Merge pull request #2234 from synqa/add-more-tsan-suppression

Add Thread Sanitizer suppressions for FreeTick64 and UnixLock

.github/workflows/coverity.yml

@@ -4,6 +4,7 @@ name: Coverity
 on:
   schedule:
   - cron: "0 0 * * *"
+  workflow_dispatch:
 
 permissions:
   contents: read
@@ -11,7 +12,7 @@ permissions:
 jobs:
   scan:
     runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
+    if: ${{ github.repository_owner == 'SoftEtherVPN' || github.event_name == 'workflow_dispatch' }}
     steps:
     - uses: actions/checkout@v2
       with:

README.md

@@ -220,7 +220,7 @@ Please look at the [ContainerREADME.md](ContainerREADME.md)
 
 ## Build from Source code
 
-see [BUILD_UNIX](src/BUILD_UNIX.md), [BUILD_WINDOWS](src/BUILD_WINDOWS.md), or [BUILD_WINDOWS_ARM64](src/BUILD_WINDOWS_ARM64.md)
+see [BUILD_UNIX](src/BUILD_UNIX.md) or [BUILD_WINDOWS](src/BUILD_WINDOWS.md)
 
 There are two flavours of SoftEtherVPN source code:
 

src/BUILD_WINDOWS.md

@@ -88,6 +88,10 @@ into it. So that is what will be described below.
 
      Cross compile x86 executables with 64-bit compiler
     
+    - arm64-on-x64
+
+     Cross compile arm64 executables with x64t compiler
+
    On 64-bit Windows, all four configurations can be used. 32-bit platforms can only use 32-bit compiler.
 
