debuggerd.c revision 5c5ff87ded019537bbaf6383618ef2956aaa0407
1/* system/debuggerd/debuggerd.c 2** 3** Copyright 2006, The Android Open Source Project 4** 5** Licensed under the Apache License, Version 2.0 (the "License"); 6** you may not use this file except in compliance with the License. 7** You may obtain a copy of the License at 8** 9** http://www.apache.org/licenses/LICENSE-2.0 10** 11** Unless required by applicable law or agreed to in writing, software 12** distributed under the License is distributed on an "AS IS" BASIS, 13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14** See the License for the specific language governing permissions and 15** limitations under the License. 16*/ 17 18#include <stdio.h> 19#include <stdlib.h> 20#include <unistd.h> 21#include <errno.h> 22#include <signal.h> 23#include <pthread.h> 24#include <stdarg.h> 25#include <fcntl.h> 26#include <sys/types.h> 27#include <dirent.h> 28 29#include <sys/ptrace.h> 30#include <sys/wait.h> 31#include <sys/exec_elf.h> 32#include <sys/stat.h> 33 34#include <cutils/sockets.h> 35#include <cutils/logd.h> 36#include <cutils/sockets.h> 37#include <cutils/properties.h> 38 39#include <linux/input.h> 40 41#include <private/android_filesystem_config.h> 42 43#include "utility.h" 44 45#ifdef WITH_VFP 46#ifdef WITH_VFP_D32 47#define NUM_VFP_REGS 32 48#else 49#define NUM_VFP_REGS 16 50#endif 51#endif 52 53/* Main entry point to get the backtrace from the crashing process */ 54extern int unwind_backtrace_with_ptrace(int tfd, pid_t pid, mapinfo *map, 55 unsigned int sp_list[], 56 int *frame0_pc_sane, 57 bool at_fault); 58 59static int logsocket = -1; 60 61#define ANDROID_LOG_INFO 4 62 63/* Log information onto the tombstone */ 64void _LOG(int tfd, bool in_tombstone_only, const char *fmt, ...) 65{ 66 char buf[512]; 67 68 va_list ap; 69 va_start(ap, fmt); 70 71 if (tfd >= 0) { 72 int len; 73 vsnprintf(buf, sizeof(buf), fmt, ap); 74 len = strlen(buf); 75 if(tfd >= 0) write(tfd, buf, len); 76 } 77 78 if (!in_tombstone_only) 79 __android_log_vprint(ANDROID_LOG_INFO, "DEBUG", fmt, ap); 80} 81 82#define LOG(fmt...) _LOG(-1, 0, fmt) 83#if 0 84#define XLOG(fmt...) _LOG(-1, 0, fmt) 85#else 86#define XLOG(fmt...) do {} while(0) 87#endif 88 89// 6f000000-6f01e000 rwxp 00000000 00:0c 16389419 /system/lib/libcomposer.so 90// 012345678901234567890123456789012345678901234567890123456789 91// 0 1 2 3 4 5 92 93mapinfo *parse_maps_line(char *line) 94{ 95 mapinfo *mi; 96 int len = strlen(line); 97 98 if(len < 1) return 0; 99 line[--len] = 0; 100 101 if(len < 50) return 0; 102 if(line[20] != 'x') return 0; 103 104 mi = malloc(sizeof(mapinfo) + (len - 47)); 105 if(mi == 0) return 0; 106 107 mi->start = strtoul(line, 0, 16); 108 mi->end = strtoul(line + 9, 0, 16); 109 /* To be filled in parse_elf_info if the mapped section starts with 110 * elf_header 111 */ 112 mi->exidx_start = mi->exidx_end = 0; 113 mi->symbols = 0; 114 mi->next = 0; 115 strcpy(mi->name, line + 49); 