && IsAppMem(segment.start)) {
 196       // Assume it's .rodata
 197       char *shadow_start = (char *)MemToShadow(segment.start);
 198       char *shadow_end = (char *)MemToShadow(segment.end);
 199       for (char *p = shadow_start; p < shadow_end;
 200            p += marker.size() * sizeof(RawShadow)) {
 201         internal_mmap(
 202             p, Min<uptr>(marker.size() * sizeof(RawShadow), shadow_end - p),
 203             PROT_READ, MAP_PRIVATE | MAP_FIXED, fd, 0);
 204       }
 205     }
 206   }
 207   internal_close(fd);
 208 }
 209
 210 void InitializeShadowMemoryPlatform() {
 211   char buffer[256];  // Keep in a different frame.
 212   MapRodata(buffer, sizeof(buffer));
 213 }
 214
 215 #endif  // #if !SANITIZER_GO
 216
 217 #  if !SANITIZER_GO
 218 static void ReExecIfNeeded(bool ignore_heap) {
 219   // Go maps shadow memory lazily and works fine with limited address space.
 220   // Unlimited stack is not a problem as well, because the executable
 221   // is not compiled with -pie.
 222   bool reexec = false;
 223   // TSan doesn't play well with unlimited stack size (as stack
 224   // overlaps with shadow memory). If we detect unlimited stack size,
 225   // we re-exec the program with limited stack size as a best effort.
 226   if (StackSizeIsUnlimited()) {
 227     const uptr kMaxStackSize = 32 * 1024 * 1024;
 228     VReport(1,
 229             "Program is run with unlimited stack size, which wouldn't "
 230             "work with ThreadSanitizer.\n"
 231             "Re-execing with stack size limited to %zd bytes.\n",
 232             kMaxStackSize);
 233     SetStackSizeLimitInBytes(kMaxStackSize);
 234     reexec = true;
 235   }
 236
 237   if (!AddressSpaceIsUnlimited()) {
 238     Report(
 239         "WARNING: Program is run with limited virtual address space,"
 240         " which wouldn't work with ThreadSanitizer.\n");
 241     Report("Re-execing with unlimited virtual address space.\n");
 242     SetAddressSpaceUnlimited();
 243     reexec = true;
 244   }
 245
 246 #    if SANITIZER_LINUX
 247 #      if SANITIZER_ANDROID && (defined(__aarch64__) || defined(__x86_64__))
 248   // ASLR personality check.
 249   int old_personality = personality(0xffffffff);
 250   bool aslr_on =
 251       (old_personality != -1) && ((old_personality & ADDR_NO_RANDOMIZE) == 0);
 252
 253   // After patch "arm64: mm: support ARCH_MMAP_RND_BITS." is introduced in
 254   // linux kernel, the random gap between stack and mapped area is increased
 255   // from 128M to 36G on 39-bit aarch64. As it is almost impossible to cover
 256   // this big range, we should disable randomized virtual space on aarch64.
 257   if (aslr_on) {
 258     VReport(1,
 259             "WARNING: Program is run with randomized virtual address "
 260             "space, which wouldn't work with ThreadSanitizer on Android.\n"
 261             "Re-execing with fixed virtual address space.\n");
 262     CHECK_NE(personality(old_personality | ADDR_NO_RANDOMIZE), -1);
 263     reexec = true;
 264   }
 265 #      endif
 266
 267   if (reexec) {
 268     // Don't check the address space since we're going to re-exec anyway.
 269   } else if (!CheckAndProtect(false, ignore_heap, false)) {
 270     // ASLR personality check.
 271     // N.B. 'personality' is sometimes forbidden by sandboxes, so we only call
 272     // this as a last resort (when the memory mapping is incompatible and TSan
 273     // would fail anyway).
 274     int old_personality = personality(0xffffffff);
 275     bool aslr_on =
 276         (old_personality != -1) && ((old_personality & ADDR_NO_RANDOMIZE) == 0);
 277
 278     if (aslr_on) {
 279       // Disable ASLR if the memory layout was incompatible.
