debuggerd.c revision 6cc492308712613cd23bee9240b1757428841a2f
1/* system/debuggerd/debuggerd.c 2** 3** Copyright 2006, The Android Open Source Project 4** 5** Licensed under the Apache License, Version 2.0 (the "License"); 6** you may not use this file except in compliance with the License. 7** You may obtain a copy of the License at 8** 9** http://www.apache.org/licenses/LICENSE-2.0 10** 11** Unless required by applicable law or agreed to in writing, software 12** distributed under the License is distributed on an "AS IS" BASIS, 13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14** See the License for the specific language governing permissions and 15** limitations under the License. 16*/ 17 18#include <stdio.h> 19#include <errno.h> 20#include <signal.h> 21#include <pthread.h> 22#include <stdarg.h> 23#include <fcntl.h> 24#include <sys/types.h> 25#include <dirent.h> 26 27#include <sys/ptrace.h> 28#include <sys/wait.h> 29#include <sys/exec_elf.h> 30#include <sys/stat.h> 31 32#include <cutils/sockets.h> 33#include <cutils/logd.h> 34#include <cutils/properties.h> 35 36#include <linux/input.h> 37 38#include <private/android_filesystem_config.h> 39 40#include "debuggerd.h" 41#include "utility.h" 42 43#define ANDROID_LOG_INFO 4 44 45/* Log information onto the tombstone */ 46void _LOG(int tfd, bool in_tombstone_only, const char *fmt, ...) 47{ 48 char buf[512]; 49 50 va_list ap; 51 va_start(ap, fmt); 52 53 if (tfd >= 0) { 54 int len; 55 vsnprintf(buf, sizeof(buf), fmt, ap); 56 len = strlen(buf); 57 if(tfd >= 0) write(tfd, buf, len); 58 } 59 60 if (!in_tombstone_only) 61 __android_log_vprint(ANDROID_LOG_INFO, "DEBUG", fmt, ap); 62} 63 64// 6f000000-6f01e000 rwxp 00000000 00:0c 16389419 /system/lib/libcomposer.so 65// 012345678901234567890123456789012345678901234567890123456789 66// 0 1 2 3 4 5 67 68mapinfo *parse_maps_line(char *line) 69{ 70 mapinfo *mi; 71 int len = strlen(line); 72 73 if(len < 1) return 0; 74 line[--len] = 0; 75 76 if(len < 50) return 0; 77 if(line[20] != 'x') return 0; 78 79 mi = malloc(sizeof(mapinfo) + (len - 47)); 80 if(mi == 0) return 0; 81 82 mi->start = strtoul(line, 0, 16); 83 mi->end = strtoul(line + 9, 0, 16); 84 /* To be filled in parse_elf_info if the mapped section starts with 85 * elf_header 86 */ 87 mi->exidx_start = mi->exidx_end = 0; 88 mi->symbols = 0; 89 mi->next = 0; 90 strcpy(mi->name, line + 49); 91 92 return mi; 93} 94 95void dump_build_info(int tfd) 96{ 97 char fingerprint[PROPERTY_VALUE_MAX]; 98 99 property_get("ro.build.fingerprint", fingerprint, "unknown"); 100 101 _LOG(tfd, false, "Build fingerprint: '%s'\n", fingerprint); 102} 103 104const char *get_signame(int sig) 105{ 106 switch(sig) { 107 case SIGILL: return "SIGILL"; 108 case SIGABRT: return "SIGABRT"; 109 case SIGBUS: return "SIGBUS"; 110 case SIGFPE: return "SIGFPE"; 111 case SIGSEGV: return "SIGSEGV"; 112 case SIGSTKFLT: return "SIGSTKFLT"; 113 default: return "?"; 114 } 115} 116 117void dump_fault_addr(int tfd, int pid, int sig) 118{ 119 siginfo_t si; 120 121 memset(&si, 0, sizeof(si)); 122 if(ptrace(PTRACE_GETSIGINFO, pid, 0, &si)){ 123 _LOG(tfd, false, "cannot get siginfo: %s\n", strerror(errno)); 124 } else { 125 _LOG(tfd, false, "signal %d (%s), fault addr %08x\n", 126 sig, get_signame(sig), si.si_addr); 127 } 128} 129 130void dump_crash_banner(int tfd, unsigned pid, unsigned tid, int sig) 131{ 132 char data[1024]; 133 char *x = 0; 134 FILE *fp; 135 136 sprintf(data, "/proc/%d/cmdline", pid); 137 fp = fopen(data, "r"); 