debugger.cpp revision 17e6a98b48c4f228adb37c8d37bbf71dd2a1c513 
1/*
2 * Copyright (C) 2008 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *  * Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 *  * Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in
12 *    the documentation and/or other materials provided with the
13 *    distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29#include "linker.h"
30
31#include <errno.h>
32#include <inttypes.h>
33#include <signal.h>
34#include <stdio.h>
35#include <stdlib.h>
36#include <sys/mman.h>
37#include <sys/prctl.h>
38#include <sys/socket.h>
39#include <sys/un.h>
40#include <unistd.h>
41
42extern "C" int tgkill(int tgid, int tid, int sig);
43
44#if __LP64__
45#define DEBUGGER_SOCKET_NAME "android:debuggerd64"
46#else
47#define DEBUGGER_SOCKET_NAME "android:debuggerd"
48#endif
49
50enum debugger_action_t {
51  // dump a crash
52  DEBUGGER_ACTION_CRASH,
53  // dump a tombstone file
54  DEBUGGER_ACTION_DUMP_TOMBSTONE,
55  // dump a backtrace only back to the socket
56  DEBUGGER_ACTION_DUMP_BACKTRACE,
57};
58
59/* message sent over the socket */
60struct debugger_msg_t {
61  // version 1 included:
62  debugger_action_t action;
63  pid_t tid;
64
65  // version 2 added:
66  uintptr_t abort_msg_address;
67};
68
69// see man(2) prctl, specifically the section about PR_GET_NAME
70#define MAX_TASK_NAME_LEN (16)
71
72static int socket_abstract_client(const char* name, int type) {
73  sockaddr_un addr;
74
75  // Test with length +1 for the *initial* '\0'.
76  size_t namelen = strlen(name);
77  if ((namelen + 1) > sizeof(addr.sun_path)) {
78    errno = EINVAL;
79    return -1;
80  }
81
82  // This is used for abstract socket namespace, we need
83  // an initial '\0' at the start of the Unix socket path.
84  //
85  // Note: The path in this case is *not* supposed to be
86  // '\0'-terminated. ("man 7 unix" for the gory details.)
87  memset(&addr, 0, sizeof(addr));
88  addr.sun_family = AF_LOCAL;
89  addr.sun_path[0] = 0;
90  memcpy(addr.sun_path + 1, name, namelen);
91
92  socklen_t alen = namelen + offsetof(sockaddr_un, sun_path) + 1;
93
94  int s = socket(AF_LOCAL, type, 0);
95  if (s == -1) {
96    return -1;
97  }
98
99  int rc = TEMP_FAILURE_RETRY(connect(s, reinterpret_cast<sockaddr*>(&addr), alen));
100  if (rc == -1) {
101    close(s);
102    return -1;
103  }
104
105  return s;
106}
107
108/*
109 * Writes a summary of the signal to the log file.  We do this so that, if
110 * for some reason we're not able to contact debuggerd, there is still some
111 * indication of the failure in the log.
112 *
113 * We could be here as a result of native heap corruption, or while a
114 * mutex is being held, so we don't want to use any libc functions that
115 * could allocate memory or hold a lock.
116 */
117static void log_signal_summary(int signum, const siginfo_t* info) {
118  const char* signal_name = "???";
119  bool has_address = false;
120  switch (signum) {
121    case SIGILL:
122      signal_name = "SIGILL";
123      has_address = true;
124      break;
125    case SIGABRT:
126      signal_name = "SIGABRT";
127      break;
128    case SIGBUS:
129      signal_name = "SIGBUS";
130      has_address = true;
131      break;
132    case SIGFPE:
133      signal_name = "SIGFPE";
134      has_address = true;
135      break;
136    case SIGSEGV:
137      signal_name = "SIGSEGV";
138      has_address = true;
139      break;
140#if defined(SIGSTKFLT)
141    case SIGSTKFLT:
142      signal_name = "SIGSTKFLT";
143      break;
144#endif
145    case SIGPIPE:
146      signal_name = "SIGPIPE";
147      break;
148  }
149
150  char thread_name[MAX_TASK_NAME_LEN + 1]; // one more for termination
151  if (prctl(PR_GET_NAME, (unsigned long)thread_name, 0, 0, 0) != 0) {
152    strcpy(thread_name, "<name unknown>");
153  } else {
154    // short names are null terminated by prctl, but the man page
155    // implies that 16 byte names are not.
156    thread_name[MAX_TASK_NAME_LEN] = 0;
157  }
158
159  // "info" will be NULL if the siginfo_t information was not available.
160  // Many signals don't have an address or a code.
161  char code_desc[32]; // ", code -6"
162  char addr_desc[32]; // ", fault addr 0x1234"
163  addr_desc[0] = code_desc[0] = 0;
164  if (info != NULL) {
165    // For a rethrown signal, this si_code will be right and the one debuggerd shows will
166    // always be SI_TKILL.