 280       // Alternatively, we could just keep re-execing until we get lucky
 281       // with a compatible randomized layout, but the risk is that if it's
 282       // not an ASLR-related issue, we will be stuck in an infinite loop of
 283       // re-execing (unless we change ReExec to pass a parameter of the
 284       // number of retries allowed.)
 285       VReport(1,
 286               "WARNING: ThreadSanitizer: memory layout is incompatible, "
 287               "possibly due to high-entropy ASLR.\n"
 288               "Re-execing with fixed virtual address space.\n"
 289               "N.B. reducing ASLR entropy is preferable.\n");
 290       CHECK_NE(personality(old_personality | ADDR_NO_RANDOMIZE), -1);
 291       reexec = true;
 292     } else {
 293       Printf(
 294           "FATAL: ThreadSanitizer: memory layout is incompatible, "
 295           "even though ASLR is disabled.\n"
 296           "Please file a bug.\n");
 297       DumpProcessMap();
 298       Die();
 299     }
 300   }
 301 #    endif  // SANITIZER_LINUX
 302
 303   if (reexec)
 304     ReExec();
 305 }
 306 #  endif
 307
 308 void InitializePlatformEarly() {
 309   vmaSize =
 310     (MostSignificantSetBitIndex(GET_CURRENT_FRAME()) + 1);
 311 #if defined(__aarch64__)
 312 # if !SANITIZER_GO
 313   if (vmaSize != 39 && vmaSize != 42 && vmaSize != 48) {
 314     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
 315     Printf("FATAL: Found %zd - Supported 39, 42 and 48\n", vmaSize);
 316     Die();
 317   }
 318 #else
 319   if (vmaSize != 48) {
 320     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
 321     Printf("FATAL: Found %zd - Supported 48\n", vmaSize);
 322     Die();
 323   }
 324 #endif
 325 #elif SANITIZER_LOONGARCH64
 326 # if !SANITIZER_GO
 327   if (vmaSize != 47) {
 328     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
 329     Printf("FATAL: Found %zd - Supported 47\n", vmaSize);
 330     Die();
 331   }
 332 #    else
 333   if (vmaSize != 47) {
 334     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
 335     Printf("FATAL: Found %zd - Supported 47\n", vmaSize);
 336     Die();
 337   }
 338 #    endif
 339 #elif defined(__powerpc64__)
 340 # if !SANITIZER_GO
 341   if (vmaSize != 44 && vmaSize != 46 && vmaSize != 47) {
 342     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
 343     Printf("FATAL: Found %zd - Supported 44, 46, and 47\n", vmaSize);
 344     Die();
 345   }
 346 # else
 347   if (vmaSize != 46 && vmaSize != 47) {
 348     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
 349     Printf("FATAL: Found %zd - Supported 46, and 47\n", vmaSize);
 350     Die();
 351   }
 352 # endif
 353 #elif defined(__mips64)
 354 # if !SANITIZER_GO
 355   if (vmaSize != 40) {
 356     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
 357     Printf("FATAL: Found %zd - Supported 40\n", vmaSize);
 358     Die();
 359   }
 360 # else
 361   if (vmaSize != 47) {
 362     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
 363     Printf("FATAL: Found %zd - Supported 47\n", vmaSize);
 364     Die();
 365   }
 366 # endif
 367 #  elif SANITIZER_RISCV64
 368   // the bottom half of vma is allocated for userspace
 369   vmaSize = vmaSize + 1;
 370 #    if !SANITIZER_GO
 371   if (vmaSize != 39 && vmaSize != 48) {
 372     Printf("FATAL: ThreadSanitizer: unsupported VMA range\n");
 373     Printf("FATAL: Found %zd - Supported 39 and 48\n", vmaSize);
 374     Die();
 375   }
 376 #    endif
 377 #  endif
 378
 379 #  if !SANITIZER_GO
 380   // Heap has not been allocated yet
 381   ReExecIfNeeded(false);
 382 #  endif
 383 }
 384
 385 void InitializePlatform() {
 386   DisableCoreDumperIfNecessary();
 387
 388   // Go maps shadow memory lazily and works fine with limited address space.