138 if(fp) { 139 x = fgets(data, 1024, fp); 140 fclose(fp); 141 } 142 143 _LOG(tfd, false, 144 "*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***\n"); 145 dump_build_info(tfd); 146 _LOG(tfd, false, "pid: %d, tid: %d >>> %s <<<\n", 147 pid, tid, x ? x : "UNKNOWN"); 148 149 if(sig) dump_fault_addr(tfd, tid, sig); 150} 151 152static void parse_elf_info(mapinfo *milist, pid_t pid) 153{ 154 mapinfo *mi; 155 for (mi = milist; mi != NULL; mi = mi->next) { 156 Elf32_Ehdr ehdr; 157 158 memset(&ehdr, 0, sizeof(Elf32_Ehdr)); 159 /* Read in sizeof(Elf32_Ehdr) worth of data from the beginning of 160 * mapped section. 161 */ 162 get_remote_struct(pid, (void *) (mi->start), &ehdr, 163 sizeof(Elf32_Ehdr)); 164 /* Check if it has the matching magic words */ 165 if (IS_ELF(ehdr)) { 166 Elf32_Phdr phdr; 167 Elf32_Phdr *ptr; 168 int i; 169 170 ptr = (Elf32_Phdr *) (mi->start + ehdr.e_phoff); 171 for (i = 0; i < ehdr.e_phnum; i++) { 172 /* Parse the program header */ 173 get_remote_struct(pid, (char *) ptr+i, &phdr, 174 sizeof(Elf32_Phdr)); 175#ifdef __arm__ 176 /* Found a EXIDX segment? */ 177 if (phdr.p_type == PT_ARM_EXIDX) { 178 mi->exidx_start = mi->start + phdr.p_offset; 179 mi->exidx_end = mi->exidx_start + phdr.p_filesz; 180 break; 181 } 182#endif 183 } 184 185 /* Try to load symbols from this file */ 186 mi->symbols = symbol_table_create(mi->name); 187 } 188 } 189} 190 191void dump_crash_report(int tfd, unsigned pid, unsigned tid, bool at_fault) 192{ 193 char data[1024]; 194 FILE *fp; 195 mapinfo *milist = 0; 196 unsigned int sp_list[STACK_CONTENT_DEPTH]; 197 int stack_depth; 198#ifdef __arm__ 199 int frame0_pc_sane = 1; 200#endif 201 202 if (!at_fault) { 203 _LOG(tfd, true, 204 "--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---\n"); 205 _LOG(tfd, true, "pid: %d, tid: %d\n", pid, tid); 206 } 207 208 dump_registers(tfd, tid, at_fault); 209 210 /* Clear stack pointer records */ 211 memset(sp_list, 0, sizeof(sp_list)); 212 213 sprintf(data, "/proc/%d/maps", pid); 214 fp = fopen(data, "r"); 215 if(fp) { 216 while(fgets(data, 1024, fp)) { 217 mapinfo *mi = parse_maps_line(data); 218 if(mi) { 219 mi->next = milist; 220 milist = mi; 221 } 222 } 223 fclose(fp); 224 } 225 226 parse_elf_info(milist, tid); 227 228#if __arm__ 229 /* If stack unwinder fails, use the default solution to dump the stack 230 * content. 231 */ 232 stack_depth = unwind_backtrace_with_ptrace(tfd, tid, milist, sp_list, 233 &frame0_pc_sane, at_fault); 234 235 /* The stack unwinder should at least unwind two levels of stack. If less 236 * level is seen we make sure at lease pc and lr are dumped. 237 */ 238 if (stack_depth < 2) { 239 dump_pc_and_lr(tfd, tid, milist, stack_depth, at_fault); 240 } 241 242 dump_stack_and_code(tfd, tid, milist, stack_depth, sp_list, at_fault); 243#elif __i386__ 244 /* If stack unwinder fails, use the default solution to dump the stack 245 * content. 246 */ 247 stack_depth = unwind_backtrace_with_ptrace_x86(tfd, tid, milist,at_fault); 248#else 249#error "Unsupported architecture" 250#endif 251 252 while(milist) { 253 mapinfo *next = milist->next; 254 symbol_table_free(milist->symbols); 255 free(milist); 256 milist = next; 257 } 258} 259 260#define MAX_TOMBSTONES 10 261 262#define typecheck(x,y) { \ 263 typeof(x) __dummy1; \ 264 typeof(y) __dummy2; \ 265 (void)(&__dummy1 == &__dummy2); } 266 267#define TOMBSTONE_DIR "/data/tombstones" 268 269/* 270 * find_and_open_tombstone - find an available tombstone slot, if any, of the 271 * form tombstone_XX where XX is 00 to MAX_TOMBSTONES-1, inclusive. If no 272 * file is available, we reuse the least-recently-modified file. 273 */ 274static int find_and_open_tombstone(void) 275{ 276 unsigned long mtime = ULONG_MAX; 277 struct stat sb; 278 char path[128]; 279 int fd, i, oldest = 0; 280 281 /* 282 * XXX: Our stat.st_mtime isn't time_t. If it changes, as it probably ought 283 * to, our logic breaks. This check will generate a warning if that happens. 