2020-10-02 22:47:03 +02:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2020 The Android Open Source Project
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <gtest/gtest.h>
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
#if defined(__BIONIC__)
|
|
|
|
#include "bionic/pthread_internal.h"
|
|
|
|
|
|
|
|
// Ensure that the layout of these data structures is architecture independent and only depends on
|
|
|
|
// the bitness of the architecture.
|
|
|
|
template <typename CheckSize, typename CheckOffset>
|
|
|
|
void tests(CheckSize check_size, CheckOffset check_offset) {
|
|
|
|
#define CHECK_SIZE(name, size) \
|
|
|
|
check_size(#name, sizeof(name), size);
|
|
|
|
#define CHECK_OFFSET(name, field, offset) \
|
|
|
|
check_offset(#name, #field, offsetof(name, field), offset);
|
|
|
|
#ifdef __LP64__
|
2022-05-13 00:50:47 +02:00
|
|
|
CHECK_SIZE(pthread_internal_t, 784);
|
2020-10-02 22:47:03 +02:00
|
|
|
CHECK_OFFSET(pthread_internal_t, next, 0);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, prev, 8);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, tid, 16);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, attr, 24);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, join_state, 80);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, cleanup_stack, 88);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, start_routine, 96);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, start_routine_arg, 104);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, return_value, 112);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, start_mask, 120);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, alternate_signal_stack, 128);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, shadow_call_stack_guard_region, 136);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, stack_top, 144);
|
2020-09-12 00:05:17 +02:00
|
|
|
CHECK_OFFSET(pthread_internal_t, startup_handshake_lock, 156);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, mmap_base, 168);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, mmap_size, 176);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, mmap_base_unguarded, 184);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, mmap_size_unguarded, 192);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, vma_name_buffer, 200);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, thread_local_dtors, 232);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, current_dlerror, 240);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, dlerror_buffer, 248);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, bionic_tls, 760);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, errno_value, 768);
|
2022-05-13 00:50:47 +02:00
|
|
|
CHECK_OFFSET(pthread_internal_t, vfork_child_stack_bottom, 776);
|
2020-10-02 22:47:03 +02:00
|
|
|
CHECK_SIZE(bionic_tls, 12200);
|
|
|
|
CHECK_OFFSET(bionic_tls, key_data, 0);
|
|
|
|
CHECK_OFFSET(bionic_tls, locale, 2080);
|
|
|
|
CHECK_OFFSET(bionic_tls, basename_buf, 2088);
|
|
|
|
CHECK_OFFSET(bionic_tls, dirname_buf, 6184);
|
|
|
|
CHECK_OFFSET(bionic_tls, mntent_buf, 10280);
|
|
|
|
CHECK_OFFSET(bionic_tls, mntent_strings, 10320);
|
|
|
|
CHECK_OFFSET(bionic_tls, ptsname_buf, 11344);
|
|
|
|
CHECK_OFFSET(bionic_tls, ttyname_buf, 11376);
|
|
|
|
CHECK_OFFSET(bionic_tls, strerror_buf, 11440);
|
|
|
|
CHECK_OFFSET(bionic_tls, strsignal_buf, 11695);
|
|
|
|
CHECK_OFFSET(bionic_tls, group, 11952);
|
|
|
|
CHECK_OFFSET(bionic_tls, passwd, 12040);
|
|
|
|
CHECK_OFFSET(bionic_tls, fdtrack_disabled, 12192);
|
Fix recursive deadlock inside bionic_systrace
The first time should_trace() returns true, bionic_trace_begin() calls
open() on trace_marker.
The problem is that open() can call bionic_trace_begin(). We've observed
this happening, for example when:
* fdtrack is enabled. dlopen("libfdtrack.so") can be used to enable
fdtrack on a process.
* ThreadA is busy unwinding inside fdtrack and is holding an fdtrack
internal mutex.
* ThreadB calls bionic_trace_begin() for the first time since the
property "debug.atrace.tags.enableflags" contains ATRACE_TAG_BIONIC.
* ThreadB calls open("/sys/kernel/tracing/trace_marker"). Since fdtrack
is enabled, ThreadB tries to do unwinding as well.
