1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "dalvik_system_ZygoteHooks.h"
18
19 #include <stdlib.h>
20
21 #include <android-base/logging.h>
22 #include <android-base/stringprintf.h>
23
24 #include "arch/instruction_set.h"
25 #include "art_method-inl.h"
26 #include "base/macros.h"
27 #include "base/mutex.h"
28 #include "base/runtime_debug.h"
29 #include "debugger.h"
30 #include "hidden_api.h"
31 #include "jit/jit.h"
32 #include "jit/jit_code_cache.h"
33 #include "jni/java_vm_ext.h"
34 #include "jni/jni_internal.h"
35 #include "native_util.h"
36 #include "nativehelper/jni_macros.h"
37 #include "nativehelper/scoped_utf_chars.h"
38 #include "non_debuggable_classes.h"
39 #include "oat_file.h"
40 #include "oat_file_manager.h"
41 #include "scoped_thread_state_change-inl.h"
42 #include "stack.h"
43 #include "thread-current-inl.h"
44 #include "thread_list.h"
45 #include "trace.h"
46
47 #include <sys/resource.h>
48
49 namespace art {
50
51 // Set to true to always determine the non-debuggable classes even if we would not allow a debugger
52 // to actually attach.
53 static bool kAlwaysCollectNonDebuggableClasses =
54 RegisterRuntimeDebugFlag(&kAlwaysCollectNonDebuggableClasses);
55
56 using android::base::StringPrintf;
57
58 class ClassSet {
59 public:
60 // The number of classes we reasonably expect to have to look at. Realistically the number is more
61 // ~10 but there is little harm in having some extra.
62 static constexpr int kClassSetCapacity = 100;
63
ClassSet(Thread * const self)64 explicit ClassSet(Thread* const self) : self_(self) {
65 self_->GetJniEnv()->PushFrame(kClassSetCapacity);
66 }
67
~ClassSet()68 ~ClassSet() {
69 self_->GetJniEnv()->PopFrame();
70 }
71
AddClass(ObjPtr<mirror::Class> klass)72 void AddClass(ObjPtr<mirror::Class> klass) REQUIRES(Locks::mutator_lock_) {
73 class_set_.insert(self_->GetJniEnv()->AddLocalReference<jclass>(klass));
74 }
75
GetClasses() const76 const std::unordered_set<jclass>& GetClasses() const {
77 return class_set_;
78 }
79
80 private:
81 Thread* const self_;
82 std::unordered_set<jclass> class_set_;
83 };
84
DoCollectNonDebuggableCallback(Thread * thread,void * data)85 static void DoCollectNonDebuggableCallback(Thread* thread, void* data)
86 REQUIRES(Locks::mutator_lock_) {
87 class NonDebuggableStacksVisitor : public StackVisitor {
88 public:
89 NonDebuggableStacksVisitor(Thread* t, ClassSet* class_set)
90 : StackVisitor(t, nullptr, StackVisitor::StackWalkKind::kIncludeInlinedFrames),
91 class_set_(class_set) {}
92
93 ~NonDebuggableStacksVisitor() override {}
94
95 bool VisitFrame() override REQUIRES(Locks::mutator_lock_) {
96 if (GetMethod()->IsRuntimeMethod()) {
97 return true;
98 }
99 class_set_->AddClass(GetMethod()->GetDeclaringClass());
100 if (kIsDebugBuild) {
101 LOG(INFO) << GetMethod()->GetDeclaringClass()->PrettyClass()
102 << " might not be fully debuggable/deoptimizable due to "
103 << GetMethod()->PrettyMethod() << " appearing on the stack during zygote fork.";
104 }
105 return true;
106 }
107
108 private:
109 ClassSet* class_set_;
110 };
111 NonDebuggableStacksVisitor visitor(thread, reinterpret_cast<ClassSet*>(data));
112 visitor.WalkStack();
113 }
114
CollectNonDebuggableClasses()115 static void CollectNonDebuggableClasses() REQUIRES(!Locks::mutator_lock_) {
116 Runtime* const runtime = Runtime::Current();
117 Thread* const self = Thread::Current();
118 // Get the mutator lock.
119 ScopedObjectAccess soa(self);
120 ClassSet classes(self);
121 {
122 // Drop the shared mutator lock.
123 ScopedThreadSuspension sts(self, art::ThreadState::kNative);
124 // Get exclusive mutator lock with suspend all.