 389   // Unlimited stack is not a problem as well, because the executable
 390   // is not compiled with -pie.
 391 #if !SANITIZER_GO
 392   {
 393 #    if SANITIZER_LINUX && (defined(__aarch64__) || defined(__loongarch_lp64))
 394     // Initialize the xor key used in {sig}{set,long}jump.
 395     InitializeLongjmpXorKey();
 396 #    endif
 397   }
 398
 399   // We called ReExecIfNeeded() in InitializePlatformEarly(), but there are
 400   // intervening allocations that result in an edge case:
 401   // 1) InitializePlatformEarly(): memory layout is compatible
 402   // 2) Intervening allocations happen
 403   // 3) InitializePlatform(): memory layout is incompatible and fails
 404   //    CheckAndProtect()
 405 #    if !SANITIZER_GO
 406   // Heap has already been allocated
 407   ReExecIfNeeded(true);
 408 #    endif
 409
 410   // Earlier initialization steps already re-exec'ed until we got a compatible
 411   // memory layout, so we don't expect any more issues here.
 412   if (!CheckAndProtect(true, true, true)) {
 413     Printf(
 414         "FATAL: ThreadSanitizer: unexpectedly found incompatible memory "
 415         "layout.\n");
 416     Printf("FATAL: Please file a bug.\n");
 417     DumpProcessMap();
 418     Die();
 419   }
 420
 421 #endif  // !SANITIZER_GO
 422 }
 423
 424 #if !SANITIZER_GO
 425 // Extract file descriptors passed to glibc internal __res_iclose function.
 426 // This is required to properly "close" the fds, because we do not see internal
 427 // closes within glibc. The code is a pure hack.
 428 int ExtractResolvFDs(void *state, int *fds, int nfd) {
 429 #if SANITIZER_LINUX && !SANITIZER_ANDROID
 430   int cnt = 0;
 431   struct __res_state *statp = (struct __res_state*)state;
 432   for (int i = 0; i < MAXNS && cnt < nfd; i++) {
 433     if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1)
 434       fds[cnt++] = statp->_u._ext.nssocks[i];
 435   }
 436   return cnt;
 437 #else
 438   return 0;
 439 #endif
 440 }
 441
 442 // Extract file descriptors passed via UNIX domain sockets.
 443 // This is required to properly handle "open" of these fds.
 444 // see 'man recvmsg' and 'man 3 cmsg'.
 445 int ExtractRecvmsgFDs(void *msgp, int *fds, int nfd) {
 446   int res = 0;
 447   msghdr *msg = (msghdr*)msgp;
 448   struct cmsghdr *cmsg = CMSG_FIRSTHDR(msg);
 449   for (; cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
 450     if (cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_type != SCM_RIGHTS)
 451       continue;
 452     int n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(fds[0]);
 453     for (int i = 0; i < n; i++) {
 454       fds[res++] = ((int*)CMSG_DATA(cmsg))[i];
 455       if (res == nfd)
 456         return res;
 457     }
 458   }
 459   return res;
 460 }
 461
 462 // Reverse operation of libc stack pointer mangling
 463 static uptr UnmangleLongJmpSp(uptr mangled_sp) {
 464 #if defined(__x86_64__)
 465 # if SANITIZER_LINUX
 466   // Reverse of:
 467   //   xor  %fs:0x30, %rsi
 468   //   rol  $0x11, %rsi
 469   uptr sp;
 470   asm("ror  $0x11,     %0 \n"
 471       "xor  %%fs:0x30, %0 \n"
 472       : "=r" (sp)
 473       : "0" (mangled_sp));
 474   return sp;
 475 # else
