/* * Copyright 2017 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "debuggerd/handler.h" #include "handler/fallback.h" #include "tombstoned/tombstoned.h" #include "util.h" #include "libdebuggerd/backtrace.h" #include "libdebuggerd/tombstone.h" using android::base::unique_fd; extern "C" bool __linker_enable_fallback_allocator(); extern "C" void __linker_disable_fallback_allocator(); // This file implements a fallback path for processes that do not allow the // normal fork and exec of crash_dump to handle crashes/unwinds. // The issue is that all of this happens from within a signal handler, which // can cause problems since this code uses the linker allocator which is not // thread safe. In order to avoid any problems allocating, the code calls // a function to switch to use a fallback allocator in the linker that will // only be used for the current thread. All of the libunwindstack code does // allocations using C++ stl, but should be fine since the code runs in the // linker and should use the fallback handler. // This method can still fail if the virtual space is exhausted on a 32 bit // process or mmap failing due to hitting the maximum number of maps (65535 // total maps) on a 64 bit process. // Class to handle automatically turning on and off the fallback allocator. class ScopedUseFallbackAllocator { public: ScopedUseFallbackAllocator() { Enable(); } ~ScopedUseFallbackAllocator() { Disable(); } bool Enable() { if (!enabled_) { enabled_ = __linker_enable_fallback_allocator(); if (!enabled_) { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "Unable to enable fallback allocator, already in use."); } } return enabled_; } void Disable() { if (enabled_) { __linker_disable_fallback_allocator(); enabled_ = false; } } bool enabled() { return enabled_; } private: bool enabled_ = false; }; static void debuggerd_fallback_trace(int output_fd, ucontext_t* ucontext) { std::unique_ptr regs; ThreadInfo thread; thread.pid = getpid(); thread.tid = gettid(); thread.thread_name = get_thread_name(gettid()); thread.registers.reset( unwindstack::Regs::CreateFromUcontext(unwindstack::Regs::CurrentArch(), ucontext)); // Do not use the thread cache here because it will call pthread_key_create // which doesn't work in linker code. See b/189803009. // Use a normal cached object because the thread is stopped, and there // is no chance of data changing between reads. auto process_memory = unwindstack::Memory::CreateProcessMemoryCached(getpid()); // TODO: Create this once and store it in a global? unwindstack::AndroidLocalUnwinder unwinder(process_memory); dump_backtrace_thread(output_fd, &unwinder, thread); } static bool forward_output(int src_fd, int dst_fd, pid_t expected_tid) { // Make sure the thread actually got the signal. struct pollfd pfd = { .fd = src_fd, .events = POLLIN, }; // Wait for up to a second for output to start flowing. if (poll(&pfd, 1, 1000) != 1) { return false; } pid_t tid; if (TEMP_FAILURE_RETRY(read(src_fd, &tid, sizeof(tid))) != sizeof(tid)) { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "failed to read tid"); return false; } if (tid != expected_tid) { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "received tid %d, expected %d", tid, expected_tid); return false; } while (true) { char buf[512]; ssize_t rc = TEMP_FAILURE_RETRY(read(src_fd, buf, sizeof(buf))); if (rc == 0) { return true; } else if (rc < 0) { return false; } if (!android::base::WriteFully(dst_fd, buf, rc)) { // We failed to write to tombstoned, but there's not much we can do. // Keep reading from src_fd to keep things going. continue; } } } struct __attribute__((__packed__)) packed_thread_output { int32_t tid; int32_t fd; }; static uint64_t pack_thread_fd(pid_t tid, int fd) { packed_thread_output packed = {.tid = tid, .fd = fd}; uint64_t result; static_assert(sizeof(packed) == sizeof(result)); memcpy(&result, &packed, sizeof(packed)); return result; } static std::pair unpack_thread_fd(uint64_t value) { packed_thread_output result; memcpy(&result, &value, sizeof(value)); return std::make_pair(result.tid, result.fd); } static void trace_handler(siginfo_t* info, ucontext_t* ucontext) { ScopedUseFallbackAllocator allocator; if (!allocator.enabled()) { return; } static std::atomic trace_output(pack_thread_fd(-1, -1)); if (info->si_value.sival_ptr == kDebuggerdFallbackSivalPtrRequestDump) { // Asked to dump by the original signal recipient. uint64_t val = trace_output.load(); auto [tid, fd] = unpack_thread_fd(val); if (tid != gettid()) { // We received some other thread's info request? async_safe_format_log(ANDROID_LOG_ERROR, "libc", "thread %d received output fd for thread %d?", gettid(), tid); return; } if (!trace_output.compare_exchange_strong(val, pack_thread_fd(-1, -1))) { // Presumably, the timeout in forward_output expired, and the main thread moved on. // If this happened, the main thread closed our fd for us, so just return. async_safe_format_log(ANDROID_LOG_ERROR, "libc", "cmpxchg for thread %d failed", gettid()); return; } // Write