debuggerd.c revision 424e07fcf655b65306bb846115e22594d6527056
1/* system/debuggerd/debuggerd.c 2** 3** Copyright 2006, The Android Open Source Project 4** 5** Licensed under the Apache License, Version 2.0 (the "License"); 6** you may not use this file except in compliance with the License. 7** You may obtain a copy of the License at 8** 9** http://www.apache.org/licenses/LICENSE-2.0 10** 11** Unless required by applicable law or agreed to in writing, software 12** distributed under the License is distributed on an "AS IS" BASIS, 13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14** See the License for the specific language governing permissions and 15** limitations under the License. 16*/ 17 18#include <stdio.h> 19#include <errno.h> 20#include <signal.h> 21#include <pthread.h> 22#include <stdarg.h> 23#include <fcntl.h> 24#include <sys/types.h> 25#include <dirent.h> 26 27#include <sys/ptrace.h> 28#include <sys/wait.h> 29#include <sys/exec_elf.h> 30#include <sys/stat.h> 31#include <sys/poll.h> 32 33#include <cutils/sockets.h> 34#include <cutils/logd.h> 35#include <cutils/logger.h> 36#include <cutils/properties.h> 37 38#include <corkscrew/backtrace.h> 39 40#include <linux/input.h> 41 42#include <private/android_filesystem_config.h> 43 44#include "getevent.h" 45#include "machine.h" 46#include "utility.h" 47 48#define ANDROID_LOG_INFO 4 49 50static void dump_build_info(int tfd) 51{ 52 char fingerprint[PROPERTY_VALUE_MAX]; 53 54 property_get("ro.build.fingerprint", fingerprint, "unknown"); 55 56 _LOG(tfd, false, "Build fingerprint: '%s'\n", fingerprint); 57} 58 59static const char *get_signame(int sig) 60{ 61 switch(sig) { 62 case SIGILL: return "SIGILL"; 63 case SIGABRT: return "SIGABRT"; 64 case SIGBUS: return "SIGBUS"; 65 case SIGFPE: return "SIGFPE"; 66 case SIGSEGV: return "SIGSEGV"; 67 case SIGPIPE: return "SIGPIPE"; 68 case SIGSTKFLT: return "SIGSTKFLT"; 69 case SIGSTOP: return "SIGSTOP"; 70 default: return "?"; 71 } 72} 73 74static const char *get_sigcode(int signo, int code) 75{ 76 switch (signo) { 77 case SIGILL: 78 switch (code) { 79 case ILL_ILLOPC: return "ILL_ILLOPC"; 80 case ILL_ILLOPN: return "ILL_ILLOPN"; 81 case ILL_ILLADR: return "ILL_ILLADR"; 82 case ILL_ILLTRP: return "ILL_ILLTRP"; 83 case ILL_PRVOPC: return "ILL_PRVOPC"; 84 case ILL_PRVREG: return "ILL_PRVREG"; 85 case ILL_COPROC: return "ILL_COPROC"; 86 case ILL_BADSTK: return "ILL_BADSTK"; 87 } 88 break; 89 case SIGBUS: 90 switch (code) { 91 case BUS_ADRALN: return "BUS_ADRALN"; 92 case BUS_ADRERR: return "BUS_ADRERR"; 93 case BUS_OBJERR: return "BUS_OBJERR"; 94 } 95 break; 96 case SIGFPE: 97 switch (code) { 98 case FPE_INTDIV: return "FPE_INTDIV"; 99 case FPE_INTOVF: return "FPE_INTOVF"; 100 case FPE_FLTDIV: return "FPE_FLTDIV"; 101 case FPE_FLTOVF: return "FPE_FLTOVF"; 102 case FPE_FLTUND: return "FPE_FLTUND"; 103 case FPE_FLTRES: return "FPE_FLTRES"; 104 case FPE_FLTINV: return "FPE_FLTINV"; 105 case FPE_FLTSUB: return "FPE_FLTSUB"; 106 } 107 break; 108 case SIGSEGV: 109 switch (code) { 110 case SEGV_MAPERR: return "SEGV_MAPERR"; 111 case SEGV_ACCERR: return "SEGV_ACCERR"; 112 } 113 break; 114 } 115 return "?"; 116} 117 118static void dump_fault_addr(int tfd, pid_t tid, int sig) 119{ 120 siginfo_t si; 121 122 memset(&si, 0, sizeof(si)); 123 if(ptrace(PTRACE_GETSIGINFO, tid, 0, &si)){ 124 _LOG(tfd, false, "cannot get siginfo: %s\n", strerror(errno)); 125 } else if (signal_has_address(sig)) { 126 _LOG(tfd, false, "signal %d (%s), code %d (%s), fault addr %08x\n", 127 sig, get_signame(sig), 128 si.si_code, get_sigcode(sig, si.si_code), 129 (uintptr_t) si.si_addr); 130 } else { 131 _LOG(tfd, false, "signal %d (%s), code %d (%s), fault addr --------\n", 132 sig, get_signame(sig), si.si_code, get_sigcode(sig, si.si_code)); 133 } 134} 135 136static void dump_crash_banner(int tfd, pid_t pid, pid_t tid, int sig) 137{ 138 char data[1024]; 139 char *x = 0; 140 FILE *fp; 141 142 sprintf(data, "/proc/%d/cmdline", pid); 143 fp = fopen(data, "r"); 144 if(fp) { 145 x = fgets(data, 1024, fp); 146 fclose(fp); 147 } 148 149 _LOG(tfd, false, 150 "*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***\n"); 151 dump_build_info(tfd); 152 _LOG(tfd, false, "pid: %d, tid: %d >>> %s <<<\n", 153 pid, tid, x ? x : "UNKNOWN"); 154 155 if(sig) { 156 dump_fault_addr(tfd, tid, sig); 157 } 158} 159 160/* Return true if some thread is not detached cleanly */ 161static bool dump_sibling_thread_report(const ptrace_context_t* context, 162 int tfd, pid_t pid, pid_t tid) { 163 char task_path[64]; 164 snprintf(task_path, sizeof(task_path), "/proc/%d/task", pid); 165 166 DIR* d = opendir(task_path); 167 /* Bail early if cannot open the task directory */ 168 if (d == NULL) { 169 XLOG("Cannot open /proc/%d/task\n", pid); 170 return false; 171 } 172 173 bool detach_failed = false; 174 struct dirent *de; 175 while ((de = readdir(d)) != NULL) { 176 pid_t new_tid; 177 /* Ignore "." and ".." */ 178 if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) { 179 continue; 180 } 181 182 new_tid = atoi(de->d_name); 183 /* The main thread at fault has been handled individually */ 184 if (new_tid == tid) { 185 continue; 186 } 187 188 /* Skip this thread if cannot ptrace it */ 189 if (ptrace(PTRACE_ATTACH, new_tid, 0, 0) < 0) { 190 continue; 191 } 192 193 _LOG(tfd, true, "--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---\n"); 194 _LOG(tfd, true, "pid: %d, tid: %d\n", pid, new_tid); 195 196 dump_thread(context, tfd, new_tid, false); 197 198 if (ptrace(PTRACE_DETACH, new_tid, 0, 0) != 0) { 199 LOG("ptrace detach from %d failed: %s\n", new_tid, strerror(errno)); 200 detach_failed = true; 201 } 202 } 203 204 closedir(d); 205 return detach_failed; 206} 207 208/* 209 * Reads the contents of the specified log device, filters out the entries 210 * that don't match the specified pid, and writes them to the tombstone file. 211 * 212 * If "tailOnly" is set, we only print the last few lines. 213 */ 214static void dump_log_file(int tfd, pid_t pid, const char* filename, 215 bool tailOnly) 216{ 217 bool first = true; 218 219 /* circular buffer, for "tailOnly" mode */ 220 const int kShortLogMaxLines = 5; 221 const int kShortLogLineLen = 256; 222 char shortLog[kShortLogMaxLines][kShortLogLineLen]; 223 int shortLogCount = 0; 224 int shortLogNext = 0; 225 226 int logfd = open(filename, O_RDONLY | O_NONBLOCK); 227 if (logfd < 0) { 228 XLOG("Unable to open %s: %s\n", filename, strerror(errno)); 229 return; 230 } 231 232 union { 233 unsigned char buf[LOGGER_ENTRY_MAX_LEN + 1]; 234 struct logger_entry entry; 235 } log_entry; 236 237 while (true) { 238 ssize_t actual = read(logfd, log_entry.buf, LOGGER_ENTRY_MAX_LEN); 239 if (actual < 0) { 240 if (errno == EINTR) { 241 /* interrupted by signal, retry */ 242 continue; 243 } else if (errno == EAGAIN) { 244 /* non-blocking EOF; we're done */ 245 break; 246 } else { 247 _LOG(tfd, true, "Error while reading log: %s\n", 248 strerror(errno)); 249 break; 250 } 251 } else if (actual == 0) { 252 _LOG(tfd, true, "Got zero bytes while reading log: %s\n", 253 strerror(errno)); 254 break; 255 } 256 257 /* 258 * NOTE: if you XLOG something here, this will spin forever, 259 * because you will be writing as fast as you're reading. Any 260 * high-frequency debug diagnostics should just be written to 261 * the tombstone file. 262 */ 263 264 struct logger_entry* entry = &log_entry.entry; 265 266 if (entry->pid != (int32_t) pid) { 267 /* wrong pid, ignore */ 268 continue; 269 } 270 271 if (first) { 272 _LOG(tfd, true, "--------- %slog %s\n", 273 tailOnly ? "tail end of " : "", filename); 274 first = false; 275 } 276 277 /* 278 * Msg format is: <priority:1><tag:N>\0<message:N>\0 279 * 280 * We want to display it in the same format as "logcat -v threadtime" 281 * (although in this case the pid is redundant). 282 * 283 * TODO: scan for line breaks ('\n') and display each text line 284 * on a separate line, prefixed with the header, like logcat does. 285 */ 286 static const char* kPrioChars = "!.VDIWEFS"; 287 unsigned char prio = entry->msg[0]; 288 char* tag = entry->msg + 1; 289 char* msg = tag + strlen(tag) + 1; 290 291 /* consume any trailing newlines */ 292 char* eatnl = msg + strlen(msg) - 1; 293 while (eatnl >= msg && *eatnl == '\n') { 294 *eatnl-- = '\0'; 295 } 296 297 char prioChar = (prio < strlen(kPrioChars) ? kPrioChars[prio] : '?'); 298 299 char timeBuf[32]; 300 time_t sec = (time_t) entry->sec; 301 struct tm tmBuf; 302 struct tm* ptm; 303 ptm = localtime_r(&sec, &tmBuf); 304 strftime(timeBuf, sizeof(timeBuf), "%m-%d %H:%M:%S", ptm); 305 306 if (tailOnly) { 307 snprintf(shortLog[shortLogNext], kShortLogLineLen, 308 "%s.%03d %5d %5d %c %-8s: %s", 309 timeBuf, entry->nsec / 1000000, entry->pid, entry->tid, 310 prioChar, tag, msg); 311 shortLogNext = (shortLogNext + 1) % kShortLogMaxLines; 312 shortLogCount++; 313 } else { 314 _LOG(tfd, true, "%s.%03d %5d %5d %c %-8s: %s\n", 315 timeBuf, entry->nsec / 1000000, entry->pid, entry->tid, 316 prioChar, tag, msg); 317 } 318 } 319 320 if (tailOnly) { 321 int i; 322 323 /* 324 * If we filled the buffer, we want to start at "next", which has 325 * the oldest entry. If we didn't, we want to start at zero. 326 */ 327 if (shortLogCount < kShortLogMaxLines) { 328 shortLogNext = 0; 329 } else { 330 shortLogCount = kShortLogMaxLines; /* cap at window size */ 331 } 332 333 for (i = 0; i < shortLogCount; i++) { 334 _LOG(tfd, true, "%s\n", shortLog[shortLogNext]); 335 shortLogNext = (shortLogNext + 1) % kShortLogMaxLines; 336 } 337 } 338 339 close(logfd); 340} 341 342/* 343 * Dumps the logs generated by the specified pid to the tombstone, from both 344 * "system" and "main" log devices. Ideally we'd interleave the output. 345 */ 346static void dump_logs(int tfd, pid_t pid, bool tailOnly) 347{ 348 dump_log_file(tfd, pid, "/dev/log/system", tailOnly); 349 dump_log_file(tfd, pid, "/dev/log/main", tailOnly); 350} 351 352/* 353 * Dumps all information about the specified pid to the tombstone. 