 476   return mangled_sp;
 477 # endif
 478 #elif defined(__aarch64__)
 479 # if SANITIZER_LINUX
 480   return mangled_sp ^ longjmp_xor_key;
 481 # else
 482   return mangled_sp;
 483 # endif
 484 #elif defined(__loongarch_lp64)
 485   return mangled_sp ^ longjmp_xor_key;
 486 #elif defined(__powerpc64__)
 487   // Reverse of:
 488   //   ld   r4, -28696(r13)
 489   //   xor  r4, r3, r4
 490   uptr xor_key;
 491   asm("ld  %0, -28696(%%r13)" : "=r" (xor_key));
 492   return mangled_sp ^ xor_key;
 493 #elif defined(__mips__)
 494   return mangled_sp;
 495 #    elif SANITIZER_RISCV64
 496   return mangled_sp;
 497 #    elif defined(__s390x__)
 498   // tcbhead_t.stack_guard
 499   uptr xor_key = ((uptr *)__builtin_thread_pointer())[5];
 500   return mangled_sp ^ xor_key;
 501 #    else
 502 #      error "Unknown platform"
 503 #    endif
 504 }
 505
 506 #if SANITIZER_NETBSD
 507 # ifdef __x86_64__
 508 #  define LONG_JMP_SP_ENV_SLOT 6
 509 # else
 510 #  error unsupported
 511 # endif
 512 #elif defined(__powerpc__)
 513 # define LONG_JMP_SP_ENV_SLOT 0
 514 #elif SANITIZER_FREEBSD
 515 # ifdef __aarch64__
 516 #  define LONG_JMP_SP_ENV_SLOT 1
 517 # else
 518 #  define LONG_JMP_SP_ENV_SLOT 2
 519 # endif
 520 #elif SANITIZER_LINUX
 521 # ifdef __aarch64__
 522 #  define LONG_JMP_SP_ENV_SLOT 13
 523 # elif defined(__loongarch__)
 524 #  define LONG_JMP_SP_ENV_SLOT 1
 525 # elif defined(__mips64)
 526 #  define LONG_JMP_SP_ENV_SLOT 1
 527 #      elif SANITIZER_RISCV64
 528 #        define LONG_JMP_SP_ENV_SLOT 13
 529 #      elif defined(__s390x__)
 530 #        define LONG_JMP_SP_ENV_SLOT 9
 531 #      else
 532 #        define LONG_JMP_SP_ENV_SLOT 6
 533 #      endif
 534 #endif
 535
 536 uptr ExtractLongJmpSp(uptr *env) {
 537   uptr mangled_sp = env[LONG_JMP_SP_ENV_SLOT];
 538   return UnmangleLongJmpSp(mangled_sp);
 539 }
 540
 541 #if INIT_LONGJMP_XOR_KEY
 542 // GLIBC mangles the function pointers in jmp_buf (used in {set,long}*jmp
 543 // functions) by XORing them with a random key.  For AArch64 it is a global
 544 // variable rather than a TCB one (as for x86_64/powerpc).  We obtain the key by
 545 // issuing a setjmp and XORing the SP pointer values to derive the key.
 546 static void InitializeLongjmpXorKey() {
 547   // 1. Call REAL(setjmp), which stores the mangled SP in env.
 548   jmp_buf env;
 549   REAL(_setjmp)(env);
 550
 551   // 2. Retrieve vanilla/mangled SP.
 552   uptr sp;
 553 #ifdef __loongarch__
 554   asm("move  %0, $sp" : "=r" (sp));
 555 #else
 556   asm("mov  %0, sp" : "=r" (sp));
 557 #endif
 558   uptr mangled_sp = ((uptr *)&env)[LONG_JMP_SP_ENV_SLOT];
 559
 560   // 3. xor SPs to obtain key.
 561   longjmp_xor_key = mangled_sp ^ sp;
 562 }
 563 #endif
 564
 565 extern "C" void __tsan_tls_initialization() {}
 566
 567 void ImitateTlsWrite(ThreadState *thr, uptr tls_addr, uptr tls_size) {
 568   // Check that the thr object is in tls;
 569   const uptr thr_beg = (uptr)thr;
 570   const uptr thr_end = (uptr)thr + sizeof(*thr);
 571   CHECK_GE(thr_beg, tls_addr);
 572   CHECK_LE(thr_beg, tls_addr + tls_size);
 573   CHECK_GE(thr_end, tls_addr);
 574   CHECK_LE(thr_end, tls_addr + tls_size);
 575   // Since the thr object is huge, skip it.
