fault_handler.cc revision fabe91e0d558936ac26b98d2b4ee1af08f58831d 
1/*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "fault_handler.h"
18
19#include <setjmp.h>
20#include <sys/mman.h>
21#include <sys/ucontext.h>
22#include "mirror/art_method.h"
23#include "mirror/class.h"
24#include "sigchain.h"
25#include "thread-inl.h"
26#include "verify_object-inl.h"
27
28// Note on nested signal support
29// -----------------------------
30//
31// Typically a signal handler should not need to deal with signals that occur within it.
32// However, when a SIGSEGV occurs that is in generated code and is not one of the
33// handled signals (implicit checks), we call a function to try to dump the stack
34// to the log.  This enhances the debugging experience but may have the side effect
35// that it may not work.  If the cause of the original SIGSEGV is a corrupted stack or other
36// memory region, the stack backtrace code may run into trouble and may either crash
37// or fail with an abort (SIGABRT).  In either case we don't want that (new) signal to
38// mask the original signal and thus prevent useful debug output from being presented.
39//
40// In order to handle this situation, before we call the stack tracer we do the following:
41//
42// 1. shutdown the fault manager so that we are talking to the real signal management
43//    functions rather than those in sigchain.
44// 2. use pthread_sigmask to allow SIGSEGV and SIGABRT signals to be delivered to the
45//    thread running the signal handler.
46// 3. set the handler for SIGSEGV and SIGABRT to a secondary signal handler.
47// 4. save the thread's state to the TLS of the current thread using 'setjmp'
48//
49// We then call the stack tracer and one of two things may happen:
50// a. it completes successfully
51// b. it crashes and a signal is raised.
52//
53// In the former case, we fall through and everything is fine.  In the latter case
54// our secondary signal handler gets called in a signal context.  This results in
55// a call to FaultManager::HandledNestedSignal(), an archirecture specific function
56// whose purpose is to call 'longjmp' on the jmp_buf saved in the TLS of the current
57// thread.  This results in a return with a non-zero value from 'setjmp'.  We detect this
58// and write something to the log to tell the user that it happened.
59//
60// Regardless of how we got there, we reach the code after the stack tracer and we
61// restore the signal states to their original values, reinstate the fault manager (thus
62// reestablishing the signal chain) and continue.
63
64// This is difficult to test with a runtime test.  To invoke the nested signal code
65// on any signal, uncomment the following line and run something that throws a
66// NullPointerException.
67// #define TEST_NESTED_SIGNAL
68
69namespace art {
70// Static fault manger object accessed by signal handler.
71FaultManager fault_manager;
72
73extern "C" {
74void art_sigsegv_fault() {
75  // Set a breakpoint here to be informed when a SIGSEGV is unhandled by ART.
76  VLOG(signals)<< "Caught unknown SIGSEGV in ART fault handler - chaining to next handler.";
77}
78}
79
80// Signal handler called on SIGSEGV.
81static void art_fault_handler(int sig, siginfo_t* info, void* context) {
82  fault_manager.HandleFault(sig, info, context);
83}
84
85// Signal handler for dealing with a nested signal.
86static void art_nested_signal_handler(int sig, siginfo_t* info, void* context) {
87  fault_manager.HandleNestedSignal(sig, info, context);
88}
89
90FaultManager::FaultManager() : initialized_(false) {
91  sigaction(SIGSEGV, nullptr, &oldaction_);
92}
93
94FaultManager::~FaultManager() {
95}
96
97
98void FaultManager::Init() {
99  CHECK(!initialized_);
100  struct sigaction action;
101  action.sa_sigaction = art_fault_handler;
102  sigemptyset(&action.sa_mask);
103  action.sa_flags = SA_SIGINFO | SA_ONSTACK;
104#if !defined(__APPLE__) && !defined(__mips__)
105  action.sa_restorer = nullptr;
106#endif
107
108  // Set our signal handler now.
109  int e = sigaction(SIGSEGV, &action, &oldaction_);
110  if (e != 0) {
111    VLOG(signals) << "Failed to claim SEGV: " << strerror(errno);
112  }
113  // Make sure our signal handler is called before any user handlers.
114  ClaimSignalChain(SIGSEGV, &oldaction_);
115  initialized_ = true;
116}
117
118void FaultManager::Shutdown() {
119  if (initialized_) {
120    UnclaimSignalChain(SIGSEGV);
121    initialized_ = false;
122  }
123}
124
125void FaultManager::HandleFault(int sig, siginfo_t* info, void* context) {
126  // BE CAREFUL ALLOCATING HERE INCLUDING USING LOG(...)
127  //
128  // If malloc calls abort, it will be holding its lock.
129  // If the handler tries to call malloc, it will deadlock.
130
131  VLOG(signals) << "Handling fault";
132  if (IsInGeneratedCode(info, context, true)) {
133    VLOG(signals) << "in generated code, looking for handler";
134    for (const auto& handler : generated_code_handlers_) {
135      VLOG(signals) << "invoking Action on handler " << handler;
136      if (handler->Action(sig, info, context)) {
137#ifdef TEST_NESTED_SIGNAL
138        // In test mode we want to fall through to stack trace handler
139        // on every signal (in reality this will cause a crash on the first
140        // signal).