354 */ 355static bool dump_crash(int tfd, pid_t pid, pid_t tid, int signal, 356 bool dump_sibling_threads) 357{ 358 /* don't copy log messages to tombstone unless this is a dev device */ 359 char value[PROPERTY_VALUE_MAX]; 360 property_get("ro.debuggable", value, "0"); 361 bool wantLogs = (value[0] == '1'); 362 363 dump_crash_banner(tfd, pid, tid, signal); 364 365 ptrace_context_t* context = load_ptrace_context(tid); 366 367 dump_thread(context, tfd, tid, true); 368 369 if (wantLogs) { 370 dump_logs(tfd, pid, true); 371 } 372 373 bool detach_failed = false; 374 if (dump_sibling_threads) { 375 detach_failed = dump_sibling_thread_report(context, tfd, pid, tid); 376 } 377 378 free_ptrace_context(context); 379 380 if (wantLogs) { 381 dump_logs(tfd, pid, false); 382 } 383 return detach_failed; 384} 385 386#define MAX_TOMBSTONES 10 387 388#define typecheck(x,y) { \ 389 typeof(x) __dummy1; \ 390 typeof(y) __dummy2; \ 391 (void)(&__dummy1 == &__dummy2); } 392 393#define TOMBSTONE_DIR "/data/tombstones" 394 395/* 396 * find_and_open_tombstone - find an available tombstone slot, if any, of the 397 * form tombstone_XX where XX is 00 to MAX_TOMBSTONES-1, inclusive. If no 398 * file is available, we reuse the least-recently-modified file. 399 * 400 * Returns the path of the tombstone file, allocated using malloc(). Caller must free() it. 401 */ 402static char* find_and_open_tombstone(int* fd) 403{ 404 unsigned long mtime = ULONG_MAX; 405 struct stat sb; 406 407 /* 408 * XXX: Our stat.st_mtime isn't time_t. If it changes, as it probably ought 409 * to, our logic breaks. This check will generate a warning if that happens. 410 */ 411 typecheck(mtime, sb.st_mtime); 412 413 /* 414 * In a single wolf-like pass, find an available slot and, in case none 415 * exist, find and record the least-recently-modified file. 416 */ 417 char path[128]; 418 int oldest = 0; 419 for (int i = 0; i < MAX_TOMBSTONES; i++) { 420 snprintf(path, sizeof(path), TOMBSTONE_DIR"/tombstone_%02d", i); 421 422 if (!stat(path, &sb)) { 423 if (sb.st_mtime < mtime) { 424 oldest = i; 425 mtime = sb.st_mtime; 426 } 427 continue; 428 } 429 if (errno != ENOENT) 430 continue; 431 432 *fd = open(path, O_CREAT | O_EXCL | O_WRONLY, 0600); 433 if (*fd < 0) 434 continue; /* raced ? */ 435 436 fchown(*fd, AID_SYSTEM, AID_SYSTEM); 437 return strdup(path); 438 } 439 440 /* we didn't find an available file, so we clobber the oldest one */ 441 snprintf(path, sizeof(path), TOMBSTONE_DIR"/tombstone_%02d", oldest); 442 *fd = open(path, O_CREAT | O_TRUNC | O_WRONLY, 0600); 443 if (*fd < 0) { 444 LOG("failed to open tombstone file '%s': %s\n", path, strerror(errno)); 445 return NULL; 446 } 447 fchown(*fd, AID_SYSTEM, AID_SYSTEM); 448 return strdup(path); 449} 450 451/* Return true if some thread is not detached cleanly */ 452static char* engrave_tombstone(pid_t pid, pid_t tid, int signal, bool dump_sibling_threads, 453 bool* detach_failed) 454{ 455 mkdir(TOMBSTONE_DIR, 0755); 456 chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM); 457 458 int fd; 459 char* path = find_and_open_tombstone(&fd); 460 if (!path) { 461 *detach_failed = false; 462 return NULL; 463 } 464 465 *detach_failed = dump_crash(fd, pid, tid, signal, dump_sibling_threads); 466 467 close(fd); 468 return path; 469} 470 471static int 472write_string(const char* file, const char* string) 473{ 474 int len; 475 int fd; 476 ssize_t amt; 477 fd = open(file, O_RDWR); 478 len = strlen(string); 479 if (fd < 0) 480 return -errno; 481 amt = write(fd, string, len); 482 close(fd); 483 return amt >= 0 ? 