* ThreadB, inside fdtrack's unwinding tries to grab the same mutex that
ThreadA is holding.
* Mutex contention is reported using bionic_systrace, therefore
bionic_trace_begin() is called again on ThreadB.
* ThreadB tries to grab g_lock in bionin_systrace.cpp, but that's
already held by ThreadB itself, earlier on the stack. Therefore
ThreadB is stuck.
I managed to reproduce the above scenario by manually pausing ThreadA
inside unwinding with a debugger and letting ThreadB hitting
bionic_trace_begin() for the first time.
We could avoid using g_lock while calling open() (either by releasing
g_lock and reacquiring it later, or by using atomics), but
bionic_trace_begin() would try to call open() again. In my tests, open()
does not call bionic_trace_begin() a third time, because fdtrack has
reentrancy protection, but there might be another code path inside open
that calls bionic_trace_begin again (it could be racy or only happen in
certain configurations).
This commit fixes the problem by implementing reentrancy protection in
bionic_systrace.
Sample callstack from ThreadA deadlocked before the fix:
```
* frame #0: 0x0000007436db077c libc.so`syscall at syscall.S:41
frame #1: 0x0000007436db0ba0 libc.so`bionic_trace_begin(char const*) [inlined] __futex(ftx=0x000000743737a548, op=<unavailable>, value=2, timeout=0x0000000000000000, bitset=-1) at bionic_futex.h:45:16
frame #2: 0x0000007436db0b8c libc.so`bionic_trace_begin(char const*) [inlined] __futex_wait_ex(ftx=0x000000743737a548, value=2) at bionic_futex.h:66:10
frame #3: 0x0000007436db0b78 libc.so`bionic_trace_begin(char const*) [inlined] Lock::lock(this=0x000000743737a548) at bionic_lock.h:67:7
frame #4: 0x0000007436db0b74 libc.so`bionic_trace_begin(char const*) [inlined] should_trace() at bionic_systrace.cpp:38:10
frame #5: 0x0000007436db0b74 libc.so`bionic_trace_begin(message="Contending for pthread mutex") at bionic_systrace.cpp:59:8
frame #6: 0x0000007436e193e4 libc.so`NonPI::MutexLockWithTimeout(pthread_mutex_internal_t*, bool, timespec const*) [inlined] NonPI::NormalMutexLock(mutex=0x0000007296cae9f0, shared=0, use_realtime_clock=false, abs_timeout_or_null=0x0000000000000000) at pthread_mutex.cpp:592:17
frame #7: 0x0000007436e193c8 libc.so`NonPI::MutexLockWithTimeout(mutex=0x0000007296cae9f0, use_realtime_clock=false, abs_timeout_or_null=0x0000000000000000) at pthread_mutex.cpp:719:16
frame #8: 0x0000007436e1912c libc.so`::pthread_mutex_lock(mutex_interface=<unavailable>) at pthread_mutex.cpp:839:12 [artificial]
frame #9: 0x00000071a4e5b290 libfdtrack.so`std::__1::mutex::lock() [inlined] std::__1::__libcpp_mutex_lock(__m=<unavailable>) at __threading_support:256:10
frame #10: 0x00000071a4e5b28c libfdtrack.so`std::__1::mutex::lock(this=<unavailable>) at mutex.cpp:31:14
frame #11: 0x00000071a4e32634 libfdtrack.so`unwindstack::Elf::Step(unsigned long, unwindstack::Regs*, unwindstack::Memory*, bool*, bool*) [inlined] std::__1::lock_guard<std::__1::mutex>::lock_guard(__m=0x0000007296cae9f0) at __mutex_base:104:27
frame #12: 0x00000071a4e32618 libfdtrack.so`unwindstack::Elf::Step(this=0x0000007296cae9c0, rel_pc=66116, regs=0x0000007266ca0470, process_memory=0x0000007246caa130, finished=0x0000007ff910efb4, is_signal_frame=0x0000007ff910efb0) at Elf.cpp:206:31
frame #13: 0x00000071a4e2b3b0 libfdtrack.so`unwindstack::LocalUnwinder::Unwind(this=0x00000071a4ea1528, frame_info=<unavailable>, max_frames=34) at LocalUnwinder.cpp:102:22
frame #14: 0x00000071a4e2a3ec libfdtrack.so`fd_hook(event=<unavailable>) at fdtrack.cpp:119:18
