1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "src/profiling/memory/unwinding.h"
18 
19 #include <sys/types.h>
20 #include <unistd.h>
21 
22 #include <unwindstack/MachineArm.h>
23 #include <unwindstack/MachineArm64.h>
24 #include <unwindstack/MachineMips.h>
25 #include <unwindstack/MachineMips64.h>
26 #include <unwindstack/MachineX86.h>
27 #include <unwindstack/MachineX86_64.h>
28 #include <unwindstack/Maps.h>
29 #include <unwindstack/Memory.h>
30 #include <unwindstack/Regs.h>
31 #include <unwindstack/RegsArm.h>
32 #include <unwindstack/RegsArm64.h>
33 #include <unwindstack/RegsMips.h>
34 #include <unwindstack/RegsMips64.h>
35 #include <unwindstack/RegsX86.h>
36 #include <unwindstack/RegsX86_64.h>
37 #include <unwindstack/Unwinder.h>
38 #include <unwindstack/UserArm.h>
39 #include <unwindstack/UserArm64.h>
40 #include <unwindstack/UserMips.h>
41 #include <unwindstack/UserMips64.h>
42 #include <unwindstack/UserX86.h>
43 #include <unwindstack/UserX86_64.h>
44 
45 #include <procinfo/process_map.h>
46 
47 #include "perfetto/base/file_utils.h"
48 #include "perfetto/base/logging.h"
49 #include "perfetto/base/scoped_file.h"
50 #include "perfetto/base/string_utils.h"
51 #include "perfetto/base/task_runner.h"
52 #include "perfetto/base/thread_task_runner.h"
53 #include "src/profiling/memory/wire_protocol.h"
54 
55 namespace perfetto {
56 namespace profiling {
57 namespace {
58 
59 constexpr size_t kMaxFrames = 1000;
60 
61 // We assume average ~300us per unwind. If we handle up to 1000 unwinds, this
62 // makes sure other tasks get to be run at least every 300ms if the unwinding
63 // saturates this thread.
64 constexpr size_t kUnwindBatchSize = 1000;
65 
66 #pragma GCC diagnostic push
67 // We do not care about deterministic destructor order.
68 #pragma GCC diagnostic ignored "-Wglobal-constructors"
69 #pragma GCC diagnostic ignored "-Wexit-time-destructors"
70 static std::vector<std::string> kSkipMaps{"heapprofd_client.so"};
71 #pragma GCC diagnostic pop
72 
CreateFromRawData(unwindstack::ArchEnum arch,void * raw_data)73 std::unique_ptr<unwindstack::Regs> CreateFromRawData(unwindstack::ArchEnum arch,
74                                                      void* raw_data) {
75   std::unique_ptr<unwindstack::Regs> ret;
76   // unwindstack::RegsX::Read returns a raw ptr which we are expected to free.
77   switch (arch) {
78     case unwindstack::ARCH_X86:
79       ret.reset(unwindstack::RegsX86::Read(raw_data));
80       break;
81     case unwindstack::ARCH_X86_64:
82       ret.reset(unwindstack::RegsX86_64::Read(raw_data));
83       break;
84     case unwindstack::ARCH_ARM:
85       ret.reset(unwindstack::RegsArm::Read(raw_data));
86       break;
87     case unwindstack::ARCH_ARM64:
88       ret.reset(unwindstack::RegsArm64::Read(raw_data));
89       break;
90     case unwindstack::ARCH_MIPS:
91       ret.reset(unwindstack::RegsMips::Read(raw_data));
92       break;
93     case unwindstack::ARCH_MIPS64:
94       ret.reset(unwindstack::RegsMips64::Read(raw_data));
95       break;
96     case unwindstack::ARCH_UNKNOWN:
97       ret.reset(nullptr);
98       break;
99   }
100   return ret;
101 }
102 
103 // Behaves as a pread64, emulating it if not already exposed by the standard
104 // library. Safe to use on 32bit platforms for addresses with the top bit set.
105 // Clobbers the |fd| seek position if emulating.