 576   const uptr pc = StackTrace::GetNextInstructionPc(
 577       reinterpret_cast<uptr>(__tsan_tls_initialization));
 578   MemoryRangeImitateWrite(thr, pc, tls_addr, thr_beg - tls_addr);
 579   MemoryRangeImitateWrite(thr, pc, thr_end, tls_addr + tls_size - thr_end);
 580 }
 581
 582 // Note: this function runs with async signals enabled,
 583 // so it must not touch any tsan state.
 584 int call_pthread_cancel_with_cleanup(int (*fn)(void *arg),
 585                                      void (*cleanup)(void *arg), void *arg) {
 586   // pthread_cleanup_push/pop are hardcore macros mess.
 587   // We can't intercept nor call them w/o including pthread.h.
 588   int res;
 589   pthread_cleanup_push(cleanup, arg);
 590   res = fn(arg);
 591   pthread_cleanup_pop(0);
 592   return res;
 593 }
 594 #endif  // !SANITIZER_GO
 595
 596 #if !SANITIZER_GO
 597 void ReplaceSystemMalloc() { }
 598 #endif
 599
 600 #if !SANITIZER_GO
 601 #if SANITIZER_ANDROID
 602 // On Android, one thread can call intercepted functions after
 603 // DestroyThreadState(), so add a fake thread state for "dead" threads.
 604 static ThreadState *dead_thread_state = nullptr;
 605
 606 ThreadState *cur_thread() {
 607   ThreadState* thr = reinterpret_cast<ThreadState*>(*get_android_tls_ptr());
 608   if (thr == nullptr) {
 609     __sanitizer_sigset_t emptyset;
 610     internal_sigfillset(&emptyset);
 611     __sanitizer_sigset_t oldset;
 612     CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &emptyset, &oldset));
 613     thr = reinterpret_cast<ThreadState*>(*get_android_tls_ptr());
 614     if (thr == nullptr) {
 615       thr = reinterpret_cast<ThreadState*>(MmapOrDie(sizeof(ThreadState),
 616                                                      "ThreadState"));
 617       *get_android_tls_ptr() = reinterpret_cast<uptr>(thr);
 618       if (dead_thread_state == nullptr) {
 619         dead_thread_state = reinterpret_cast<ThreadState*>(
 620             MmapOrDie(sizeof(ThreadState), "ThreadState"));
 621         dead_thread_state->fast_state.SetIgnoreBit();
 622         dead_thread_state->ignore_interceptors = 1;
 623         dead_thread_state->is_dead = true;
 624         *const_cast<u32*>(&dead_thread_state->tid) = -1;
 625         CHECK_EQ(0, internal_mprotect(dead_thread_state, sizeof(ThreadState),
 626                                       PROT_READ));
 627       }
 628     }
 629     CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &oldset, nullptr));
 630   }
 631   return thr;
 632 }
 633
 634 void set_cur_thread(ThreadState *thr) {
 635   *get_android_tls_ptr() = reinterpret_cast<uptr>(thr);
 636 }
 637
 638 void cur_thread_finalize() {
 639   __sanitizer_sigset_t emptyset;
 640   internal_sigfillset(&emptyset);
 641   __sanitizer_sigset_t oldset;
 642   CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &emptyset, &oldset));
 643   ThreadState* thr = reinterpret_cast<ThreadState*>(*get_android_tls_ptr());
 644   if (thr != dead_thread_state) {
 645     *get_android_tls_ptr() = reinterpret_cast<uptr>(dead_thread_state);
 646     UnmapOrDie(thr, sizeof(ThreadState));
 647   }
 648   CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &oldset, nullptr));
 649 }
 650 #endif  // SANITIZER_ANDROID
 651 #endif  // if !SANITIZER_GO
 652
 653 }  // namespace __tsan
 654
 655 #endif  // SANITIZER_LINUX || SANITIZER_FREEBSD || SANITIZER_NETBSD