141        break;
142#else
143        // We have handled a signal so it's time to return from the
144        // signal handler to the appropriate place.
145        return;
146#endif
147      }
148    }
149  }
150
151  // We hit a signal we didn't handle.  This might be something for which
152  // we can give more information about so call all registered handlers to see
153  // if it is.
154  for (const auto& handler : other_handlers_) {
155    if (handler->Action(sig, info, context)) {
156      return;
157    }
158  }
159
160  // Set a breakpoint in this function to catch unhandled signals.
161  art_sigsegv_fault();
162
163  // Pass this on to the next handler in the chain, or the default if none.
164  InvokeUserSignalHandler(sig, info, context);
165}
166
167void FaultManager::AddHandler(FaultHandler* handler, bool generated_code) {
168  if (generated_code) {
169    generated_code_handlers_.push_back(handler);
170  } else {
171    other_handlers_.push_back(handler);
172  }
173}
174
175void FaultManager::RemoveHandler(FaultHandler* handler) {
176  auto it = std::find(generated_code_handlers_.begin(), generated_code_handlers_.end(), handler);
177  if (it != generated_code_handlers_.end()) {
178    generated_code_handlers_.erase(it);
179    return;
180  }
181  auto it2 = std::find(other_handlers_.begin(), other_handlers_.end(), handler);
182  if (it2 != other_handlers_.end()) {
183    other_handlers_.erase(it);
184    return;
185  }
186  LOG(FATAL) << "Attempted to remove non existent handler " << handler;
187}
188
189// This function is called within the signal handler.  It checks that
190// the mutator_lock is held (shared).  No annotalysis is done.
191bool FaultManager::IsInGeneratedCode(siginfo_t* siginfo, void* context, bool check_dex_pc) {
192  // We can only be running Java code in the current thread if it
193  // is in Runnable state.
194  VLOG(signals) << "Checking for generated code";
195  Thread* thread = Thread::Current();
196  if (thread == nullptr) {
197    VLOG(signals) << "no current thread";
198    return false;
199  }
200
201  ThreadState state = thread->GetState();
202  if (state != kRunnable) {
203    VLOG(signals) << "not runnable";
204    return false;
205  }
206
207  // Current thread is runnable.
208  // Make sure it has the mutator lock.
209  if (!Locks::mutator_lock_->IsSharedHeld(thread)) {
210    VLOG(signals) << "no lock";
211    return false;
212  }
213
214  mirror::ArtMethod* method_obj = 0;
215  uintptr_t return_pc = 0;
216  uintptr_t sp = 0;
217
218  // Get the architecture specific method address and return address.  These
219  // are in architecture specific files in arch/<arch>/fault_handler_<arch>.
220  GetMethodAndReturnPcAndSp(siginfo, context, &method_obj, &return_pc, &sp);
221
222  // If we don't have a potential method, we're outta here.
223  VLOG(signals) << "potential method: " << method_obj;
224  if (method_obj == 0 || !IsAligned<kObjectAlignment>(method_obj)) {
225    VLOG(signals) << "no method";
226    return false;
227  }
228
229  // Verify that the potential method is indeed a method.
230  // TODO: check the GC maps to make sure it's an object.
231  // Check that the class pointer inside the object is not null and is aligned.
232  // TODO: Method might be not a heap address, and GetClass could fault.
233  mirror::Class* cls = method_obj->GetClass<kVerifyNone>();
234  if (cls == nullptr) {
235    VLOG(signals) << "not a class";
236    return false;
237  }
238  if (!IsAligned<kObjectAlignment>(cls)) {
239    VLOG(signals) << "not aligned";
240    return false;
241  }
242
243
244  if (!VerifyClassClass(cls)) {
245    VLOG(signals) << "not a class class";
246    return false;
247  }
248
249  // Now make sure the class is a mirror::ArtMethod.
250  if (!cls->IsArtMethodClass()) {
251    VLOG(signals) << "not a method";
252    return false;
253  }
254
255  // We can be certain that this is a method now.  Check if we have a GC map
256  // at the return PC address.