284 */ 285 typecheck(mtime, sb.st_mtime); 286 287 /* 288 * In a single wolf-like pass, find an available slot and, in case none 289 * exist, find and record the least-recently-modified file. 290 */ 291 for (i = 0; i < MAX_TOMBSTONES; i++) { 292 snprintf(path, sizeof(path), TOMBSTONE_DIR"/tombstone_%02d", i); 293 294 if (!stat(path, &sb)) { 295 if (sb.st_mtime < mtime) { 296 oldest = i; 297 mtime = sb.st_mtime; 298 } 299 continue; 300 } 301 if (errno != ENOENT) 302 continue; 303 304 fd = open(path, O_CREAT | O_EXCL | O_WRONLY, 0600); 305 if (fd < 0) 306 continue; /* raced ? */ 307 308 fchown(fd, AID_SYSTEM, AID_SYSTEM); 309 return fd; 310 } 311 312 /* we didn't find an available file, so we clobber the oldest one */ 313 snprintf(path, sizeof(path), TOMBSTONE_DIR"/tombstone_%02d", oldest); 314 fd = open(path, O_CREAT | O_TRUNC | O_WRONLY, 0600); 315 fchown(fd, AID_SYSTEM, AID_SYSTEM); 316 317 return fd; 318} 319 320/* Return true if some thread is not detached cleanly */ 321static bool dump_sibling_thread_report(int tfd, unsigned pid, unsigned tid) 322{ 323 char task_path[1024]; 324 325 sprintf(task_path, "/proc/%d/task", pid); 326 DIR *d; 327 struct dirent *de; 328 int need_cleanup = 0; 329 330 d = opendir(task_path); 331 /* Bail early if cannot open the task directory */ 332 if (d == NULL) { 333 XLOG("Cannot open /proc/%d/task\n", pid); 334 return false; 335 } 336 while ((de = readdir(d)) != NULL) { 337 unsigned new_tid; 338 /* Ignore "." and ".." */ 339 if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) 340 continue; 341 new_tid = atoi(de->d_name); 342 /* The main thread at fault has been handled individually */ 343 if (new_tid == tid) 344 continue; 345 346 /* Skip this thread if cannot ptrace it */ 347 if (ptrace(PTRACE_ATTACH, new_tid, 0, 0) < 0) 348 continue; 349 350 dump_crash_report(tfd, pid, new_tid, false); 351 need_cleanup |= ptrace(PTRACE_DETACH, new_tid, 0, 0); 352 } 353 closedir(d); 354 return need_cleanup != 0; 355} 356 357/* Return true if some thread is not detached cleanly */ 358static bool engrave_tombstone(unsigned pid, unsigned tid, int debug_uid, 359 int signal) 360{ 361 int fd; 362 bool need_cleanup = false; 363 364 mkdir(TOMBSTONE_DIR, 0755); 365 chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM); 366 367 fd = find_and_open_tombstone(); 368 if (fd < 0) 369 return need_cleanup; 370 371 dump_crash_banner(fd, pid, tid, signal); 372 dump_crash_report(fd, pid, tid, true); 373 /* 374 * If the user has requested to attach gdb, don't collect the per-thread 375 * information as it increases the chance to lose track of the process. 376 */ 377 if ((signed)pid > debug_uid) { 378 need_cleanup = dump_sibling_thread_report(fd, pid, tid); 379 } 380 381 close(fd); 382 return need_cleanup; 383} 384 385static int 386write_string(const char* file, const char* string) 387{ 388 int len; 389 int fd; 390 ssize_t amt; 391 fd = open(file, O_RDWR); 392 len = strlen(string); 393 if (fd < 0) 394 return -errno; 395 amt = write(fd, string, len); 396 close(fd); 397 return amt >= 0 ? 