0 : -errno; 484} 485 486static 487void init_debug_led(void) 488{ 489 // trout leds 490 write_string("/sys/class/leds/red/brightness", "0"); 491 write_string("/sys/class/leds/green/brightness", "0"); 492 write_string("/sys/class/leds/blue/brightness", "0"); 493 write_string("/sys/class/leds/red/device/blink", "0"); 494 // sardine leds 495 write_string("/sys/class/leds/left/cadence", "0,0"); 496} 497 498static 499void enable_debug_led(void) 500{ 501 // trout leds 502 write_string("/sys/class/leds/red/brightness", "255"); 503 // sardine leds 504 write_string("/sys/class/leds/left/cadence", "1,0"); 505} 506 507static 508void disable_debug_led(void) 509{ 510 // trout leds 511 write_string("/sys/class/leds/red/brightness", "0"); 512 // sardine leds 513 write_string("/sys/class/leds/left/cadence", "0,0"); 514} 515 516static void wait_for_user_action(pid_t pid) { 517 /* First log a helpful message */ 518 LOG( "********************************************************\n" 519 "* Process %d has been suspended while crashing. To\n" 520 "* attach gdbserver for a gdb connection on port 5039\n" 521 "* and start gdbclient:\n" 522 "*\n" 523 "* gdbclient app_process :5039 %d\n" 524 "*\n" 525 "* Wait for gdb to start, then press HOME or VOLUME DOWN key\n" 526 "* to let the process continue crashing.\n" 527 "********************************************************\n", 528 pid, pid); 529 530 /* wait for HOME or VOLUME DOWN key */ 531 if (init_getevent() == 0) { 532 int ms = 1200 / 10; 533 int dit = 1; 534 int dah = 3*dit; 535 int _ = -dit; 536 int ___ = 3*_; 537 int _______ = 7*_; 538 const signed char codes[] = { 539 dit,_,dit,_,dit,___,dah,_,dah,_,dah,___,dit,_,dit,_,dit,_______ 540 }; 541 size_t s = 0; 542 struct input_event e; 543 bool done = false; 544 init_debug_led(); 545 enable_debug_led(); 546 do { 547 int timeout = abs((int)(codes[s])) * ms; 548 int res = get_event(&e, timeout); 549 if (res == 0) { 550 if (e.type == EV_KEY 551 && (e.code == KEY_HOME || e.code == KEY_VOLUMEDOWN) 552 && e.value == 0) { 553 done = true; 554 } 555 } else if (res == 1) { 556 if (++s >= sizeof(codes)/sizeof(*codes)) 557 s = 0; 558 if (codes[s] > 0) { 559 enable_debug_led(); 560 } else { 561 disable_debug_led(); 562 } 563 } 564 } while (!done); 565 uninit_getevent(); 566 } 567 568 /* don't forget to turn debug led off */ 569 disable_debug_led(); 570 LOG("debuggerd resuming process %d", pid); 571} 572 573static int get_process_info(pid_t tid, pid_t* out_pid, uid_t* out_uid, uid_t* out_gid) { 574 char path[64]; 575 snprintf(path, sizeof(path), "/proc/%d/status", tid); 576 577 FILE* fp = fopen(path, "r"); 578 if (!fp) { 579 return -1; 580 } 581 582 int fields = 0; 583 char line[1024]; 584 while (fgets(line, sizeof(line), fp)) { 585 size_t len = strlen(line); 586 if (len > 6 && !memcmp(line, "Tgid:\t", 6)) { 587 *out_pid = atoi(line + 6); 588 fields |= 1; 589 } else if (len > 5 && !memcmp(line, "Uid:\t", 5)) { 590 *out_uid = atoi(line + 5); 591 fields |= 2; 592 } else if (len > 5 && !memcmp(line, "Gid:\t", 5)) { 593 *out_gid = atoi(line + 5); 594 fields |= 4; 595 } 596 } 597 fclose(fp); 598 return fields == 7 ? 