167    snprintf(code_desc, sizeof(code_desc), ", code %d", info->si_code);
168    if (has_address) {
169      snprintf(addr_desc, sizeof(addr_desc), ", fault addr %p", info->si_addr);
170    }
171  }
172  __libc_format_log(ANDROID_LOG_FATAL, "libc",
173                    "Fatal signal %d (%s)%s%s in tid %d (%s)",
174                    signum, signal_name, code_desc, addr_desc, gettid(), thread_name);
175}
176
177/*
178 * Returns true if the handler for signal "signum" has SA_SIGINFO set.
179 */
180static bool have_siginfo(int signum) {
181  struct sigaction old_action, new_action;
182
183  memset(&new_action, 0, sizeof(new_action));
184  new_action.sa_handler = SIG_DFL;
185  new_action.sa_flags = SA_RESTART;
186  sigemptyset(&new_action.sa_mask);
187
188  if (sigaction(signum, &new_action, &old_action) < 0) {
189    __libc_format_log(ANDROID_LOG_WARN, "libc", "Failed testing for SA_SIGINFO: %s",
190                      strerror(errno));
191    return false;
192  }
193  bool result = (old_action.sa_flags & SA_SIGINFO) != 0;
194
195  if (sigaction(signum, &old_action, NULL) == -1) {
196    __libc_format_log(ANDROID_LOG_WARN, "libc", "Restore failed in test for SA_SIGINFO: %s",
197                      strerror(errno));
198  }
199  return result;
200}
201
202/*
203 * Catches fatal signals so we can ask debuggerd to ptrace us before
204 * we crash.
205 */
206void debuggerd_signal_handler(int signal_number, siginfo_t* info, void*) {
207  // It's possible somebody cleared the SA_SIGINFO flag, which would mean
208  // our "info" arg holds an undefined value.
209  if (!have_siginfo(signal_number)) {
210    info = NULL;
211  }
212
213  log_signal_summary(signal_number, info);
214
215  int s = socket_abstract_client(DEBUGGER_SOCKET_NAME, SOCK_STREAM);
216  if (s != -1) {
217    // debuggerd knows our pid from the credentials on the
218    // local socket but we need to tell it the tid of the crashing thread.
219    // debuggerd will be paranoid and verify that we sent a tid
220    // that's actually in our process.
221    debugger_msg_t msg;
222    msg.action = DEBUGGER_ACTION_CRASH;
223    msg.tid = gettid();
224    msg.abort_msg_address = reinterpret_cast<uintptr_t>(gAbortMessage);
225    int ret = TEMP_FAILURE_RETRY(write(s, &msg, sizeof(msg)));
226    if (ret == sizeof(msg)) {
227      // If the write failed, there is no point trying to read a response.
228      char debuggerd_ack;
229      ret = TEMP_FAILURE_RETRY(read(s, &debuggerd_ack, 1));
230      int saved_errno = errno;
231      notify_gdb_of_libraries();
232      errno = saved_errno;
233    }
234
235    if (ret < 0) {
236      // read or write failed -- broken connection?
237      __libc_format_log(ANDROID_LOG_FATAL, "libc", "Failed while talking to debuggerd: %s",
238                        strerror(errno));
239    }
240
241    close(s);
242  } else {
243    // socket failed; maybe process ran out of fds?
244    __libc_format_log(ANDROID_LOG_FATAL, "libc", "Unable to open connection to debuggerd: %s",
245                      strerror(errno));
246  }
247
248  // Remove our net so we fault for real when we return.
249  signal(signal_number, SIG_DFL);
250
251  // These signals are not re-thrown when we resume.  This means that
252  // crashing due to (say) SIGPIPE doesn't work the way you'd expect it
253  // to.  We work around this by throwing them manually.  We don't want
254  // to do this for *all* signals because it'll screw up the address for
255  // faults like SIGSEGV.
256  switch (signal_number) {
257    case SIGABRT:
258    case SIGFPE:
259    case SIGPIPE:
260#if defined(SIGSTKFLT)
261    case SIGSTKFLT:
262#endif
263      tgkill(getpid(), gettid(), signal_number);
264      break;
265    default:    // SIGILL, SIGBUS, SIGSEGV
266      break;
267  }
268}
269
270void debuggerd_init() {
271  struct sigaction action;
272  memset(&action, 0, sizeof(action));
273  sigemptyset(&action.sa_mask);
274  action.sa_sigaction = debuggerd_signal_handler;
275  action.sa_flags = SA_RESTART | SA_SIGINFO;
276
277  // Use the alternate signal stack if available so we can catch stack overflows.
278  action.sa_flags |= SA_ONSTACK;
279
280  sigaction(SIGABRT, &action, NULL);
281  sigaction(SIGBUS, &action, NULL);
282  sigaction(SIGFPE, &action, NULL);
283  sigaction(SIGILL, &action, NULL);
284  sigaction(SIGPIPE, &action, NULL);
285  sigaction(SIGSEGV, &action, NULL);
286#if defined(SIGSTKFLT)
287  sigaction(SIGSTKFLT, &action, NULL);
288#endif
289  sigaction(SIGTRAP, &action, NULL);
290}
291