0 : -errno; 398} 399 400static 401void init_debug_led(void) 402{ 403 // trout leds 404 write_string("/sys/class/leds/red/brightness", "0"); 405 write_string("/sys/class/leds/green/brightness", "0"); 406 write_string("/sys/class/leds/blue/brightness", "0"); 407 write_string("/sys/class/leds/red/device/blink", "0"); 408 // sardine leds 409 write_string("/sys/class/leds/left/cadence", "0,0"); 410} 411 412static 413void enable_debug_led(void) 414{ 415 // trout leds 416 write_string("/sys/class/leds/red/brightness", "255"); 417 // sardine leds 418 write_string("/sys/class/leds/left/cadence", "1,0"); 419} 420 421static 422void disable_debug_led(void) 423{ 424 // trout leds 425 write_string("/sys/class/leds/red/brightness", "0"); 426 // sardine leds 427 write_string("/sys/class/leds/left/cadence", "0,0"); 428} 429 430extern int init_getevent(); 431extern void uninit_getevent(); 432extern int get_event(struct input_event* event, int timeout); 433 434static void wait_for_user_action(unsigned tid, struct ucred* cr) 435{ 436 (void)tid; 437 /* First log a helpful message */ 438 LOG( "********************************************************\n" 439 "* Process %d has been suspended while crashing. To\n" 440 "* attach gdbserver for a gdb connection on port 5039:\n" 441 "*\n" 442 "* adb shell gdbserver :5039 --attach %d &\n" 443 "*\n" 444 "* Press HOME key to let the process continue crashing.\n" 445 "********************************************************\n", 446 cr->pid, cr->pid); 447 448 /* wait for HOME key (TODO: something useful for devices w/o HOME key) */ 449 if (init_getevent() == 0) { 450 int ms = 1200 / 10; 451 int dit = 1; 452 int dah = 3*dit; 453 int _ = -dit; 454 int ___ = 3*_; 455 int _______ = 7*_; 456 const signed char codes[] = { 457 dit,_,dit,_,dit,___,dah,_,dah,_,dah,___,dit,_,dit,_,dit,_______ 458 }; 459 size_t s = 0; 460 struct input_event e; 461 int home = 0; 462 init_debug_led(); 463 enable_debug_led(); 464 do { 465 int timeout = abs((int)(codes[s])) * ms; 466 int res = get_event(&e, timeout); 467 if (res == 0) { 468 if (e.type==EV_KEY && e.code==KEY_HOME && e.value==0) 469 home = 1; 470 } else if (res == 1) { 471 if (++s >= sizeof(codes)/sizeof(*codes)) 472 s = 0; 473 if (codes[s] > 0) { 474 enable_debug_led(); 475 } else { 476 disable_debug_led(); 477 } 478 } 479 } while (!home); 480 uninit_getevent(); 481 } 482 483 /* don't forget to turn debug led off */ 484 disable_debug_led(); 485 486 /* close filedescriptor */ 487 LOG("debuggerd resuming process %d", cr->pid); 488 } 489 490static void handle_crashing_process(int fd) 491{ 492 char buf[64]; 493 struct stat s; 494 unsigned tid; 495 struct ucred cr; 496 int n, len, status; 497 int tid_attach_status = -1; 498 unsigned retry = 30; 499 bool need_cleanup = false; 500 501 char value[PROPERTY_VALUE_MAX]; 502 property_get("debug.db.uid", value, "-1"); 503 int debug_uid = atoi(value); 504 505 XLOG("handle_crashing_process(%d)\n", fd); 506 507 len = sizeof(cr); 508 n = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &len); 509 if(n != 0) { 510 LOG("cannot get credentials\n"); 511 goto done; 512 } 513 514 XLOG("reading tid\n"); 515 fcntl(fd, F_SETFL, O_NONBLOCK); 516 while((n = read(fd, &tid, sizeof(unsigned))) != sizeof(unsigned)) { 517 if(errno == EINTR) continue; 518 if(errno == EWOULDBLOCK) { 519 if(retry-- > 0) { 520 usleep(100 * 1000); 521 continue; 522 } 523 LOG("timed out reading tid\n"); 524 goto done; 525 } 526 LOG("read