0 : -1; 599} 600 601static int wait_for_signal(pid_t tid, int* total_sleep_time_usec) { 602 const int sleep_time_usec = 200000; /* 0.2 seconds */ 603 const int max_total_sleep_usec = 3000000; /* 3 seconds */ 604 for (;;) { 605 int status; 606 pid_t n = waitpid(tid, &status, __WALL | WNOHANG); 607 if (n < 0) { 608 if(errno == EAGAIN) continue; 609 LOG("waitpid failed: %s\n", strerror(errno)); 610 return -1; 611 } else if (n > 0) { 612 XLOG("waitpid: n=%d status=%08x\n", n, status); 613 if (WIFSTOPPED(status)) { 614 return WSTOPSIG(status); 615 } else { 616 LOG("unexpected waitpid response: n=%d, status=%08x\n", n, status); 617 return -1; 618 } 619 } 620 621 if (*total_sleep_time_usec > max_total_sleep_usec) { 622 LOG("timed out waiting for tid=%d to die\n", tid); 623 return -1; 624 } 625 626 /* not ready yet */ 627 XLOG("not ready yet\n"); 628 usleep(sleep_time_usec); 629 *total_sleep_time_usec += sleep_time_usec; 630 } 631} 632 633enum { 634 REQUEST_TYPE_CRASH, 635 REQUEST_TYPE_DUMP, 636}; 637 638typedef struct { 639 int type; 640 pid_t pid, tid; 641 uid_t uid, gid; 642} request_t; 643 644static int read_request(int fd, request_t* out_request) { 645 struct ucred cr; 646 int len = sizeof(cr); 647 int status = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &len); 648 if (status != 0) { 649 LOG("cannot get credentials\n"); 650 return -1; 651 } 652 653 XLOG("reading tid\n"); 654 fcntl(fd, F_SETFL, O_NONBLOCK); 655 656 struct pollfd pollfds[1]; 657 pollfds[0].fd = fd; 658 pollfds[0].events = POLLIN; 659 pollfds[0].revents = 0; 660 status = TEMP_FAILURE_RETRY(poll(pollfds, 1, 3000)); 661 if (status != 1) { 662 LOG("timed out reading tid\n"); 663 return -1; 664 } 665 666 status = TEMP_FAILURE_RETRY(read(fd, &out_request->tid, sizeof(pid_t))); 667 if (status < 0) { 668 LOG("read failure? %s\n", strerror(errno)); 669 return -1; 670 } 671 if (status != sizeof(pid_t)) { 672 LOG("invalid crash request of size %d\n", status); 673 return -1; 674 } 675 676 if (out_request->tid < 0 && cr.uid == 0) { 677 /* Root can ask us to attach to any process and dump it explicitly. */ 678 out_request->type = REQUEST_TYPE_DUMP; 679 out_request->tid = -out_request->tid; 680 status = get_process_info(out_request->tid, &out_request->pid, 681 &out_request->uid, &out_request->gid); 682 if (status < 0) { 683 LOG("tid %d does not exist. ignoring explicit dump request\n", 684 out_request->tid); 685 return -1; 686 } 687 return 0; 688 } 689 690 /* Ensure that the tid reported by the crashing process is valid. */ 691 out_request->type = REQUEST_TYPE_CRASH; 692 out_request->pid = cr.pid; 693 out_request->uid = cr.uid; 694 out_request->gid = cr.gid; 695 696 char buf[64]; 697 struct stat s; 698 snprintf(buf, sizeof buf, "/proc/%d/task/%d", out_request->pid, out_request->tid); 699 if(stat(buf, &s)) { 700 LOG("tid %d does not exist in pid %d. ignoring debug request\n", 701 out_request->tid, out_request->pid); 702 return -1; 703 } 704 return 0; 705} 706 707static bool should_attach_gdb(request_t* request) { 708 if (request->type == REQUEST_TYPE_CRASH) { 709 char value[PROPERTY_VALUE_MAX]; 710 property_get("debug.db.uid", value, "-1"); 711 int debug_uid = atoi(value); 712 return debug_uid >= 0 && request->uid <= (uid_t)debug_uid; 713 } 714 return false; 715} 716 717static void handle_request(int fd) { 718 XLOG("handle_request(%d)\n", fd); 719 720 request_t request; 721 int status = read_request(fd, &request); 722 if (!status) { 723 XLOG("BOOM: pid=%d uid=%d gid=%d tid=%d\n", 724 request.pid, request.uid, request.gid, request.tid); 725 726 /* At this point, the thread that made the request is blocked in 727 * a read() call. If the thread has crashed, then this gives us 728 * time to PTRACE_ATTACH to it before it has a chance to really fault. 