257  if (true || kIsDebugBuild) {
258    VLOG(signals) << "looking for dex pc for return pc " << std::hex << return_pc;
259    const void* code = Runtime::Current()->GetInstrumentation()->GetQuickCodeFor(method_obj);
260    uint32_t sought_offset = return_pc - reinterpret_cast<uintptr_t>(code);
261    VLOG(signals) << "pc offset: " << std::hex << sought_offset;
262  }
263  uint32_t dexpc = method_obj->ToDexPc(return_pc, false);
264  VLOG(signals) << "dexpc: " << dexpc;
265  return !check_dex_pc || dexpc != DexFile::kDexNoIndex;
266}
267
268FaultHandler::FaultHandler(FaultManager* manager) : manager_(manager) {
269}
270
271//
272// Null pointer fault handler
273//
274NullPointerHandler::NullPointerHandler(FaultManager* manager) : FaultHandler(manager) {
275  manager_->AddHandler(this, true);
276}
277
278//
279// Suspension fault handler
280//
281SuspensionHandler::SuspensionHandler(FaultManager* manager) : FaultHandler(manager) {
282  manager_->AddHandler(this, true);
283}
284
285//
286// Stack overflow fault handler
287//
288StackOverflowHandler::StackOverflowHandler(FaultManager* manager) : FaultHandler(manager) {
289  manager_->AddHandler(this, true);
290}
291
292//
293// Stack trace handler, used to help get a stack trace from SIGSEGV inside of compiled code.
294//
295JavaStackTraceHandler::JavaStackTraceHandler(FaultManager* manager) : FaultHandler(manager) {
296  manager_->AddHandler(this, false);
297}
298
299bool JavaStackTraceHandler::Action(int sig, siginfo_t* siginfo, void* context) {
300  // Make sure that we are in the generated code, but we may not have a dex pc.
301
302#ifdef TEST_NESTED_SIGNAL
303  bool in_generated_code = true;
304#else
305  bool in_generated_code = manager_->IsInGeneratedCode(siginfo, context, false);
306#endif
307  if (in_generated_code) {
308    LOG(ERROR) << "Dumping java stack trace for crash in generated code";
309    mirror::ArtMethod* method = nullptr;
310    uintptr_t return_pc = 0;
311    uintptr_t sp = 0;
312    Thread* self = Thread::Current();
313
314    // Shutdown the fault manager so that it will remove the signal chain for
315    // SIGSEGV and we call the real sigaction.
316    fault_manager.Shutdown();
317
318    // The action for SIGSEGV should be the default handler now.
319
320    // Unblock the signals we allow so that they can be delivered in the signal handler.
321    sigset_t sigset;
322    sigemptyset(&sigset);
323    sigaddset(&sigset, SIGSEGV);
324    sigaddset(&sigset, SIGABRT);
325    pthread_sigmask(SIG_UNBLOCK, &sigset, nullptr);
326
327    // If we get a signal in this code we want to invoke our nested signal
328    // handler.
329    struct sigaction action, oldsegvaction, oldabortaction;
330    action.sa_sigaction = art_nested_signal_handler;
331
332    // Explictly mask out SIGSEGV and SIGABRT from the nested signal handler.  This
333    // should be the default but we definitely don't want these happening in our
334    // nested signal handler.
335    sigemptyset(&action.sa_mask);
336    sigaddset(&action.sa_mask, SIGSEGV);
337    sigaddset(&action.sa_mask, SIGABRT);
338
339    action.sa_flags = SA_SIGINFO | SA_ONSTACK;
340#if !defined(__APPLE__) && !defined(__mips__)
341    action.sa_restorer = nullptr;
342#endif
343
344    // Catch SIGSEGV and SIGABRT to invoke our nested handler
345    int e1 = sigaction(SIGSEGV, &action, &oldsegvaction);
346    int e2 = sigaction(SIGABRT, &action, &oldabortaction);
347    if (e1 != 0 || e2 != 0) {
348      LOG(ERROR) << "Unable to register nested signal handler - no stack trace possible";
349      // If sigaction failed we have a serious problem.  We cannot catch
350      // any failures in the stack tracer and it's likely to occur since
351      // the program state is bad.  Therefore we don't even try to give
352      // a stack trace.
353    } else {
354      // Save the current state and try to dump the stack.  If this causes a signal
355      // our nested signal handler will be invoked and this will longjmp to the saved
356      // state.
357      if (setjmp(*self->GetNestedSignalState()) == 0) {
358        manager_->GetMethodAndReturnPcAndSp(siginfo, context, &method, &return_pc, &sp);
359        // Inside of generated code, sp[0] is the method, so sp is the frame.
360        StackReference<mirror::ArtMethod>* frame =
361            reinterpret_cast<StackReference<mirror::ArtMethod>*>(sp);
362        self->SetTopOfStack(frame, 0);  // Since we don't necessarily have a dex pc, pass in 0.
363#ifdef TEST_NESTED_SIGNAL
364        // To test the nested signal handler we raise a signal here.  This will cause the
365        // nested signal handler to be called and perform a longjmp back to the setjmp
366        // above.
367        abort();
368#endif
369        self->DumpJavaStack(LOG(ERROR));
370      } else {
371        LOG(ERROR) << "Stack trace aborted due to nested signal - original signal being reported";
372      }
373
374      // Restore the signal handlers.
375      sigaction(SIGSEGV, &oldsegvaction, nullptr);
376      sigaction(SIGABRT, &oldabortaction, nullptr);
377    }
378
379    // Now put the fault manager back in place.
380    fault_manager.Init();
381
382    // And we're done.
383  }
384
385  return false;  // Return false since we want to propagate the fault to the main signal handler.
386}
387
388}   // namespace art
389
390