[compiler-rt] c7081b5 - tsan: fix crash during thread exit

Dmitry Vyukov via llvm-commits llvm-commits at lists.llvm.org
Tue Nov 16 07:43:17 PST 2021 

Author: Dmitry Vyukov
Date: 2021-11-16T16:43:09+01:00
New Revision: c7081b5b4cb57f27e6a075e1b5a63b7951cd8a7a

URL: https://github.com/llvm/llvm-project/commit/c7081b5b4cb57f27e6a075e1b5a63b7951cd8a7a
DIFF: https://github.com/llvm/llvm-project/commit/c7081b5b4cb57f27e6a075e1b5a63b7951cd8a7a.diff

LOG: tsan: fix crash during thread exit

Use of gethostent provokes caching of some resources inside of libc.
They are freed in __libc_thread_freeres very late in thread lifetime,
after our ThreadFinish. __libc_thread_freeres calls free which
previously crashed in malloc hooks.
Fix it by setting ignore_interceptors for finished threads,
which in turn prevents malloc hooks.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D113989

Added: 
    compiler-rt/test/tsan/Linux/sethostent.cpp

Modified: 
    compiler-rt/lib/tsan/rtl/tsan_rtl_thread.cpp

Removed: 
    


################################################################################
diff  --git a/compiler-rt/lib/tsan/rtl/tsan_rtl_thread.cpp b/compiler-rt/lib/tsan/rtl/tsan_rtl_thread.cpp
index 8532f5da5594d..dfead437f467b 100644
--- a/compiler-rt/lib/tsan/rtl/tsan_rtl_thread.cpp
+++ b/compiler-rt/lib/tsan/rtl/tsan_rtl_thread.cpp
@@ -228,6 +228,9 @@ void ThreadFinish(ThreadState *thr) {
     DontNeedShadowFor(thr->tls_addr, thr->tls_size);
   thr->is_dead = true;
   thr->is_inited = false;
+#if !SANITIZER_GO
+  thr->ignore_interceptors++;
+#endif
   ctx->thread_registry.FinishThread(thr->tid);
 }
 

diff  --git a/compiler-rt/test/tsan/Linux/sethostent.cpp b/compiler-rt/test/tsan/Linux/sethostent.cpp
new file mode 100644
index 0000000000000..6cb8c29182882
--- /dev/null
+++ b/compiler-rt/test/tsan/Linux/sethostent.cpp
@@ -0,0 +1,37 @@
+// RUN: %clang_tsan -O1 %s -o %t && %run %t 2>&1 | FileCheck %s
+
+// Use of gethostent provokes caching of some resources inside of libc.
+// They are freed in __libc_thread_freeres very late in thread lifetime,
+// after our ThreadFinish. __libc_thread_freeres calls free which
+// previously crashed in malloc hooks.
+
+#include "../test.h"
+#include <netdb.h>
+
+long X;
+
+extern "C" void __sanitizer_malloc_hook(void *ptr, size_t size) {
+  __atomic_fetch_add(&X, 1, __ATOMIC_RELAXED);
+}
+
+extern "C" void __sanitizer_free_hook(void *ptr) {
+  __atomic_fetch_sub(&X, 1, __ATOMIC_RELAXED);
+}
+
+void *Thread(void *x) {
+  sethostent(1);
+  gethostbyname("llvm.org");
+  gethostent();
+  endhostent();
+  return NULL;
+}
+
+int main() {
+  pthread_t th;
+  pthread_create(&th, NULL, Thread, NULL);
+  pthread_join(th, NULL);
+  fprintf(stderr, "DONE\n");
+  return 0;
+}
+
+// CHECK: DONE

More information about the llvm-commits mailing list