125 ScopedSuspendAll suspend("Checking stacks for non-obsoletable methods!",
126 /*long_suspend=*/false);
127 MutexLock mu(Thread::Current(), *Locks::thread_list_lock_);
128 runtime->GetThreadList()->ForEach(DoCollectNonDebuggableCallback, &classes);
129 }
130 for (jclass klass : classes.GetClasses()) {
131 NonDebuggableClasses::AddNonDebuggableClass(klass);
132 }
133 }
134
135 // Must match values in com.android.internal.os.Zygote.
136 enum {
137 DEBUG_ENABLE_JDWP = 1,
138 DEBUG_ENABLE_CHECKJNI = 1 << 1,
139 DEBUG_ENABLE_ASSERT = 1 << 2,
140 DEBUG_ENABLE_SAFEMODE = 1 << 3,
141 DEBUG_ENABLE_JNI_LOGGING = 1 << 4,
142 DEBUG_GENERATE_DEBUG_INFO = 1 << 5,
143 DEBUG_ALWAYS_JIT = 1 << 6,
144 DEBUG_NATIVE_DEBUGGABLE = 1 << 7,
145 DEBUG_JAVA_DEBUGGABLE = 1 << 8,
146 DISABLE_VERIFIER = 1 << 9,
147 ONLY_USE_TRUSTED_OAT_FILES = 1 << 10, // Formerly ONLY_USE_SYSTEM_OAT_FILES
148 DEBUG_GENERATE_MINI_DEBUG_INFO = 1 << 11,
149 HIDDEN_API_ENFORCEMENT_POLICY_MASK = (1 << 12)
150 | (1 << 13),
151 PROFILE_SYSTEM_SERVER = 1 << 14,
152 PROFILE_FROM_SHELL = 1 << 15,
153 USE_APP_IMAGE_STARTUP_CACHE = 1 << 16,
154 DEBUG_IGNORE_APP_SIGNAL_HANDLER = 1 << 17,
155 DISABLE_TEST_API_ENFORCEMENT_POLICY = 1 << 18,
156 PROFILEABLE = 1 << 24,
157
158 // bits to shift (flags & HIDDEN_API_ENFORCEMENT_POLICY_MASK) by to get a value
159 // corresponding to hiddenapi::EnforcementPolicy
160 API_ENFORCEMENT_POLICY_SHIFT = CTZ(HIDDEN_API_ENFORCEMENT_POLICY_MASK),
161 };
162
EnableDebugFeatures(uint32_t runtime_flags)163 static uint32_t EnableDebugFeatures(uint32_t runtime_flags) {
164 Runtime* const runtime = Runtime::Current();
165 if ((runtime_flags & DEBUG_ENABLE_CHECKJNI) != 0) {
166 JavaVMExt* vm = runtime->GetJavaVM();
167 if (!vm->IsCheckJniEnabled()) {
168 LOG(INFO) << "Late-enabling -Xcheck:jni";
169 vm->SetCheckJniEnabled(true);
170 // There's only one thread running at this point, so only one JNIEnv to fix up.
171 Thread::Current()->GetJniEnv()->SetCheckJniEnabled(true);
172 } else {
173 LOG(INFO) << "Not late-enabling -Xcheck:jni (already on)";
174 }
175 runtime_flags &= ~DEBUG_ENABLE_CHECKJNI;
176 }
177
178 if ((runtime_flags & DEBUG_ENABLE_JNI_LOGGING) != 0) {
179 gLogVerbosity.third_party_jni = true;
180 runtime_flags &= ~DEBUG_ENABLE_JNI_LOGGING;
181 }
182
183 Dbg::SetJdwpAllowed((runtime_flags & DEBUG_ENABLE_JDWP) != 0);
184 runtime_flags &= ~DEBUG_ENABLE_JDWP;
185
186 const bool safe_mode = (runtime_flags & DEBUG_ENABLE_SAFEMODE) != 0;
187 if (safe_mode) {
188 // Only quicken oat files.
189 runtime->AddCompilerOption("--compiler-filter=quicken");
190 runtime->SetSafeMode(true);
191 runtime_flags &= ~DEBUG_ENABLE_SAFEMODE;
192 }
193
194 // This is for backwards compatibility with Dalvik.