 1. Visual Studio will try generating CMake cache. If not, click **Project -> Configure Cache** or **Generate Cache**.

src/BUILD_WINDOWS_ARM64.md

@@ -1,220 +0,0 @@
-# How to build SoftEther VPN for Windows ARM64
-
-This guide explains how to build SoftEther VPN for Windows ARM64 architecture. Windows on ARM is becoming increasingly important, especially on modern laptops and virtualized environments. This allows SoftEther VPN to run **natively on Windows ARM64**, improving performance and compatibility compared to x86 emulation.
-
-## Requirements
-
-- **Windows x64 host machine** (ARM64 builds are cross-compiled from x64)
-- Visual Studio 2019 or 2022 (Community Edition is fine)
-  
-  https://visualstudio.microsoft.com/downloads
-
-- Git for Windows (or other git tool)
-
-  https://gitforwindows.org/
-
-- vcpkg
-
-  https://github.com/microsoft/vcpkg
-
-## Installation
-
-### Visual Studio
-
-Download from the official site and run the installer.
-
-Make sure to check:
-- **Desktop development with C++** under *Workloads*
-- **Clang C++ Tools for Windows** in *Optional* components
-- **MSVC v142 - VS 2019 C++ ARM64 build tools** (or equivalent for VS 2022) in *Optional* components
-
-### Git
-
-Nothing special. Just follow the installer.
-
-### vcpkg
-
-Let's say you will install it to `C:\vcpkg`.
-
-Open your preferred terminal and go to `C:\`. Then run these commands:
-
-```
-C:\> git clone https://github.com/microsoft/vcpkg
-C:\> cd vcpkg
-C:\vcpkg> bootstrap-vcpkg.bat
-C:\vcpkg> vcpkg integrate install
-```
-
-## Update
-
-### vcpkg
-
-You are recommended to update vcpkg from time to time, so that the latest libraries are used in the build.
-
-Go to the installation path, pull the latest repo and the binary:
-
-```
-C:\vcpkg> git pull
-C:\vcpkg> bootstrap-vcpkg.bat
-```
-
-## Building
-
-### Step 1: Build x64-native first
-
-**Important:** For ARM64 builds, an existing `x64-native` build is required to generate `hamcore.se2`.
-
-1. Launch Visual Studio
-
-   Choose either **Clone a repository** to clone from GitHub or **Open a local folder** if you already have a copy.
-
-2. Open Terminal (*View -> Terminal*). Install the needed submodules to build the project:
-
-   `git submodule update --init --recursive`
-
-   **Note**: This step is not necessary if you have chosen **Clone a repository** as Visual Studio automatically takes care of it.
-
-3. Switch to folder view in the solution explorer
-
-4. Select **x64-native** configuration from the dropdown menu below the search box
-
-5. Visual Studio will try generating CMake cache. If not, click **Project -> Configure Cache** or **Generate Cache**.
-
-   If CMake is busy, you will find **Generate Cache** greyed out. Wait until it finishes or click **Cancel CMake Cache Generation** to stop it.
-
-   The initial configuration will take a longer time since it needs to download and install dependencies.
-
-6. When *CMake generation finished* is displayed, simply go to toolbar and click **Build -> Build All**.
-
-7. Wait for the x64 build to complete. This creates the necessary `hamcorebuilder` executable that will be reused for the ARM64 build.
-
-### Step 2: Build arm64-on-x64
-
-1. Switch to the **arm64-on-x64** configuration from the dropdown menu
-
-   This configuration cross-compiles ARM64 executables using the 64-bit compiler on your x64 Windows host.
-
-2. Click **Project -> Configure Cache** or **Generate Cache** to configure the ARM64 build.
-
-   The ARM64 build will reuse the `hamcorebuilder` executable from the x64-native build to generate `hamcore.se2`.
-
-3. When *CMake generation finished* is displayed, click **Build -> Build All**.
-
-4. Once building has finished, hopefully with no errors, look in the newly created `/build` directory in the project's folder.
-
-## Installation on Windows ARM64 Devices
-
-### Prerequisites
-
-- Windows 10 or Windows 11 ARM64 device
-- The compiled ARM64 binaries from the build process
-- Administrator privileges
-
-### Installing the VPN Client
-
-1. Copy the ARM64 build output to your Windows ARM64 device
-
-2. Run `vpnsetup.exe` from the ARM64 build output
-
-3. Select the components you want to install (typically VPN Client)
-
-4. Follow the installation wizard
-
-### VPN Client Driver Installation
-
-The ARM64 Neo6 VPN driver is included in the build and targets **Windows 10 ARM64** or later.
-
-**Important Notes:**
-
-- The ARM64 driver is **unsigned by default**
-- To use the unsigned driver, you need to:
-  1. Enable Windows Test Mode by running in an Administrator Command Prompt:
-     ```
-     bcdedit /set testsigning on
-     ```
-  2. Restart your computer
-  3. Install the VPN Client as described above
-
-- For production use, the driver should be properly signed with a valid code signing certificate
-
-### Disabling Test Mode (Optional)
-
-After you're done testing or if you have a signed driver, you can disable Test Mode:
-
-```
-bcdedit /set testsigning off
-```
-
-Then restart your computer.
-
-## Build Configuration Details
-
-The **arm64-on-x64** configuration includes:
-
-- **Cross-compilation target**: Windows ARM64
-- **Compiler**: clang-cl (LLVM)
-- **Toolchain**: MSVC ARM64 toolchain
-- **VCPKG triplet**: arm64-windows-static
-- **CPU feature detection**: ARM64 crypto extensions (AES via `PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE`)
-- **BLAKE2 optimization**: NEON implementation (instead of SSE2)
-
-## Notes
-
-### Build Number
-
-You can change the build number in `CMakeSettings.json`. Use any integer no less than 5180.
-
-Delete and regenerate CMake cache after the change.
-
-### OpenSSL
-
-The above instruction builds OpenSSL library statically in the SoftEther binaries. This means:
-
-- When you distribute the installer, users will not need to install OpenSSL separately
-- The OpenSSL library cannot be updated without a rebuild and reinstallation of SoftEther
-
-It's also possible to build OpenSSL library dynamically, but this requires additional configuration and is beyond the scope of this ARM64-specific guide. Refer to `BUILD_WINDOWS.md` for details on dynamic OpenSSL linking.
-
-### Driver Signing
-
-For production deployments, you should sign the ARM64 driver with a valid code signing certificate:
-
-1. Obtain a code signing certificate from a trusted Certificate Authority
-2. Use the Windows Driver Kit (WDK) tools to sign the driver
-3. Distribute the signed driver to users
-
-Without driver signing, users will need to enable Test Mode which reduces system security.
-
-### Tested Environments
-
-This ARM64 build process has been tested on:
-
-- Windows x64 host (cross-compiling ARM64)
-- Windows 10 ARM64 (VPN Client driver load and basic functionality)
-- Windows 11 ARM64 devices
-
-## Troubleshooting
-
-### Build Fails During hamcore.se2 Generation
-
-Make sure you have completed the x64-native build first. The ARM64 build requires the x64 `hamcorebuilder` executable.
-
-### Driver Installation Fails
-
-Ensure you have:
-- Enabled Test Mode (for unsigned drivers)
-- Administrator privileges
-- Windows 10 or later ARM64
-
-### VPN Client Doesn't Start
-
-Check that:
-- All ARM64 binaries are in the correct installation directory
-- The Neo6 ARM64 driver is properly installed
-- Windows Event Viewer for any error messages
-
-## References
-
-- Main Windows build guide: `BUILD_WINDOWS.md`
-- Pull Request #2209: Windows ARM64 support
-- Issue #1331: Windows ARM64 support request