116 117 return mi; 118} 119 120void dump_build_info(int tfd) 121{ 122 char fingerprint[PROPERTY_VALUE_MAX]; 123 124 property_get("ro.build.fingerprint", fingerprint, "unknown"); 125 126 _LOG(tfd, false, "Build fingerprint: '%s'\n", fingerprint); 127} 128 129 130void dump_stack_and_code(int tfd, int pid, mapinfo *map, 131 int unwind_depth, unsigned int sp_list[], 132 bool at_fault) 133{ 134 unsigned int sp, pc, p, end, data; 135 struct pt_regs r; 136 int sp_depth; 137 bool only_in_tombstone = !at_fault; 138 char code_buffer[80]; 139 140 if(ptrace(PTRACE_GETREGS, pid, 0, &r)) return; 141 sp = r.ARM_sp; 142 pc = r.ARM_pc; 143 144 _LOG(tfd, only_in_tombstone, "\ncode around pc:\n"); 145 146 end = p = pc & ~3; 147 p -= 32; 148 end += 32; 149 150 /* Dump the code around PC as: 151 * addr contents 152 * 00008d34 fffffcd0 4c0eb530 b0934a0e 1c05447c 153 * 00008d44 f7ff18a0 490ced94 68035860 d0012b00 154 */ 155 while (p <= end) { 156 int i; 157 158 sprintf(code_buffer, "%08x ", p); 159 for (i = 0; i < 4; i++) { 160 data = ptrace(PTRACE_PEEKTEXT, pid, (void*)p, NULL); 161 sprintf(code_buffer + strlen(code_buffer), "%08x ", data); 162 p += 4; 163 } 164 _LOG(tfd, only_in_tombstone, "%s\n", code_buffer); 165 } 166 167 if ((unsigned) r.ARM_lr != pc) { 168 _LOG(tfd, only_in_tombstone, "\ncode around lr:\n"); 169 170 end = p = r.ARM_lr & ~3; 171 p -= 32; 172 end += 32; 173 174 /* Dump the code around LR as: 175 * addr contents 176 * 00008d34 fffffcd0 4c0eb530 b0934a0e 1c05447c 177 * 00008d44 f7ff18a0 490ced94 68035860 d0012b00 178 */ 179 while (p <= end) { 180 int i; 181 182 sprintf(code_buffer, "%08x ", p); 183 for (i = 0; i < 4; i++) { 184 data = ptrace(PTRACE_PEEKTEXT, pid, (void*)p, NULL); 185 sprintf(code_buffer + strlen(code_buffer), "%08x ", data); 186 p += 4; 187 } 188 _LOG(tfd, only_in_tombstone, "%s\n", code_buffer); 189 } 190 } 191 192 p = sp - 64; 193 p &= ~3; 194 if (unwind_depth != 0) { 195 if (unwind_depth < STACK_CONTENT_DEPTH) { 196 end = sp_list[unwind_depth-1]; 197 } 198 else { 199 end = sp_list[STACK_CONTENT_DEPTH-1]; 200 } 201 } 202 else { 203 end = sp | 0x000000ff; 204 end += 0xff; 205 } 206 207 _LOG(tfd, only_in_tombstone, "\nstack:\n"); 208 209 /* If the crash is due to PC == 0, there will be two frames that 210 * have identical SP value. 211 */ 212 if (sp_list[0] == sp_list[1]) { 213 sp_depth = 1; 214 } 215 else { 216 sp_depth = 0; 217 } 218 219 while (p <= end) { 220 char *prompt; 221 char level[16]; 222 data = ptrace(PTRACE_PEEKTEXT, pid, (void*)p, NULL); 223 if (p == sp_list[sp_depth]) { 224 sprintf(level, "#%02d", sp_depth++); 225 prompt = level; 226 } 227 else { 228 prompt = " "; 229 } 230 231 /* Print the stack content in the log for the first 3 frames. For the 232 * rest only print them in the tombstone file. 233 */ 234 _LOG(tfd, (sp_depth > 2) || only_in_tombstone, 235 "%s %08x %08x %s\n", prompt, p, data, 236 map_to_name(map, data, "")); 237 p += 4; 238 } 239 /* print another 64-byte of stack