195 runtime_flags &= ~DEBUG_ENABLE_ASSERT;
196
197 if ((runtime_flags & DEBUG_ALWAYS_JIT) != 0) {
198 jit::JitOptions* jit_options = runtime->GetJITOptions();
199 CHECK(jit_options != nullptr);
200 Runtime::Current()->DoAndMaybeSwitchInterpreter([=]() {
201 jit_options->SetJitAtFirstUse();
202 });
203 runtime_flags &= ~DEBUG_ALWAYS_JIT;
204 }
205
206 bool needs_non_debuggable_classes = false;
207 if ((runtime_flags & DEBUG_JAVA_DEBUGGABLE) != 0) {
208 runtime->AddCompilerOption("--debuggable");
209 runtime_flags |= DEBUG_GENERATE_MINI_DEBUG_INFO;
210 runtime->SetJavaDebuggable(true);
211 {
212 // Deoptimize the boot image as it may be non-debuggable.
213 ScopedSuspendAll ssa(__FUNCTION__);
214 runtime->DeoptimizeBootImage();
215 }
216 runtime_flags &= ~DEBUG_JAVA_DEBUGGABLE;
217 needs_non_debuggable_classes = true;
218 }
219 if (needs_non_debuggable_classes || kAlwaysCollectNonDebuggableClasses) {
220 CollectNonDebuggableClasses();
221 }
222
223 if ((runtime_flags & DEBUG_NATIVE_DEBUGGABLE) != 0) {
224 runtime->AddCompilerOption("--debuggable");
225 runtime_flags |= DEBUG_GENERATE_DEBUG_INFO;
226 runtime->SetNativeDebuggable(true);
227 runtime_flags &= ~DEBUG_NATIVE_DEBUGGABLE;
228 }
229
230 if ((runtime_flags & DEBUG_GENERATE_MINI_DEBUG_INFO) != 0) {
231 // Generate native minimal debug information to allow backtracing.
232 runtime->AddCompilerOption("--generate-mini-debug-info");
233 runtime_flags &= ~DEBUG_GENERATE_MINI_DEBUG_INFO;
234 }
235
236 if ((runtime_flags & DEBUG_GENERATE_DEBUG_INFO) != 0) {
237 // Generate all native debug information we can (e.g. line-numbers).
238 runtime->AddCompilerOption("--generate-debug-info");
239 runtime_flags &= ~DEBUG_GENERATE_DEBUG_INFO;
240 }
241
242 if ((runtime_flags & DEBUG_IGNORE_APP_SIGNAL_HANDLER) != 0) {
243 runtime->SetSignalHookDebuggable(true);
244 runtime_flags &= ~DEBUG_IGNORE_APP_SIGNAL_HANDLER;
245 }
246
247 runtime->SetProfileableFromShell((runtime_flags & PROFILE_FROM_SHELL) != 0);
248 runtime_flags &= ~PROFILE_FROM_SHELL;
249 runtime->SetProfileable((runtime_flags & PROFILEABLE) != 0);
250 runtime_flags &= ~PROFILEABLE;
251
252 return runtime_flags;
253 }
254
ZygoteHooks_nativePreFork(JNIEnv * env,jclass)255 static jlong ZygoteHooks_nativePreFork(JNIEnv* env, jclass) {
256 Runtime* runtime = Runtime::Current();
257 CHECK(runtime->IsZygote()) << "runtime instance not started with -Xzygote";
258
259 runtime->PreZygoteFork();
260
261 // Grab thread before fork potentially makes Thread::pthread_key_self_ unusable.
262 return reinterpret_cast<jlong>(ThreadForEnv(env));
263 }
264
ZygoteHooks_nativePostZygoteFork(JNIEnv *,jclass)265 static void ZygoteHooks_nativePostZygoteFork(JNIEnv*, jclass) {
266 Runtime::Current()->PostZygoteFork();
267 }
268
ZygoteHooks_nativePostForkSystemServer(JNIEnv * env ATTRIBUTE_UNUSED,jclass klass ATTRIBUTE_UNUSED,jint runtime_flags)269 static void ZygoteHooks_nativePostForkSystemServer(JNIEnv* env ATTRIBUTE_UNUSED,
270 jclass klass ATTRIBUTE_UNUSED,
271 jint runtime_flags) {
272 // Reload the current flags first. In case we need to take actions based on them.
273 Runtime::Current()->ReloadAllFlags(__FUNCTION__);
274
275 // Set the runtime state as the first thing, in case JIT and other services
276 // start querying it.
277 Runtime::Current()->SetAsSystemServer();
278
279 // This JIT code cache for system server is created whilst the runtime is still single threaded.