ReadAtOffsetClobberSeekPos(int fd,void * buf,size_t count,uint64_t addr)106 ssize_t ReadAtOffsetClobberSeekPos(int fd,
107                                    void* buf,
108                                    size_t count,
109                                    uint64_t addr) {
110 #ifdef __BIONIC__
111   return pread64(fd, buf, count, static_cast<off64_t>(addr));
112 #else
113   if (lseek64(fd, static_cast<off64_t>(addr), SEEK_SET) == -1)
114     return -1;
115   return read(fd, buf, count);
116 #endif
117 }
118 
119 }  // namespace
120 
StackOverlayMemory(std::shared_ptr<unwindstack::Memory> mem,uint64_t sp,uint8_t * stack,size_t size)121 StackOverlayMemory::StackOverlayMemory(std::shared_ptr<unwindstack::Memory> mem,
122                                        uint64_t sp,
123                                        uint8_t* stack,
124                                        size_t size)
125     : mem_(std::move(mem)), sp_(sp), stack_end_(sp + size), stack_(stack) {}
126 
Read(uint64_t addr,void * dst,size_t size)127 size_t StackOverlayMemory::Read(uint64_t addr, void* dst, size_t size) {
128   if (addr >= sp_ && addr + size <= stack_end_ && addr + size > sp_) {
129     size_t offset = static_cast<size_t>(addr - sp_);
130     memcpy(dst, stack_ + offset, size);
131     return size;
132   }
133 
134   return mem_->Read(addr, dst, size);
135 }
136 
FDMemory(base::ScopedFile mem_fd)137 FDMemory::FDMemory(base::ScopedFile mem_fd) : mem_fd_(std::move(mem_fd)) {}
138 
Read(uint64_t addr,void * dst,size_t size)139 size_t FDMemory::Read(uint64_t addr, void* dst, size_t size) {
140   ssize_t rd = ReadAtOffsetClobberSeekPos(*mem_fd_, dst, size, addr);
141   if (rd == -1) {
142     PERFETTO_DPLOG("read of %zu at offset %" PRIu64, size, addr);
143     return 0;
144   }
145   return static_cast<size_t>(rd);
146 }
147 
FileDescriptorMaps(base::ScopedFile fd)148 FileDescriptorMaps::FileDescriptorMaps(base::ScopedFile fd)
149     : fd_(std::move(fd)) {}
150 
Parse()151 bool FileDescriptorMaps::Parse() {
152   // If the process has already exited, lseek or ReadFileDescriptor will
153   // return false.
154   if (lseek(*fd_, 0, SEEK_SET) == -1)
155     return false;
156 
157   std::string content;
158   if (!base::ReadFileDescriptor(*fd_, &content))
159     return false;
160   return android::procinfo::ReadMapFileContent(
161       &content[0], [&](uint64_t start, uint64_t end, uint16_t flags,
162                        uint64_t pgoff, ino_t, const char* name) {
163         // Mark a device map in /dev/ and not in /dev/ashmem/ specially.
164         if (strncmp(name, "/dev/", 5) == 0 &&
165             strncmp(name + 5, "ashmem/", 7) != 0) {
166           flags |= unwindstack::MAPS_FLAGS_DEVICE_MAP;
167         }
168         unwindstack::MapInfo* prev_map =
169             maps_.empty() ? nullptr : maps_.back().get();
170         maps_.emplace_back(
171             new unwindstack::MapInfo(prev_map, start, end, pgoff, flags, name));
172       });
173 }
174 
Reset()175 void FileDescriptorMaps::Reset() {
176   maps_.clear();
177 }
178 
DoUnwind(WireMessage * msg,UnwindingMetadata * metadata,AllocRecord * out)179 bool DoUnwind(WireMessage* msg, UnwindingMetadata* metadata, AllocRecord* out) {
180   AllocMetadata* alloc_metadata = msg->alloc_header;
181   std::unique_ptr<unwindstack::Regs> regs(
182       CreateFromRawData(alloc_metadata->arch, alloc_metadata->register_data));
183   if (regs == nullptr) {
184     PERFETTO_DLOG("Unable to construct unwindstack::Regs");
185     unwindstack::FrameData frame_data{};
186     frame_data.function_name = "ERROR READING REGISTERS";
187     frame_data.map_name = "ERROR";
188 
189     out->frames.emplace_back(frame_data, "");
190     out->error = true;
191     return false;
192   }
193   uint8_t* stack = reinterpret_cast<uint8_t*>(msg->payload);
194   std::shared_ptr<unwindstack::Memory> mems =
195       std::make_shared<StackOverlayMemory>(metadata->fd_mem,
196                                            alloc_metadata->stack_pointer, stack,
197                                            msg->payload_size);
198 
199   unwindstack::Unwinder unwinder(kMaxFrames, &metadata->maps, regs.get(), mems);
200 #if PERFETTO_BUILDFLAG(PERFETTO_ANDROID_BUILD)
201   unwinder.SetJitDebug(metadata->jit_debug.get(), regs->Arch());
202   unwinder.SetDexFiles(metadata->dex_files.get(), regs->Arch());
203 #endif
204   // Surpress incorrect "variable may be uninitialized" error for if condition
205   // after this loop. error_code = LastErrorCode gets run at least once.