frame #15: 0x0000007436dbf684 libc.so`::__open_2(pathname=<unavailable>, flags=<unavailable>) at open.cpp:72:10
frame #16: 0x0000007436db0a04 libc.so`bionic_trace_begin(char const*) [inlined] open(pathname=<unavailable>, flags=524289) at fcntl.h:63:12
frame #17: 0x0000007436db09f0 libc.so`bionic_trace_begin(char const*) [inlined] get_trace_marker_fd() at bionic_systrace.cpp:49:25
frame #18: 0x0000007436db09c0 libc.so`bionic_trace_begin(message="pthread_create") at bionic_systrace.cpp:63:25
```
Bug: 213642769
Change-Id: I10d331859045cb4a8609b007f5c6cf2577ff44df
2022-01-25 19:52:04 +01:00
|
|
|
CHECK_OFFSET(bionic_tls, bionic_systrace_disabled, 12193);
|
|
|
|
CHECK_OFFSET(bionic_tls, padding, 12194);
|
2020-10-02 22:47:03 +02:00
|
|
|
#else
|
2022-05-13 00:50:47 +02:00
|
|
|
CHECK_SIZE(pthread_internal_t, 672);
|
2020-10-02 22:47:03 +02:00
|
|
|
CHECK_OFFSET(pthread_internal_t, next, 0);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, prev, 4);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, tid, 8);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, attr, 16);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, join_state, 40);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, cleanup_stack, 44);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, start_routine, 48);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, start_routine_arg, 52);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, return_value, 56);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, start_mask, 60);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, alternate_signal_stack, 68);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, shadow_call_stack_guard_region, 72);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, stack_top, 76);
|
2020-09-12 00:05:17 +02:00
|
|
|
CHECK_OFFSET(pthread_internal_t, startup_handshake_lock, 84);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, mmap_base, 92);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, mmap_size, 96);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, mmap_base_unguarded, 100);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, mmap_size_unguarded, 104);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, vma_name_buffer, 108);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, thread_local_dtors, 140);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, current_dlerror, 144);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, dlerror_buffer, 148);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, bionic_tls, 660);
|
|
|
|
CHECK_OFFSET(pthread_internal_t, errno_value, 664);
|
2022-05-13 00:50:47 +02:00
|
|
|
CHECK_OFFSET(pthread_internal_t, vfork_child_stack_bottom, 668);
|
2020-10-02 22:47:03 +02:00
|
|
|
CHECK_SIZE(bionic_tls, 11080);
|
|
|
|
CHECK_OFFSET(bionic_tls, key_data, 0);
|
|
|
|
CHECK_OFFSET(bionic_tls, locale, 1040);
|
|
|
|
CHECK_OFFSET(bionic_tls, basename_buf, 1044);
|
|
|
|
CHECK_OFFSET(bionic_tls, dirname_buf, 5140);
|
|
|
|
CHECK_OFFSET(bionic_tls, mntent_buf, 9236);
|
|
|
|
CHECK_OFFSET(bionic_tls, mntent_strings, 9260);
|
|
|
|
CHECK_OFFSET(bionic_tls, ptsname_buf, 10284);
|
|
|
|
CHECK_OFFSET(bionic_tls, ttyname_buf, 10316);
|
|
|
|
CHECK_OFFSET(bionic_tls, strerror_buf, 10380);
|
|
|
|
CHECK_OFFSET(bionic_tls, strsignal_buf, 10635);
|
|
|
|
CHECK_OFFSET(bionic_tls, group, 10892);
|
|
|
|
CHECK_OFFSET(bionic_tls, passwd, 10952);
|
|
|
|
CHECK_OFFSET(bionic_tls, fdtrack_disabled, 11076);
|
Fix recursive deadlock inside bionic_systrace
The first time should_trace() returns true, bionic_trace_begin() calls
open() on trace_marker.