280 // System server has a window where it can create executable pages for this purpose, but this is
281 // turned off after this hook. Consequently, the only JIT mode supported is the dual-view JIT
282 // where one mapping is R->RW and the other is RX. Single view requires RX->RWX->RX.
283 if (Runtime::Current()->GetJit() != nullptr) {
284 Runtime::Current()->GetJit()->GetCodeCache()->PostForkChildAction(
285 /* is_system_server= */ true, /* is_zygote= */ false);
286 }
287 // Enable profiling if required based on the flags. This is done here instead of in
288 // nativePostForkChild since nativePostForkChild is called after loading the system server oat
289 // files.
290 bool profile_system_server = (runtime_flags & PROFILE_SYSTEM_SERVER) == PROFILE_SYSTEM_SERVER;
291 Runtime::Current()->GetJITOptions()->SetSaveProfilingInfo(profile_system_server);
292 }
293
ZygoteHooks_nativePostForkChild(JNIEnv * env,jclass,jlong token,jint runtime_flags,jboolean is_system_server,jboolean is_zygote,jstring instruction_set)294 static void ZygoteHooks_nativePostForkChild(JNIEnv* env,
295 jclass,
296 jlong token,
297 jint runtime_flags,
298 jboolean is_system_server,
299 jboolean is_zygote,
300 jstring instruction_set) {
301 DCHECK(!(is_system_server && is_zygote));
302 // Reload the current flags first. In case we need to take any updated actions.
303 Runtime::Current()->ReloadAllFlags(__FUNCTION__);
304 // Then, set the runtime state, in case JIT and other services
305 // start querying it.
306 Runtime::Current()->SetAsZygoteChild(is_system_server, is_zygote);
307
308 Thread* thread = reinterpret_cast<Thread*>(token);
309 // Our system thread ID, etc, has changed so reset Thread state.
310 thread->InitAfterFork();
311 runtime_flags = EnableDebugFeatures(runtime_flags);
312 hiddenapi::EnforcementPolicy api_enforcement_policy = hiddenapi::EnforcementPolicy::kDisabled;
313
314 Runtime* runtime = Runtime::Current();
315
316 if ((runtime_flags & DISABLE_VERIFIER) != 0) {
317 runtime->DisableVerifier();
318 runtime_flags &= ~DISABLE_VERIFIER;
319 }
320
321 if ((runtime_flags & ONLY_USE_TRUSTED_OAT_FILES) != 0 || is_system_server) {
322 runtime->GetOatFileManager().SetOnlyUseTrustedOatFiles();
323 runtime_flags &= ~ONLY_USE_TRUSTED_OAT_FILES;
324 }
325
326 api_enforcement_policy = hiddenapi::EnforcementPolicyFromInt(
327 (runtime_flags & HIDDEN_API_ENFORCEMENT_POLICY_MASK) >> API_ENFORCEMENT_POLICY_SHIFT);
328 runtime_flags &= ~HIDDEN_API_ENFORCEMENT_POLICY_MASK;
329
330 if ((runtime_flags & DISABLE_TEST_API_ENFORCEMENT_POLICY) != 0u) {
331 runtime->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kDisabled);
332 } else {
333 runtime->SetTestApiEnforcementPolicy(hiddenapi::EnforcementPolicy::kEnabled);
334 }
335 runtime_flags &= ~DISABLE_TEST_API_ENFORCEMENT_POLICY;
336
337 bool profile_system_server = (runtime_flags & PROFILE_SYSTEM_SERVER) == PROFILE_SYSTEM_SERVER;
338 runtime_flags &= ~PROFILE_SYSTEM_SERVER;
339
340 runtime->SetLoadAppImageStartupCacheEnabled(
341 (runtime_flags & USE_APP_IMAGE_STARTUP_CACHE) != 0u);
342 runtime_flags &= ~USE_APP_IMAGE_STARTUP_CACHE;
343
344 if (runtime_flags != 0) {
345 LOG(ERROR) << StringPrintf("Unknown bits set in runtime_flags: %#x", runtime_flags);
346 }
347
348 runtime->GetHeap()->PostForkChildAction(thread);
349 if (runtime->GetJit() != nullptr) {
350 if (!is_system_server) {
351 // System server already called the JIT cache post fork action in `nativePostForkSystemServer`.
352 runtime->GetJit()->GetCodeCache()->PostForkChildAction(
353 /* is_system_server= */ false, is_zygote);
354 }
355 // This must be called after EnableDebugFeatures.
356 runtime->GetJit()->PostForkChildAction(is_system_server, is_zygote);
357 }
358
359 // Update tracing.