src/BUILD_WinArm64.md

@@ -0,0 +1,52 @@
+# How to build and install SoftEther VPN on Windows ARM64
+
+This document describes how to build SoftEther VPN for Windows ARM64 and how to install the VPN Client and Neo6 virtual network adapter on Windows on ARM devices.
+
+
+## Requirements
+
+
+- Build host: Windows x64
+
+- Target device: Windows 10 / Windows 11 ARM64
+
+
+## Building 
+ 
+    **Notes before building**: ARM64 builds are cross-compiled from an x64 Windows host. An existing x64-native build is required to generate hamcore.se2.
+1. Follow [BUILD_WINDOWS.md](BUILD_WINDOWS.md##Building)
+
+1. Build x64 (Native): From the build menu, select x64-on-x64. Complete the build successfully. This build is required to generate shared resources
+
+1. Build ARM64 (Cross-Compiled): From the same build menu, select arm64-on-x64. 
+Build the ARM64 version of SoftEther VPN.
+
+1. Building the Neo6 Virtual Network Adapter (ARM64)
+
+    Open the following project in Visual Studio:
+    ```
+    .\src\Neo6\Neo6.vcxproj 
+    ```
+   
+    SoftEther VPN Client uses the Neo6 virtual network adapter.
+
+
+    Driver Output Files
+    The ARM64 driver package includes:
+    ```
+    Neo6_arm64_VPN.sys
+    Neo6_arm64_VPN.inf
+    ```
+    Driver Signing and Installation (Windows ARM64)
+    ```
+    Enable test-signing mode: bcdedit /set testsigning on
+    Reboot the system.
+    Testing signing:
+    Install the Neo6 ARM64 driver.
+    ```
+# Summary
+
+SoftEther VPN can be cross-compiled for Windows ARM64 on an x64 host
+VPN Client works natively on Windows on ARM
+Neo6 ARM64 driver requires Microsoft signing for production use
+Test-signing is suitable for local development only

src/Cedar/Proto_OpenVPN.c

@@ -2562,9 +2562,16 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
 								Debug("OpenVPN Channel %u Failed.\n", j);
 								OvsLog(s, se, c, "LO_CHANNEL_FAILED");
 
+								if ((se->IpcAsync->ErrorCode == ERR_AUTHTYPE_NOT_SUPPORTED) ||
+									(se->IpcAsync->ErrorCode == ERR_AUTH_FAILED) ||
+									(se->IpcAsync->ErrorCode == ERR_PROXY_AUTH_FAILED) ||
+									(se->IpcAsync->ErrorCode == ERR_USER_AUTHTYPE_NOT_PASSWORD) ||
+									(se->IpcAsync->ErrorCode == ERR_NOT_SUPPORTED_AUTH_ON_OPENSOURCE))
+								{
 									// Return the AUTH_FAILED
 									str = "AUTH_FAILED";
 									WriteFifo(c->SslPipe->SslInOut->SendFifo, str, StrSize(str));
+								}
 
 								s->SessionEstablishedCount++;
 

src/Mayaqua/Encrypt.c

@@ -4761,7 +4761,7 @@ static void MY_SHA0_Transform(MY_SHA0_CTX* ctx) {
 	UCHAR* p = ctx->buf;
 	int t;
 	for(t = 0; t < 16; ++t) {
-		UINT tmp =  *p++ << 24;
+		UINT tmp =  (UINT)*p++ << 24;
 		tmp |= *p++ << 16;
 		tmp |= *p++ << 8;
 		tmp |= *p++;

src/Mayaqua/Kernel.c

@@ -63,7 +63,7 @@ static int ydays[] =
 	0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365
 };
 
-static UINT current_num_thread = 0;
+static COUNTER *current_num_thread = NULL;
 static UINT cached_number_of_cpus = 0;
 
 
@@ -776,6 +776,7 @@ void InitThreading()
 {
 	thread_pool = NewSk();
 	thread_count = NewCounter();
+	current_num_thread = NewCounter();
 }
 
 // Release of thread pool
@@ -821,6 +822,9 @@ void FreeThreading()
 