The problem is that open() can call bionic_trace_begin(). We've observed
this happening, for example when:
* fdtrack is enabled. dlopen("libfdtrack.so") can be used to enable
fdtrack on a process.
* ThreadA is busy unwinding inside fdtrack and is holding an fdtrack
internal mutex.
* ThreadB calls bionic_trace_begin() for the first time since the
property "debug.atrace.tags.enableflags" contains ATRACE_TAG_BIONIC.
* ThreadB calls open("/sys/kernel/tracing/trace_marker"). Since fdtrack
is enabled, ThreadB tries to do unwinding as well.
* ThreadB, inside fdtrack's unwinding tries to grab the same mutex that
ThreadA is holding.
* Mutex contention is reported using bionic_systrace, therefore
bionic_trace_begin() is called again on ThreadB.
* ThreadB tries to grab g_lock in bionin_systrace.cpp, but that's
already held by ThreadB itself, earlier on the stack. Therefore
ThreadB is stuck.
I managed to reproduce the above scenario by manually pausing ThreadA
inside unwinding with a debugger and letting ThreadB hitting
bionic_trace_begin() for the first time.
We could avoid using g_lock while calling open() (either by releasing
g_lock and reacquiring it later, or by using atomics), but
bionic_trace_begin() would try to call open() again. In my tests, open()
does not call bionic_trace_begin() a third time, because fdtrack has
reentrancy protection, but there might be another code path inside open
that calls bionic_trace_begin again (it could be racy or only happen in
certain configurations).
This commit fixes the problem by implementing reentrancy protection in
bionic_systrace.
Sample callstack from ThreadA deadlocked before the fix:
```
* frame #0: 0x0000007436db077c libc.so`syscall at syscall.S:41
frame #1: 0x0000007436db0ba0 libc.so`bionic_trace_begin(char const*) [inlined] __futex(ftx=0x000000743737a548, op=<unavailable>, value=2, timeout=0x0000000000000000, bitset=-1) at bionic_futex.h:45:16
frame #2: 0x0000007436db0b8c libc.so`bionic_trace_begin(char const*) [inlined] __futex_wait_ex(ftx=0x000000743737a548, value=2) at bionic_futex.h:66:10
frame #3: 0x0000007436db0b78 libc.so`bionic_trace_begin(char const*) [inlined] Lock::lock(this=0x000000743737a548) at bionic_lock.h:67:7
frame #4: 0x0000007436db0b74 libc.so`bionic_trace_begin(char const*) [inlined] should_trace() at bionic_systrace.cpp:38:10
frame #5: 0x0000007436db0b74 libc.so`bionic_trace_begin(message="Contending for pthread mutex") at bionic_systrace.cpp:59:8
frame #6: 0x0000007436e193e4 libc.so`NonPI::MutexLockWithTimeout(pthread_mutex_internal_t*, bool, timespec const*) [inlined] NonPI::NormalMutexLock(mutex=0x0000007296cae9f0, shared=0, use_realtime_clock=false, abs_timeout_or_null=0x0000000000000000) at pthread_mutex.cpp:592:17
frame #7: 0x0000007436e193c8 libc.so`NonPI::MutexLockWithTimeout(mutex=0x0000007296cae9f0, use_realtime_clock=false, abs_timeout_or_null=0x0000000000000000) at pthread_mutex.cpp:719:16
frame #8: 0x0000007436e1912c libc.so`::pthread_mutex_lock(mutex_interface=<unavailable>) at pthread_mutex.cpp:839:12 [artificial]
frame #9: 0x00000071a4e5b290 libfdtrack.so`std::__1::mutex::lock() [inlined] std::__1::__libcpp_mutex_lock(__m=<unavailable>) at __threading_support:256:10