data after the last frame */ 240 241 end = p+64; 242 while (p <= end) { 243 data = ptrace(PTRACE_PEEKTEXT, pid, (void*)p, NULL); 244 _LOG(tfd, (sp_depth > 2) || only_in_tombstone, 245 " %08x %08x %s\n", p, data, 246 map_to_name(map, data, "")); 247 p += 4; 248 } 249} 250 251void dump_pc_and_lr(int tfd, int pid, mapinfo *map, int unwound_level, 252 bool at_fault) 253{ 254 struct pt_regs r; 255 256 if(ptrace(PTRACE_GETREGS, pid, 0, &r)) { 257 _LOG(tfd, !at_fault, "tid %d not responding!\n", pid); 258 return; 259 } 260 261 if (unwound_level == 0) { 262 _LOG(tfd, !at_fault, " #%02d pc %08x %s\n", 0, r.ARM_pc, 263 map_to_name(map, r.ARM_pc, "<unknown>")); 264 } 265 _LOG(tfd, !at_fault, " #%02d lr %08x %s\n", 1, r.ARM_lr, 266 map_to_name(map, r.ARM_lr, "<unknown>")); 267} 268 269void dump_registers(int tfd, int pid, bool at_fault) 270{ 271 struct pt_regs r; 272 bool only_in_tombstone = !at_fault; 273 274 if(ptrace(PTRACE_GETREGS, pid, 0, &r)) { 275 _LOG(tfd, only_in_tombstone, 276 "cannot get registers: %s\n", strerror(errno)); 277 return; 278 } 279 280 _LOG(tfd, only_in_tombstone, " r0 %08x r1 %08x r2 %08x r3 %08x\n", 281 r.ARM_r0, r.ARM_r1, r.ARM_r2, r.ARM_r3); 282 _LOG(tfd, only_in_tombstone, " r4 %08x r5 %08x r6 %08x r7 %08x\n", 283 r.ARM_r4, r.ARM_r5, r.ARM_r6, r.ARM_r7); 284 _LOG(tfd, only_in_tombstone, " r8 %08x r9 %08x 10 %08x fp %08x\n", 285 r.ARM_r8, r.ARM_r9, r.ARM_r10, r.ARM_fp); 286 _LOG(tfd, only_in_tombstone, 287 " ip %08x sp %08x lr %08x pc %08x cpsr %08x\n", 288 r.ARM_ip, r.ARM_sp, r.ARM_lr, r.ARM_pc, r.ARM_cpsr); 289 290#ifdef WITH_VFP 291 struct user_vfp vfp_regs; 292 int i; 293 294 if(ptrace(PTRACE_GETVFPREGS, pid, 0, &vfp_regs)) { 295 _LOG(tfd, only_in_tombstone, 296 "cannot get registers: %s\n", strerror(errno)); 297 return; 298 } 299 300 for (i = 0; i < NUM_VFP_REGS; i += 2) { 301 _LOG(tfd, only_in_tombstone, 302 " d%-2d %016llx d%-2d %016llx\n", 303 i, vfp_regs.fpregs[i], i+1, vfp_regs.fpregs[i+1]); 304 } 305 _LOG(tfd, only_in_tombstone, " scr %08lx\n\n", vfp_regs.fpscr); 306#endif 307} 308 309const char *get_signame(int sig) 310{ 311 switch(sig) { 312 case SIGILL: return "SIGILL"; 313 case SIGABRT: return "SIGABRT"; 314 case SIGBUS: return "SIGBUS"; 315 case SIGFPE: return "SIGFPE"; 316 case SIGSEGV: return "SIGSEGV"; 317 case SIGSTKFLT: return "SIGSTKFLT"; 318 default: return "?"; 319 } 320} 321 322const char *get_sigcode(int signo, int code) 323{ 324 switch (signo) { 325 case SIGILL: 326 switch (code) { 327 case ILL_ILLOPC: return "ILL_ILLOPC"; 328 case ILL_ILLOPN: return "ILL_ILLOPN"; 329 case ILL_ILLADR: return "ILL_ILLADR"; 330 case ILL_ILLTRP: return "ILL_ILLTRP"; 331 case ILL_PRVOPC: return "ILL_PRVOPC"; 332 case ILL_PRVREG: return "ILL_PRVREG"; 333 case ILL_COPROC: return "ILL_COPROC"; 334 case ILL_BADSTK: return "ILL_BADSTK"; 335 } 336 break; 337 case SIGBUS: 338 switch (code) { 339 case BUS_ADRALN: return "BUS_ADRALN"; 340 case BUS_ADRERR: return "BUS_ADRERR"; 341 case BUS_OBJERR: return "BUS_OBJERR"; 342 } 343 break; 344 case SIGFPE: 345 switch (code) { 346 case FPE_INTDIV: return "FPE_INTDIV"; 347 case FPE_INTOVF: return "FPE_INTOVF"; 348 case FPE_FLTDIV: return "FPE_FLTDIV"; 349 case FPE_FLTOVF: return "FPE_FLTOVF"; 350 case FPE_FLTUND: return "FPE_FLTUND"; 351 case FPE_FLTRES: return "FPE_FLTRES"; 352 case FPE_FLTINV: return "FPE_FLTINV"; 353 case FPE_FLTSUB: return "FPE_FLTSUB"; 354 } 355 break; 356 case SIGSEGV: 357 switch (code) { 358 case SEGV_MAPERR: return "SEGV_MAPERR"; 359 case SEGV_ACCERR: return "SEGV_ACCERR"; 360 } 361 break; 362 } 363 return "?"; 364} 365 366void dump_fault_addr(int tfd, int pid, int sig) 367{ 368 siginfo_t si; 369 370 memset(&si, 0, sizeof(si)); 371 if(ptrace(PTRACE_GETSIGINFO, pid, 0, &si)){ 372 _LOG(tfd, false, "cannot get siginfo: %s\n", strerror(errno)); 373 } else { 374 _LOG(tfd, false, "signal %d (%s), code %d (%s), fault addr %08x\n", 375 sig, get_signame(sig), 376 si.si_code, get_sigcode(sig, si.si_code), 377 si.si_addr); 378 } 379} 380 381void dump_crash_banner(int tfd, unsigned pid, unsigned tid, int sig) 382{ 383 char data[1024]; 384 char *x = 0; 385 FILE *fp; 386 387 sprintf(data, "/proc/%d/cmdline", pid); 388 fp = fopen(data, "r"); 389 if(fp) { 390 x = fgets(data, 1024, fp); 391 fclose(fp); 392 } 393 394 _LOG(tfd, false, 395 "*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***\n"); 396 dump_build_info(tfd); 397 _LOG(tfd, false, "pid: %d, tid: %d >>> %s <<<\n", 398 pid, tid, x ? x : "UNKNOWN"); 399 400 if(sig) dump_fault_addr(tfd, tid, sig); 401} 402 403static void parse_elf_info(mapinfo *milist, pid_t pid) 404{ 405 mapinfo *mi; 406 for (mi = milist; mi != NULL; mi = mi->next) { 407 Elf32_Ehdr ehdr; 408 409 memset(&ehdr, 0, sizeof(Elf32_Ehdr)); 410 /* Read in sizeof(Elf32_Ehdr) worth of data from the beginning of 411 * mapped section. 412 */ 413 get_remote_struct(pid, (void *) (mi->start), &ehdr, 414 sizeof(Elf32_Ehdr)); 415 /* Check if it has the matching magic words */ 416 if (IS_ELF(ehdr)) { 417 Elf32_Phdr phdr; 418 Elf32_Phdr *ptr; 419 int i; 420 421 ptr = (Elf32_Phdr *) (mi->start + ehdr.e_phoff); 422 for (i = 0; i < ehdr.e_phnum; i++) { 423 /* Parse the program header */ 424 get_remote_struct(pid, (char *) (ptr+i), &phdr, 425 sizeof(Elf32_Phdr)); 426 /* Found a EXIDX segment? */ 427 if (phdr.p_type == PT_ARM_EXIDX) { 428 mi->exidx_start = mi->start + phdr.p_offset; 429 mi->exidx_end = mi->exidx_start + phdr.p_filesz; 430 break; 431 } 432 } 433 434 /* Try to load symbols from this file */ 435 mi->symbols = symbol_table_create(mi->name); 436 } 437 } 438} 439 440void dump_crash_report(int tfd, unsigned pid, unsigned tid, bool at_fault) 441{ 442 char data[1024]; 443 FILE *fp; 444 mapinfo *milist = 0; 445 unsigned int sp_list[STACK_CONTENT_DEPTH]; 446 int stack_depth; 447 int frame0_pc_sane = 1; 448 449 if (!at_fault) { 450 _LOG(tfd, true, 451 "--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---\n"); 452 _LOG(tfd, true, "pid: %d, tid: %d\n", pid, tid); 453 } 454 455 dump_registers(tfd, tid, at_fault); 456 457 /* Clear stack pointer records */ 458 memset(sp_list, 0, sizeof(sp_list)); 459 460 sprintf(data, "/proc/%d/maps", pid); 461 fp = fopen(data, "r"); 462 if(fp) { 463 while(fgets(data, 1024, fp)) { 464 mapinfo *mi = parse_maps_line(data); 465 if(mi) { 466 mi->next = milist; 467 milist = mi; 468 } 469 } 470 fclose(fp); 471 } 472 473 parse_elf_info(milist, tid); 474 475 /* If stack unwinder fails, use the default solution to dump the stack 476 * content. 477 */ 478 stack_depth = unwind_backtrace_with_ptrace(tfd, tid, milist, sp_list, 479 &frame0_pc_sane, at_fault); 480 481 /* The stack unwinder should at least unwind two levels of stack. If less 482 * level is seen we make sure at lease pc and lr are dumped. 483 */ 484 if (stack_depth < 2) { 485 dump_pc_and_lr(tfd, tid, milist, stack_depth, at_fault); 486 } 487 488 dump_stack_and_code(tfd, tid, milist, stack_depth, sp_list, at_fault); 489 490 while(milist) { 491 mapinfo *next = milist->next; 492 symbol_table_free(milist->symbols); 493 free(milist); 494 milist = next; 495 } 496} 497 498#define MAX_TOMBSTONES 10 499 500#define typecheck(x,y) { \ 501 typeof(x) __dummy1; \ 502 typeof(y) __dummy2; \ 503 (void)(&__dummy1 == &__dummy2); } 504 505#define TOMBSTONE_DIR "/data/tombstones" 506 507/* 508 * find_and_open_tombstone - find an available tombstone slot, if any, of the 509 * form tombstone_XX where XX is 00 to MAX_TOMBSTONES-1, inclusive. If no 510 * file is available, we reuse the least-recently-modified file. 511 */ 512static int find_and_open_tombstone(void) 513{ 514 unsigned long mtime = ULONG_MAX; 515 struct stat sb; 516 char path[128]; 517 int fd, i, oldest = 0; 518 519 /* 520 * XXX: Our stat.st_mtime isn't time_t. If it changes, as it probably ought 521 * to, our logic breaks. This check will generate a warning if that happens. 522 */ 523 typecheck(mtime, sb.st_mtime); 524 525 /* 526 * In a single wolf-like pass, find an available slot and, in case none 527 * exist, find and record the least-recently-modified file. 528 */ 529 for (i = 0; i < MAX_TOMBSTONES; i++) { 530 snprintf(path, sizeof(path), TOMBSTONE_DIR"/tombstone_%02d", i); 531 532 if (!stat(path, &sb)) { 533 if (sb.st_mtime < mtime) { 534 oldest = i; 535 mtime = sb.st_mtime; 536 } 537 continue; 538 } 539 if (errno != ENOENT) 540 continue; 541 542 fd = open(path, O_CREAT | O_EXCL | O_WRONLY, 0600); 543 if (fd < 0) 544 continue; /* raced ? */ 545 546 fchown(fd, AID_SYSTEM, AID_SYSTEM); 547 return fd; 548 } 549 550 /* we didn't find an available file, so we clobber the oldest one */ 551 snprintf(path, sizeof(path), TOMBSTONE_DIR"/tombstone_%02d", oldest); 552 fd = open(path, O_CREAT | O_TRUNC | O_WRONLY, 0600); 553 fchown(fd, AID_SYSTEM, AID_SYSTEM); 554 555 return fd; 556} 557 558/* Return true if some thread is not detached cleanly */ 559static bool dump_sibling_thread_report(int tfd, unsigned pid, unsigned tid) 