 	DeleteCounter(thread_count);
 	thread_count = NULL;
+
+	DeleteCounter(current_num_thread);
+	current_num_thread = NULL;
 }
 
 // Thread pool procedure
@@ -1028,9 +1032,9 @@ THREAD *NewThreadNamed(THREAD_PROC *thread_proc, void *param, char *name)
 
 	Wait(pd->InitFinishEvent, INFINITE);
 
-	current_num_thread++;
+	Inc(current_num_thread);
 
-//	Debug("current_num_thread = %u\n", current_num_thread);
+//	Debug("current_num_thread = %u\n", Count(current_num_thread));
 
 	return ret;
 }
@@ -1055,8 +1059,8 @@ void CleanupThread(THREAD *t)
 
 	Free(t);
 
-	current_num_thread--;
-	//Debug("current_num_thread = %u\n", current_num_thread);
+	Dec(current_num_thread);
+	//Debug("current_num_thread = %u\n", Count(current_num_thread));
 }
 
 // Release thread (pool)

src/Mayaqua/Mayaqua.h

@@ -72,11 +72,26 @@ int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow)
 
 // Compiler dependent
 #ifndef	OS_WIN32
-// Gcc compiler
+// GCC or Clang compiler
 #define	GCC_PACKED		__attribute__ ((__packed__))
+// Clang compiler
+#if defined(__has_feature)
+#if __has_feature(thread_sanitizer)
+#define ATTRIBUTE_NO_TSAN			__attribute__((no_sanitize("thread")))
+#endif	// __has_feature(thread_sanitizer)
+#endif	// __has_feature
+// GCC compiler
+#if defined(__SANITIZE_THREAD__) && !defined(ATTRIBUTE_NO_TSAN)
+#define ATTRIBUTE_NO_TSAN			__attribute__((no_sanitize("thread")))
+#endif	// __SANITIZE_THREAD__
+// Other or older Clang/GCC compiler
+#ifndef ATTRIBUTE_NO_TSAN
+#define ATTRIBUTE_NO_TSAN
+#endif	// ATTRIBUTE_NO_TSAN
 #else	// OS_WIN32
 // VC++ compiler
 #define	GCC_PACKED
+#define ATTRIBUTE_NO_TSAN
 #endif	// OS_WIN32
 
 // Macro that displays the current file name and line number

src/Mayaqua/Table.c

@@ -470,6 +470,7 @@ LIST *LoadLangList()
 	b = ReadDump(filename);
 	if (b == NULL)
 	{
+		FreeLangList(o);
 		return NULL;
 	}
 

src/Mayaqua/Unix.c

@@ -2140,9 +2140,13 @@ void UnixMemoryFree(void *addr)
 // SIGCHLD handler
 void UnixSigChldHandler(int sig)
 {
+	int old_errno = errno;
+
 	// Recall the zombie processes
 	while (waitpid(-1, NULL, WNOHANG) > 0);
 	signal(SIGCHLD, UnixSigChldHandler);
+
+	errno = old_errno;
 }
 
 // Disable core dump

tsan_suppressions.txt

@@ -0,0 +1,28 @@
+# This file contains suppressions for Thread Sanitizer.
+# For the specification, refer to: https://github.com/google/sanitizers/wiki/threadsanitizersuppressions
+
+
+
+## Set/Wait
+# This provides synchronization equivalent to a lock, but Thread Sanitizer cannot recognize it.
+
+# Thread Sanitizer reports data race on Halt in TK64.
+# https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2221
+race_top:FreeTick64
+
+# Thread Sanitizer reports data races on Finished and NoDelayFlag in CONNECT_SERIAL_PARAM,
+# shared between BindConnectThreadForIPv4, BindConnectThreadForIPv6, and BindConnectEx5.
+# https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2222
+race_top:BindConnectThreadForIPv4
+race_top:BindConnectThreadForIPv6
+race_top:BindConnectEx5
+
+
+## Manual PTHREAD_MUTEX_RECURSIVE
+# The Lock/Unlock mechanism on Unix is a manual, hand-coded implementation of PTHREAD_MUTEX_RECURSIVE.
+# We avoid using the PTHREAD_MUTEX_RECURSIVE directly because it exhibits critical bugs, such as deadlocks
+# on certain older systems(Linux, Solaris, or macOS). While Thread Sanitizer will report data races,
+# these warnings should be ignored as the logic has been carefully implemented to ensure thread safety.
+# https://github.com/SoftEtherVPN/SoftEtherVPN/pull/2219
+race_top:UnixLock
+race_top:UnixUnlockEx