frame #10: 0x00000071a4e5b28c libfdtrack.so`std::__1::mutex::lock(this=<unavailable>) at mutex.cpp:31:14
frame #11: 0x00000071a4e32634 libfdtrack.so`unwindstack::Elf::Step(unsigned long, unwindstack::Regs*, unwindstack::Memory*, bool*, bool*) [inlined] std::__1::lock_guard<std::__1::mutex>::lock_guard(__m=0x0000007296cae9f0) at __mutex_base:104:27
frame #12: 0x00000071a4e32618 libfdtrack.so`unwindstack::Elf::Step(this=0x0000007296cae9c0, rel_pc=66116, regs=0x0000007266ca0470, process_memory=0x0000007246caa130, finished=0x0000007ff910efb4, is_signal_frame=0x0000007ff910efb0) at Elf.cpp:206:31
frame #13: 0x00000071a4e2b3b0 libfdtrack.so`unwindstack::LocalUnwinder::Unwind(this=0x00000071a4ea1528, frame_info=<unavailable>, max_frames=34) at LocalUnwinder.cpp:102:22
frame #14: 0x00000071a4e2a3ec libfdtrack.so`fd_hook(event=<unavailable>) at fdtrack.cpp:119:18
frame #15: 0x0000007436dbf684 libc.so`::__open_2(pathname=<unavailable>, flags=<unavailable>) at open.cpp:72:10
frame #16: 0x0000007436db0a04 libc.so`bionic_trace_begin(char const*) [inlined] open(pathname=<unavailable>, flags=524289) at fcntl.h:63:12
frame #17: 0x0000007436db09f0 libc.so`bionic_trace_begin(char const*) [inlined] get_trace_marker_fd() at bionic_systrace.cpp:49:25
frame #18: 0x0000007436db09c0 libc.so`bionic_trace_begin(message="pthread_create") at bionic_systrace.cpp:63:25
```
Bug: 213642769
Change-Id: I10d331859045cb4a8609b007f5c6cf2577ff44df
2022-01-25 19:52:04 +01:00
|
|
|
CHECK_OFFSET(bionic_tls, bionic_systrace_disabled, 11077);
|
|
|
|
CHECK_OFFSET(bionic_tls, padding, 11078);
|
2020-10-02 22:47:03 +02:00
|
|
|
#endif // __LP64__
|
|
|
|
#undef CHECK_SIZE
|
|
|
|
#undef CHECK_OFFSET
|
|
|
|
}
|
|
|
|
#endif // defined(__BIONIC__)
|
|
|
|
|
|
|
|
TEST(struct_layout, sizes_offsets) {
|
|
|
|
#if defined(__BIONIC__)
|
|
|
|
bool failed = false;
|
|
|
|
|
|
|
|
auto check_size = [&](const char* name, size_t size, size_t expected_size) {
|
|
|
|
EXPECT_EQ(expected_size, size) << "sizeof(" << name << ")";
|
|
|
|
if (size != expected_size) {
|
|
|
|
failed = true;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
auto check_offset = [&](const char* name, const char* field, size_t offset,
|
|
|
|
size_t expected_offset) {
|
|
|
|
EXPECT_EQ(expected_offset, offset) << "offsetof(" << name << ", " << field << ")";
|
|
|
|
if (offset != expected_offset) {
|
|
|
|
failed = true;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
tests(check_size, check_offset);
|
|
|
|
|
|
|
|
if (failed) {
|
|
|
|
printf(
|
|
|
|
"Please update the tests function in bionic/tests/struct_layout_test.cpp with the "
|
|
|
|
"following contents:\n");
|
|
|
|
|
|
|
|
auto print_size = [&](const char* name, size_t size, size_t expected_size) {
|
|
|
|
(void)expected_size;
|
|
|
|
printf(" CHECK_SIZE(%s, %zu);\n", name, size);
|
|
|
|
};
|
|
|
|
auto print_offset = [&](const char* name, const char* field, size_t offset,
|
|
|
|
size_t expected_offset) {
|
|
|
|
(void)expected_offset;
|
|
|
|
printf(" CHECK_OFFSET(%s, %s, %zu);\n", name, field, offset);
|
|
|
|
};
|
|
|
|
tests(print_size, print_offset);
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
GTEST_SKIP() << "bionic-only test";
|
|
|
|
#endif
|
|
|
|
}
|