560{ 561 char task_path[1024]; 562 563 sprintf(task_path, "/proc/%d/task", pid); 564 DIR *d; 565 struct dirent *de; 566 int need_cleanup = 0; 567 568 d = opendir(task_path); 569 /* Bail early if cannot open the task directory */ 570 if (d == NULL) { 571 XLOG("Cannot open /proc/%d/task\n", pid); 572 return false; 573 } 574 while ((de = readdir(d)) != NULL) { 575 unsigned new_tid; 576 /* Ignore "." and ".." */ 577 if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) 578 continue; 579 new_tid = atoi(de->d_name); 580 /* The main thread at fault has been handled individually */ 581 if (new_tid == tid) 582 continue; 583 584 /* Skip this thread if cannot ptrace it */ 585 if (ptrace(PTRACE_ATTACH, new_tid, 0, 0) < 0) 586 continue; 587 588 dump_crash_report(tfd, pid, new_tid, false); 589 need_cleanup |= ptrace(PTRACE_DETACH, new_tid, 0, 0); 590 } 591 closedir(d); 592 return need_cleanup != 0; 593} 594 595/* Return true if some thread is not detached cleanly */ 596static bool engrave_tombstone(unsigned pid, unsigned tid, int debug_uid, 597 int signal) 598{ 599 int fd; 600 bool need_cleanup = false; 601 602 mkdir(TOMBSTONE_DIR, 0755); 603 chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM); 604 605 fd = find_and_open_tombstone(); 606 if (fd < 0) 607 return need_cleanup; 608 609 dump_crash_banner(fd, pid, tid, signal); 610 dump_crash_report(fd, pid, tid, true); 611 /* 612 * If the user has requested to attach gdb, don't collect the per-thread 613 * information as it increases the chance to lose track of the process. 614 */ 615 if ((signed)pid > debug_uid) { 616 need_cleanup = dump_sibling_thread_report(fd, pid, tid); 617 } 618 619 close(fd); 620 return need_cleanup; 621} 622 623static int 624write_string(const char* file, const char* string) 625{ 626 int len; 627 int fd; 628 ssize_t amt; 629 fd = open(file, O_RDWR); 630 len = strlen(string); 631 if (fd < 0) 632 return -errno; 633 amt = write(fd, string, len); 634 close(fd); 635 return amt >= 0 ? 0 : -errno; 636} 637 638static 639void init_debug_led(void) 640{ 641 // trout leds 642 write_string("/sys/class/leds/red/brightness", "0"); 643 write_string("/sys/class/leds/green/brightness", "0"); 644 write_string("/sys/class/leds/blue/brightness", "0"); 645 write_string("/sys/class/leds/red/device/blink", "0"); 646 // sardine leds 647 write_string("/sys/class/leds/left/cadence", "0,0"); 648} 649 650static 651void enable_debug_led(void) 652{ 653 // trout leds 654 write_string("/sys/class/leds/red/brightness", "255"); 655 // sardine leds 656 write_string("/sys/class/leds/left/cadence", "1,0"); 657} 658 659static 660void disable_debug_led(void) 661{ 662 // trout leds 663 write_string("/sys/class/leds/red/brightness", "0"); 664 // sardine leds 665 write_string("/sys/class/leds/left/cadence", "0,0"); 666} 667 668extern int init_getevent(); 669extern void uninit_getevent(); 670extern int get_event(struct input_event* event, int timeout); 671 672static void wait_for_user_action(unsigned tid, struct ucred* cr) 673{ 674 (void)tid; 675 /* First log a helpful message */ 676 LOG( "********************************************************\n" 677 "* Process %d has been suspended while crashing. To\n" 678 "* attach gdbserver for a gdb connection on port 5039:\n" 679 "*\n" 680 "* adb shell gdbserver :5039 --attach %d &\n" 681 "*\n" 682 "* Press HOME key to let the process continue crashing.