206   uint8_t error_code = 0;
207   for (int attempt = 0; attempt < 2; ++attempt) {
208     if (attempt > 0) {
209       PERFETTO_DLOG("Reparsing maps");
210       metadata->ReparseMaps();
211       out->reparsed_map = true;
212 #if PERFETTO_BUILDFLAG(PERFETTO_ANDROID_BUILD)
213       unwinder.SetJitDebug(metadata->jit_debug.get(), regs->Arch());
214       unwinder.SetDexFiles(metadata->dex_files.get(), regs->Arch());
215 #endif
216     }
217     unwinder.Unwind(&kSkipMaps, nullptr);
218     error_code = unwinder.LastErrorCode();
219     if (error_code != unwindstack::ERROR_INVALID_MAP)
220       break;
221   }
222   std::vector<unwindstack::FrameData> frames = unwinder.ConsumeFrames();
223   for (unwindstack::FrameData& fd : frames) {
224     std::string build_id;
225     if (fd.map_name != "") {
226       unwindstack::MapInfo* map_info = metadata->maps.Find(fd.pc);
227       if (map_info)
228         build_id = map_info->GetBuildID();
229     }
230 
231     out->frames.emplace_back(std::move(fd), std::move(build_id));
232   }
233 
234   if (error_code != 0) {
235     PERFETTO_DLOG("Unwinding error %" PRIu8, error_code);
236     unwindstack::FrameData frame_data{};
237     frame_data.function_name = "ERROR " + std::to_string(error_code);
238     frame_data.map_name = "ERROR";
239 
240     out->frames.emplace_back(frame_data, "");
241     out->error = true;
242   }
243   return true;
244 }
245 
OnDisconnect(base::UnixSocket * self)246 void UnwindingWorker::OnDisconnect(base::UnixSocket* self) {
247   // TODO(fmayer): Maybe try to drain shmem one last time.
248   auto it = client_data_.find(self->peer_pid());
249   if (it == client_data_.end()) {
250     PERFETTO_DFATAL("Disconnected unexpecter socket.");
251     return;
252   }
253   ClientData& client_data = it->second;
254   SharedRingBuffer& shmem = client_data.shmem;
255 
256   // Currently, these stats are used to determine whether the application
257   // disconnected due to an error condition (i.e. buffer overflow) or
258   // volutarily. Because a buffer overflow leads to an immediate disconnect, we
259   // do not need these stats when heapprofd tears down the tracing session.
260   //
261   // TODO(fmayer): We should make it that normal disconnects also go through
262   // this code path, so we can write other stats to the result. This will also
263   // allow us to free the bookkeeping data earlier for processes that exit
264   // during the session. See TODO in
265   // HeapprofdProducer::HandleSocketDisconnected.
266   SharedRingBuffer::Stats stats = {};
267   {
268     auto lock = shmem.AcquireLock(ScopedSpinlock::Mode::Try);
269     if (lock.locked())
270       stats = shmem.GetStats(lock);
271     else
272       PERFETTO_ELOG("Failed to log shmem to get stats.");
273   }
274   DataSourceInstanceID ds_id = client_data.data_source_instance_id;
275   pid_t peer_pid = self->peer_pid();
276   client_data_.erase(it);
277   // The erase invalidates the self pointer.
278   self = nullptr;
279   delegate_->PostSocketDisconnected(ds_id, peer_pid, stats);
280 }
281 
OnDataAvailable(base::UnixSocket * self)282 void UnwindingWorker::OnDataAvailable(base::UnixSocket* self) {
283   // Drain buffer to clear the notification.
284   char recv_buf[kUnwindBatchSize];
285   self->Receive(recv_buf, sizeof(recv_buf));
286   HandleUnwindBatch(self->peer_pid());
287 }
288 
HandleUnwindBatch(pid_t peer_pid)289 void UnwindingWorker::HandleUnwindBatch(pid_t peer_pid) {
290   auto it = client_data_.find(peer_pid);
291   if (it == client_data_.end()) {
292     // This can happen if the client disconnected before the buffer was fully
293     // handled.
294     PERFETTO_DLOG("Unexpected data.");
295     return;
296   }
297 
298   ClientData& client_data = it->second;
299   SharedRingBuffer& shmem = client_data.shmem;
300   SharedRingBuffer::Buffer buf;
301 
302   size_t i;
303   bool repost_task = false;
304   for (i = 0; i < kUnwindBatchSize; ++i) {
305     uint64_t reparses_before = client_data.metadata.reparses;
306     // TODO(fmayer): Allow spinlock acquisition to fail and repost Task if it
307     // did.
308     buf = shmem.BeginRead();
309     if (!buf)
310       break;
311     HandleBuffer(buf, &client_data.metadata,
312                  client_data.data_source_instance_id,
313                  client_data.sock->peer_pid(), delegate_);
314     shmem.EndRead(std::move(buf));
315     // Reparsing takes time, so process the rest in a new batch to avoid timing
316     // out.
317     // TODO(fmayer): Do not special case blocking mode.