729 * 730 * The PTRACE_ATTACH sends a SIGSTOP to the target process, but it 731 * won't necessarily have stopped by the time ptrace() returns. (We 732 * currently assume it does.) We write to the file descriptor to 733 * ensure that it can run as soon as we call PTRACE_CONT below. 734 * See details in bionic/libc/linker/debugger.c, in function 735 * debugger_signal_handler(). 736 */ 737 if (ptrace(PTRACE_ATTACH, request.tid, 0, 0)) { 738 LOG("ptrace attach failed: %s\n", strerror(errno)); 739 } else { 740 bool detach_failed = false; 741 bool attach_gdb = should_attach_gdb(&request); 742 char response = 0; 743 if (TEMP_FAILURE_RETRY(write(fd, &response, 1)) != 1) { 744 LOG("failed responding to client: %s\n", strerror(errno)); 745 } else { 746 char* tombstone_path = NULL; 747 748 if (request.type != REQUEST_TYPE_DUMP) { 749 close(fd); 750 fd = -1; 751 } 752 753 int total_sleep_time_usec = 0; 754 for (;;) { 755 int signal = wait_for_signal(request.tid, &total_sleep_time_usec); 756 if (signal < 0) { 757 break; 758 } 759 760 switch (signal) { 761 case SIGSTOP: 762 if (request.type == REQUEST_TYPE_DUMP) { 763 XLOG("stopped -- dumping\n"); 764 tombstone_path = engrave_tombstone(request.pid, request.tid, 765 signal, true, &detach_failed); 766 } else { 767 XLOG("stopped -- continuing\n"); 768 status = ptrace(PTRACE_CONT, request.tid, 0, 0); 769 if (status) { 770 LOG("ptrace continue failed: %s\n", strerror(errno)); 771 } 772 continue; /* loop again */ 773 } 774 break; 775 776 case SIGILL: 777 case SIGABRT: 778 case SIGBUS: 779 case SIGFPE: 780 case SIGSEGV: 781 case SIGPIPE: 782 case SIGSTKFLT: { 783 XLOG("stopped -- fatal signal\n"); 784 /* 785 * Send a SIGSTOP to the process to make all of 786 * the non-signaled threads stop moving. Without 787 * this we get a lot of "ptrace detach failed: 788 * No such process". 789 */ 790 kill(request.pid, SIGSTOP); 791 /* don't dump sibling threads when attaching to GDB because it 792 * makes the process less reliable, apparently... */ 793 tombstone_path = engrave_tombstone(request.pid, request.tid, 794 signal, !attach_gdb, &detach_failed); 795 break; 796 } 797 798 default: 799 XLOG("stopped -- unexpected signal\n"); 800 LOG("process stopped due to unexpected signal %d\n", signal); 801 break; 802 } 803 break; 804 } 805 806 if (request.type == REQUEST_TYPE_DUMP) { 807 if (tombstone_path) { 808 write(fd, tombstone_path, strlen(tombstone_path)); 809 } 810 close(fd); 811 fd = -1; 812 } 813 free(tombstone_path); 814 } 815 816 XLOG("detaching\n"); 817 if (attach_gdb) { 818 /* stop the process so we can debug */ 819 kill(request.pid, SIGSTOP); 820 821 /* detach so we can attach gdbserver */ 822 if (ptrace(PTRACE_DETACH, request.tid, 0, 0)) { 823 LOG("ptrace detach from %d failed: %s\n", request.tid, strerror(errno)); 824 detach_failed = true; 825 } 826 827 /* 828 * if debug.db.uid is set, its value indicates if we should wait 829 * for user action for the crashing process. 