our tid to the output fd to let the main thread know that we're working. if (TEMP_FAILURE_RETRY(write(fd, &tid, sizeof(tid))) == sizeof(tid)) { debuggerd_fallback_trace(fd, ucontext); } else { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "failed to write to output fd"); } // Stop using the fallback allocator before the close. This will prevent // a race condition where the thread backtracing all of the threads tries // to re-acquire the fallback allocator. allocator.Disable(); close(fd); return; } // Only allow one thread to perform a trace at a time. static std::mutex trace_mutex; if (!trace_mutex.try_lock()) { async_safe_format_log(ANDROID_LOG_INFO, "libc", "trace lock failed"); return; } std::lock_guard scoped_lock(trace_mutex, std::adopt_lock); // Fetch output fd from tombstoned. unique_fd tombstone_socket, output_fd; if (!tombstoned_connect(getpid(), &tombstone_socket, &output_fd, nullptr, kDebuggerdNativeBacktrace)) { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "missing crash_dump_fallback() in selinux policy?"); return; } dump_backtrace_header(output_fd.get()); // Dump our own stack. debuggerd_fallback_trace(output_fd.get(), ucontext); // Send a signal to all of our siblings, asking them to dump their stack. pid_t current_tid = gettid(); if (!iterate_tids(current_tid, [&allocator, &output_fd, ¤t_tid](pid_t tid) { if (current_tid == tid) { return; } if (!allocator.enabled()) { return; } // Use a pipe, to be able to detect situations where the thread gracefully exits before // receiving our signal. unique_fd pipe_read, pipe_write; if (!Pipe(&pipe_read, &pipe_write)) { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "failed to create pipe: %s", strerror(errno)); return; } uint64_t expected = pack_thread_fd(-1, -1); int sent_fd = pipe_write.release(); if (!trace_output.compare_exchange_strong(expected, pack_thread_fd(tid, sent_fd))) { auto [tid, fd] = unpack_thread_fd(expected); async_safe_format_log(ANDROID_LOG_ERROR, "libc", "thread %d is already outputting to fd %d?", tid, fd); close(sent_fd); return; } // Disable our use of the fallback allocator while the target thread // is getting the backtrace. allocator.Disable(); siginfo_t siginfo = {}; siginfo.si_code = SI_QUEUE; siginfo.si_value.sival_ptr = kDebuggerdFallbackSivalPtrRequestDump; siginfo.si_pid = getpid(); siginfo.si_uid = getuid(); if (syscall(__NR_rt_tgsigqueueinfo, getpid(), tid, BIONIC_SIGNAL_DEBUGGER, &siginfo) == 0) { if (!forward_output(pipe_read.get(), output_fd.get(), tid)) { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "timeout expired while waiting for thread %d to dump", tid); } } else { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "failed to send trace signal to %d: %s", tid, strerror(errno)); } // The thread should be finished now, so try and re-enable the fallback allocator. if (!allocator.Enable()) { return; } // Regardless of whether the poll succeeds, check to see if the thread took fd ownership. uint64_t post_wait = trace_output.exchange(pack_thread_fd(-1, -1)); if (post_wait != pack_thread_fd(-1, -1)) { auto [tid, fd] = unpack_thread_fd(post_wait); if (fd != -1) { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "closing fd %d for thread %d", fd, tid); close(fd); } } })) { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "failed to open /proc/%d/task: %s", current_tid, strerror(errno)); } if (allocator.enabled()) { dump_backtrace_footer(output_fd.get()); } tombstoned_notify_completion(tombstone_socket.get()); } static void crash_handler(siginfo_t* info, ucontext_t* ucontext, void* abort_message) { // Only allow one thread to handle a crash at a time (this can happen multiple times without // exit, since tombstones can be requested without a real crash happening.) static std::recursive_mutex crash_mutex; static int lock_count; crash_mutex.lock(); if (lock_count++ > 0) { async_safe_format_log(ANDROID_LOG_ERROR, "libc", "recursed signal handler call, aborting"); signal(SIGABRT, SIG_DFL); raise(SIGABRT); sigset_t sigset; sigemptyset(&sigset); sigaddset(&sigset, SIGABRT); sigprocmask(SIG_UNBLOCK, &sigset, nullptr); // Just in case... async_safe_format_log(ANDROID_LOG_ERROR, "libc", "abort didn't exit, exiting"); _exit(1); } unique_fd tombstone_socket, output_fd, proto_fd; bool tombstoned_connected = tombstoned_connect(getpid(), &tombstone_socket, &output_fd, &proto_fd, kDebuggerdTombstoneProto); { ScopedUseFallbackAllocator allocator; if (allocator.enabled()) { engrave_tombstone_ucontext(output_fd.get(), proto_fd.get(), reinterpret_cast(abort_message), info, ucontext); } } if (tombstoned_connected) { tombstoned_notify_completion(tombstone_socket.get()); } --lock_count; crash_mutex.unlock(); } extern "C" void debuggerd_fallback_handler(siginfo_t* info, ucontext_t* ucontext, void* abort_message) { if (info->si_signo == BIONIC_SIGNAL_DEBUGGER && info->si_value.sival_ptr != nullptr) { return trace_handler(info, ucontext); } else { return crash_handler(info, ucontext, abort_message); } }