318     if (client_data.client_config.block_client &&
319         reparses_before < client_data.metadata.reparses) {
320       repost_task = true;
321       break;
322     }
323   }
324 
325   // Always repost if we have gone through the whole batch.
326   if (i == kUnwindBatchSize)
327     repost_task = true;
328 
329   if (repost_task) {
330     thread_task_runner_.get()->PostTask(
331         [this, peer_pid] { HandleUnwindBatch(peer_pid); });
332   }
333 }
334 
335 // static
HandleBuffer(const SharedRingBuffer::Buffer & buf,UnwindingMetadata * unwinding_metadata,DataSourceInstanceID data_source_instance_id,pid_t peer_pid,Delegate * delegate)336 void UnwindingWorker::HandleBuffer(const SharedRingBuffer::Buffer& buf,
337                                    UnwindingMetadata* unwinding_metadata,
338                                    DataSourceInstanceID data_source_instance_id,
339                                    pid_t peer_pid,
340                                    Delegate* delegate) {
341   WireMessage msg;
342   // TODO(fmayer): standardise on char* or uint8_t*.
343   // char* has stronger guarantees regarding aliasing.
344   // see https://timsong-cpp.github.io/cppwp/n3337/basic.lval#10.8
345   if (!ReceiveWireMessage(reinterpret_cast<char*>(buf.data), buf.size, &msg)) {
346     PERFETTO_DFATAL("Failed to receive wire message.");
347     return;
348   }
349 
350   if (msg.record_type == RecordType::Malloc) {
351     AllocRecord rec;
352     rec.alloc_metadata = *msg.alloc_header;
353     rec.pid = peer_pid;
354     rec.data_source_instance_id = data_source_instance_id;
355     auto start_time_us = base::GetWallTimeNs() / 1000;
356     DoUnwind(&msg, unwinding_metadata, &rec);
357     rec.unwinding_time_us = static_cast<uint64_t>(
358         ((base::GetWallTimeNs() / 1000) - start_time_us).count());
359     delegate->PostAllocRecord(std::move(rec));
360   } else if (msg.record_type == RecordType::Free) {
361     FreeRecord rec;
362     rec.pid = peer_pid;
363     rec.data_source_instance_id = data_source_instance_id;
364     // We need to copy this, so we can return the memory to the shmem buffer.
365     memcpy(&rec.free_batch, msg.free_header, sizeof(*msg.free_header));
366     delegate->PostFreeRecord(std::move(rec));
367   } else {
368     PERFETTO_DFATAL("Invalid record type.");
369   }
370 }
371 
PostHandoffSocket(HandoffData handoff_data)372 void UnwindingWorker::PostHandoffSocket(HandoffData handoff_data) {
373   // Even with C++14, this cannot be moved, as std::function has to be
374   // copyable, which HandoffData is not.
375   HandoffData* raw_data = new HandoffData(std::move(handoff_data));
376   // We do not need to use a WeakPtr here because the task runner will not
377   // outlive its UnwindingWorker.
378   thread_task_runner_.get()->PostTask([this, raw_data] {
379     HandoffData data = std::move(*raw_data);
380     delete raw_data;
381     HandleHandoffSocket(std::move(data));
382   });
383 }
384 
HandleHandoffSocket(HandoffData handoff_data)385 void UnwindingWorker::HandleHandoffSocket(HandoffData handoff_data) {
386   auto sock = base::UnixSocket::AdoptConnected(
387       handoff_data.sock.ReleaseFd(), this, this->thread_task_runner_.get(),
388       base::SockType::kStream);
389   pid_t peer_pid = sock->peer_pid();
390 
391   UnwindingMetadata metadata(peer_pid,
392                              std::move(handoff_data.fds[kHandshakeMaps]),
393                              std::move(handoff_data.fds[kHandshakeMem]));
394   ClientData client_data{
395       handoff_data.data_source_instance_id,
396       std::move(sock),
397       std::move(metadata),
398       std::move(handoff_data.shmem),
399       std::move(handoff_data.client_config),
400   };
401   client_data_.emplace(peer_pid, std::move(client_data));
402 }
403 
PostDisconnectSocket(pid_t pid)404 void UnwindingWorker::PostDisconnectSocket(pid_t pid) {
405   // We do not need to use a WeakPtr here because the task runner will not
406   // outlive its UnwindingWorker.
407   thread_task_runner_.get()->PostTask(
408       [this, pid] { HandleDisconnectSocket(pid); });
409 }
410 
HandleDisconnectSocket(pid_t pid)411 void UnwindingWorker::HandleDisconnectSocket(pid_t pid) {
412   client_data_.erase(pid);
413 }
414 
415 UnwindingWorker::Delegate::~Delegate() = default;
416 
417 }  // namespace profiling
418 }  // namespace perfetto
419