\n" 683 "********************************************************\n", 684 cr->pid, cr->pid); 685 686 /* wait for HOME key (TODO: something useful for devices w/o HOME key) */ 687 if (init_getevent() == 0) { 688 int ms = 1200 / 10; 689 int dit = 1; 690 int dah = 3*dit; 691 int _ = -dit; 692 int ___ = 3*_; 693 int _______ = 7*_; 694 const signed char codes[] = { 695 dit,_,dit,_,dit,___,dah,_,dah,_,dah,___,dit,_,dit,_,dit,_______ 696 }; 697 size_t s = 0; 698 struct input_event e; 699 int home = 0; 700 init_debug_led(); 701 enable_debug_led(); 702 do { 703 int timeout = abs((int)(codes[s])) * ms; 704 int res = get_event(&e, timeout); 705 if (res == 0) { 706 if (e.type==EV_KEY && e.code==KEY_HOME && e.value==0) 707 home = 1; 708 } else if (res == 1) { 709 if (++s >= sizeof(codes)/sizeof(*codes)) 710 s = 0; 711 if (codes[s] > 0) { 712 enable_debug_led(); 713 } else { 714 disable_debug_led(); 715 } 716 } 717 } while (!home); 718 uninit_getevent(); 719 } 720 721 /* don't forget to turn debug led off */ 722 disable_debug_led(); 723 724 /* close filedescriptor */ 725 LOG("debuggerd resuming process %d", cr->pid); 726 } 727 728static void handle_crashing_process(int fd) 729{ 730 char buf[64]; 731 struct stat s; 732 unsigned tid; 733 struct ucred cr; 734 int n, len, status; 735 int tid_attach_status = -1; 736 unsigned retry = 30; 737 bool need_cleanup = false; 738 739 char value[PROPERTY_VALUE_MAX]; 740 property_get("debug.db.uid", value, "-1"); 741 int debug_uid = atoi(value); 742 743 XLOG("handle_crashing_process(%d)\n", fd); 744 745 len = sizeof(cr); 746 n = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &len); 747 if(n != 0) { 748 LOG("cannot get credentials\n"); 749 goto done; 750 } 751 752 XLOG("reading tid\n"); 753 fcntl(fd, F_SETFL, O_NONBLOCK); 754 while((n = read(fd, &tid, sizeof(unsigned))) != sizeof(unsigned)) { 755 if(errno == EINTR) continue; 756 if(errno == EWOULDBLOCK) { 757 if(retry-- > 0) { 758 usleep(100 * 1000); 759 continue; 760 } 761 LOG("timed out reading tid\n"); 762 goto done; 763 } 764 LOG("read failure? %s\n", strerror(errno)); 765 goto done; 766 } 767 768 sprintf(buf,"/proc/%d/task/%d", cr.pid, tid); 769 if(stat(buf, &s)) { 770 LOG("tid %d does not exist in pid %d. ignoring debug request\n", 771 tid, cr.pid); 772 close(fd); 773 return; 774 } 775 776 XLOG("BOOM: pid=%d uid=%d gid=%d tid=%d\n", cr.pid, cr.uid, cr.gid, tid); 777 778 tid_attach_status = ptrace(PTRACE_ATTACH, tid, 0, 0); 779 if(tid_attach_status < 0) { 780 LOG("ptrace attach failed: %s\n", strerror(errno)); 781 goto