830 * in this case, we log a message and turn the debug LED on 831 * waiting for a gdb connection (for instance) 832 */ 833 wait_for_user_action(request.pid); 834 } else { 835 /* just detach */ 836 if (ptrace(PTRACE_DETACH, request.tid, 0, 0)) { 837 LOG("ptrace detach from %d failed: %s\n", request.tid, strerror(errno)); 838 detach_failed = true; 839 } 840 } 841 842 /* resume stopped process (so it can crash in peace). */ 843 kill(request.pid, SIGCONT); 844 845 /* If we didn't successfully detach, we're still the parent, and the 846 * actual parent won't receive a death notification via wait(2). At this point 847 * there's not much we can do about that. */ 848 if (detach_failed) { 849 LOG("debuggerd committing suicide to free the zombie!\n"); 850 kill(getpid(), SIGKILL); 851 } 852 } 853 854 } 855 if (fd >= 0) { 856 close(fd); 857 } 858} 859 860static int do_server() { 861 int s; 862 struct sigaction act; 863 int logsocket = -1; 864 865 /* 866 * debuggerd crashes can't be reported to debuggerd. Reset all of the 867 * crash handlers. 868 */ 869 signal(SIGILL, SIG_DFL); 870 signal(SIGABRT, SIG_DFL); 871 signal(SIGBUS, SIG_DFL); 872 signal(SIGFPE, SIG_DFL); 873 signal(SIGSEGV, SIG_DFL); 874 signal(SIGPIPE, SIG_DFL); 875 signal(SIGSTKFLT, SIG_DFL); 876 877 logsocket = socket_local_client("logd", 878 ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_DGRAM); 879 if(logsocket < 0) { 880 logsocket = -1; 881 } else { 882 fcntl(logsocket, F_SETFD, FD_CLOEXEC); 883 } 884 885 act.sa_handler = SIG_DFL; 886 sigemptyset(&act.sa_mask); 887 sigaddset(&act.sa_mask,SIGCHLD); 888 act.sa_flags = SA_NOCLDWAIT; 889 sigaction(SIGCHLD, &act, 0); 890 891 s = socket_local_server("android:debuggerd", 892 ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); 893 if(s < 0) return 1; 894 fcntl(s, F_SETFD, FD_CLOEXEC); 895 896 LOG("debuggerd: " __DATE__ " " __TIME__ "\n"); 897 898 for(;;) { 899 struct sockaddr addr; 900 socklen_t alen; 901 int fd; 902 903 alen = sizeof(addr); 904 XLOG("waiting for connection\n"); 905 fd = accept(s, &addr, &alen); 906 if(fd < 0) { 907 XLOG("accept failed: %s\n", strerror(errno)); 908 continue; 909 } 910 911 fcntl(fd, F_SETFD, FD_CLOEXEC); 912 913 handle_request(fd); 914 } 915 return 0; 916} 917 918static int do_explicit_dump(pid_t tid) { 919 fprintf(stdout, "Sending request to dump task %d.\n", tid); 920 921 int fd = socket_local_client("android:debuggerd", 922 ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); 923 if (fd < 0) { 924 fputs("Error opening local socket to debuggerd.\n", stderr); 925 return 1; 926 } 927 928 pid_t request = -tid; 929 write(fd, &request, sizeof(pid_t)); 930 if (read(fd, &request, 1) != 1) { 931 /* did not get expected reply, debuggerd must have closed the socket */ 932 fputs("Error sending request. Did not receive reply from debuggerd.\n", stderr); 933 } else { 934 char tombstone_path[PATH_MAX]; 935 ssize_t n = read(fd, &tombstone_path, sizeof(tombstone_path) - 1); 936 if (n <= 0) { 937 fputs("Error dumping process. Check log for details.\n", stderr); 938 } else { 939 tombstone_path[n] = '\0'; 940 fprintf(stderr, "Tombstone written to: %s\n", tombstone_path); 941 } 942 } 943 944 close(fd); 945 return 0; 946} 947 948int main(int argc, char** argv) { 949 if (argc == 2) { 950 pid_t tid = atoi(argv[1]); 951 if (!tid) { 952 fputs("Usage: [<tid>]\n" 953 "\n" 954 "If tid specified, sends a request to debuggerd to dump that task.\n" 955 "Otherwise, starts the debuggerd server.\n", stderr); 956 return 1; 957 } 958 return do_explicit_dump(tid); 959 } 960 return do_server(); 961} 962