failure? %s\n", strerror(errno)); 527 goto done; 528 } 529 530 sprintf(buf,"/proc/%d/task/%d", cr.pid, tid); 531 if(stat(buf, &s)) { 532 LOG("tid %d does not exist in pid %d. ignoring debug request\n", 533 tid, cr.pid); 534 close(fd); 535 return; 536 } 537 538 XLOG("BOOM: pid=%d uid=%d gid=%d tid=%d\n", cr.pid, cr.uid, cr.gid, tid); 539 540 tid_attach_status = ptrace(PTRACE_ATTACH, tid, 0, 0); 541 if(tid_attach_status < 0) { 542 LOG("ptrace attach failed: %s\n", strerror(errno)); 543 goto done; 544 } 545 546 close(fd); 547 fd = -1; 548 549 for(;;) { 550 n = waitpid(tid, &status, __WALL); 551 552 if(n < 0) { 553 if(errno == EAGAIN) continue; 554 LOG("waitpid failed: %s\n", strerror(errno)); 555 goto done; 556 } 557 558 XLOG("waitpid: n=%d status=%08x\n", n, status); 559 560 if(WIFSTOPPED(status)){ 561 n = WSTOPSIG(status); 562 switch(n) { 563 case SIGSTOP: 564 XLOG("stopped -- continuing\n"); 565 n = ptrace(PTRACE_CONT, tid, 0, 0); 566 if(n) { 567 LOG("ptrace failed: %s\n", strerror(errno)); 568 goto done; 569 } 570 continue; 571 572 case SIGILL: 573 case SIGABRT: 574 case SIGBUS: 575 case SIGFPE: 576 case SIGSEGV: 577 case SIGSTKFLT: { 578 XLOG("stopped -- fatal signal\n"); 579 need_cleanup = engrave_tombstone(cr.pid, tid, debug_uid, n); 580 kill(tid, SIGSTOP); 581 goto done; 582 } 583 584 default: 585 XLOG("stopped -- unexpected signal\n"); 586 goto done; 587 } 588 } else { 589 XLOG("unexpected waitpid response\n"); 590 goto done; 591 } 592 } 593 594done: 595 XLOG("detaching\n"); 596 597 /* stop the process so we can debug */ 598 kill(cr.pid, SIGSTOP); 599 600 /* 601 * If a thread has been attached by ptrace, make sure it is detached 602 * successfully otherwise we will get a zombie. 603 */ 604 if (tid_attach_status == 0) { 605 int detach_status; 606 /* detach so we can attach gdbserver */ 607 detach_status = ptrace(PTRACE_DETACH, tid, 0, 0); 608 need_cleanup |= (detach_status != 0); 609 } 610 611 /* 612 * if debug.db.uid is set, its value indicates if we should wait 613 * for user action for the crashing process. 614 * in this case, we log a message and turn the debug LED on 615 * waiting for a gdb connection (for instance) 616 */ 617 618 if ((signed)cr.uid <= debug_uid) { 619 wait_for_user_action(tid, &cr); 620 } 621 622 /* resume stopped process (so it can crash in peace) */ 623 kill(cr.pid, SIGCONT); 624 625 if (need_cleanup) { 626 LOG("debuggerd committing suicide to free the zombie!\n"); 627 kill(getpid(), SIGKILL); 628 } 629 630 if(fd != -1) close(fd); 631} 632 633 634int main() 635{ 636 int s; 637 struct sigaction act; 638 int logsocket = -1; 639 640 logsocket = socket_local_client("logd", 641 ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_DGRAM); 642 if(logsocket < 0) { 643 logsocket = -1; 644 } else { 645 fcntl(logsocket, F_SETFD, FD_CLOEXEC); 646 } 647 648 act.sa_handler = SIG_DFL; 649 sigemptyset(&act.sa_mask); 650 sigaddset(&act.sa_mask,SIGCHLD); 651 act.sa_flags = SA_NOCLDWAIT; 652 sigaction(SIGCHLD, &act, 0); 653 654 s = socket_local_server("android:debuggerd", 655 ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); 656 if(s < 0) return -1; 657 fcntl(s, F_SETFD, FD_CLOEXEC); 658 659 LOG("debuggerd: " __DATE__ " " __TIME__ "\n"); 660 661 for(;;) { 662 struct sockaddr addr; 663 socklen_t alen; 664 int fd; 665 666 alen = sizeof(addr); 667 fd = accept(s, &addr, &alen); 668 if(fd < 0) continue; 669 670 fcntl(fd, F_SETFD, FD_CLOEXEC); 671 672 handle_crashing_process(fd); 673 } 674 return 0; 675} 676