done; 782 } 783 784 close(fd); 785 fd = -1; 786 787 for(;;) { 788 n = waitpid(tid, &status, __WALL); 789 790 if(n < 0) { 791 if(errno == EAGAIN) continue; 792 LOG("waitpid failed: %s\n", strerror(errno)); 793 goto done; 794 } 795 796 XLOG("waitpid: n=%d status=%08x\n", n, status); 797 798 if(WIFSTOPPED(status)){ 799 n = WSTOPSIG(status); 800 switch(n) { 801 case SIGSTOP: 802 XLOG("stopped -- continuing\n"); 803 n = ptrace(PTRACE_CONT, tid, 0, 0); 804 if(n) { 805 LOG("ptrace failed: %s\n", strerror(errno)); 806 goto done; 807 } 808 continue; 809 810 case SIGILL: 811 case SIGABRT: 812 case SIGBUS: 813 case SIGFPE: 814 case SIGSEGV: 815 case SIGSTKFLT: { 816 XLOG("stopped -- fatal signal\n"); 817 need_cleanup = engrave_tombstone(cr.pid, tid, debug_uid, n); 818 kill(tid, SIGSTOP); 819 goto done; 820 } 821 822 default: 823 XLOG("stopped -- unexpected signal\n"); 824 goto done; 825 } 826 } else { 827 XLOG("unexpected waitpid response\n"); 828 goto done; 829 } 830 } 831 832done: 833 XLOG("detaching\n"); 834 835 /* stop the process so we can debug */ 836 kill(cr.pid, SIGSTOP); 837 838 /* 839 * If a thread has been attached by ptrace, make sure it is detached 840 * successfully otherwise we will get a zombie. 841 */ 842 if (tid_attach_status == 0) { 843 int detach_status; 844 /* detach so we can attach gdbserver */ 845 detach_status = ptrace(PTRACE_DETACH, tid, 0, 0); 846 need_cleanup |= (detach_status != 0); 847 } 848 849 /* 850 * if debug.db.uid is set, its value indicates if we should wait 851 * for user action for the crashing process. 852 * in this case, we log a message and turn the debug LED on 853 * waiting for a gdb connection (for instance) 854 */ 855 856 if ((signed)cr.uid <= debug_uid) { 857 wait_for_user_action(tid, &cr); 858 } 859 860 /* resume stopped process (so it can crash in peace) */ 861 kill(cr.pid, SIGCONT); 862 863 if (need_cleanup) { 864 LOG("debuggerd committing suicide to free the zombie!\n"); 865 kill(getpid(), SIGKILL); 866 } 867 868 if(fd != -1) close(fd); 869} 870 871int main() 872{ 873 int s; 874 struct sigaction act; 875 876 logsocket = socket_local_client("logd", 877 ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_DGRAM); 878 if(logsocket < 0) { 879 logsocket = -1; 880 } else { 881 fcntl(logsocket, F_SETFD, FD_CLOEXEC); 882 } 883 884 act.sa_handler = SIG_DFL; 885 sigemptyset(&act.sa_mask); 886 sigaddset(&act.sa_mask,SIGCHLD); 887 act.sa_flags = SA_NOCLDWAIT; 888 sigaction(SIGCHLD, &act, 0); 889 890 s = socket_local_server("android:debuggerd", 891 ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); 892 if(s < 0) return -1; 893 fcntl(s, F_SETFD, FD_CLOEXEC); 894 895 LOG("debuggerd: " __DATE__ " " __TIME__ "\n"); 896 897 for(;;) { 898 struct sockaddr addr; 899 socklen_t alen; 900 int fd; 901 902 alen = sizeof(addr); 903 fd = accept(s, &addr, &alen); 904 if(fd < 0) continue; 905 906 fcntl(fd, F_SETFD, FD_CLOEXEC); 907 908 handle_crashing_process(fd); 909 } 910 return 0; 911} 912