360 if (Trace::GetMethodTracingMode() != TracingMode::kTracingInactive) {
361 Trace::TraceOutputMode output_mode = Trace::GetOutputMode();
362 Trace::TraceMode trace_mode = Trace::GetMode();
363 size_t buffer_size = Trace::GetBufferSize();
364
365 // Just drop it.
366 Trace::Abort();
367
368 // Only restart if it was streaming mode.
369 // TODO: Expose buffer size, so we can also do file mode.
370 if (output_mode == Trace::TraceOutputMode::kStreaming) {
371 static constexpr size_t kMaxProcessNameLength = 100;
372 char name_buf[kMaxProcessNameLength] = {};
373 int rc = pthread_getname_np(pthread_self(), name_buf, kMaxProcessNameLength);
374 std::string proc_name;
375
376 if (rc == 0) {
377 // On success use the pthread name.
378 proc_name = name_buf;
379 }
380
381 if (proc_name.empty() || proc_name == "zygote" || proc_name == "zygote64") {
382 // Either no process name, or the name hasn't been changed, yet. Just use pid.
383 pid_t pid = getpid();
384 proc_name = StringPrintf("%u", static_cast<uint32_t>(pid));
385 }
386
387 std::string trace_file = StringPrintf("/data/misc/trace/%s.trace.bin", proc_name.c_str());
388 Trace::Start(trace_file.c_str(),
389 buffer_size,
390 0, // TODO: Expose flags.
391 output_mode,
392 trace_mode,
393 0); // TODO: Expose interval.
394 if (thread->IsExceptionPending()) {
395 ScopedObjectAccess soa(env);
396 thread->ClearException();
397 }
398 }
399 }
400
401 bool do_hidden_api_checks = api_enforcement_policy != hiddenapi::EnforcementPolicy::kDisabled;
402 DCHECK(!(is_system_server && do_hidden_api_checks))
403 << "SystemServer should be forked with EnforcementPolicy::kDisable";
404 DCHECK(!(is_zygote && do_hidden_api_checks))
405 << "Child zygote processes should be forked with EnforcementPolicy::kDisable";
406 runtime->SetHiddenApiEnforcementPolicy(api_enforcement_policy);
407 runtime->SetDedupeHiddenApiWarnings(true);
408 if (api_enforcement_policy != hiddenapi::EnforcementPolicy::kDisabled &&
409 runtime->GetHiddenApiEventLogSampleRate() != 0) {
410 // Hidden API checks are enabled, and we are sampling access for the event log. Initialize the
411 // random seed, to ensure the sampling is actually random. We do this post-fork, as doing it
412 // pre-fork would result in the same sequence for every forked process.
413 std::srand(static_cast<uint32_t>(NanoTime()));
414 }
415
416 if (instruction_set != nullptr && !is_system_server) {
417 ScopedUtfChars isa_string(env, instruction_set);
418 InstructionSet isa = GetInstructionSetFromString(isa_string.c_str());
419 Runtime::NativeBridgeAction action = Runtime::NativeBridgeAction::kUnload;
420 if (isa != InstructionSet::kNone && isa != kRuntimeISA) {
421 action = Runtime::NativeBridgeAction::kInitialize;
422 }
423 runtime->InitNonZygoteOrPostFork(env, is_system_server, is_zygote, action, isa_string.c_str());
424 } else {
425 runtime->InitNonZygoteOrPostFork(
426 env,
427 is_system_server,
428 is_zygote,
429 Runtime::NativeBridgeAction::kUnload,
430 /*isa=*/ nullptr,
431 profile_system_server);
432 }
433 }
434
ZygoteHooks_startZygoteNoThreadCreation(JNIEnv * env ATTRIBUTE_UNUSED,jclass klass ATTRIBUTE_UNUSED)435 static void ZygoteHooks_startZygoteNoThreadCreation(JNIEnv* env ATTRIBUTE_UNUSED,
436 jclass klass ATTRIBUTE_UNUSED) {
437 Runtime::Current()->SetZygoteNoThreadSection(true);
438 }
439
ZygoteHooks_stopZygoteNoThreadCreation(JNIEnv * env ATTRIBUTE_UNUSED,jclass klass ATTRIBUTE_UNUSED)440 static void ZygoteHooks_stopZygoteNoThreadCreation(JNIEnv* env ATTRIBUTE_UNUSED,
441 jclass klass ATTRIBUTE_UNUSED) {
442 Runtime::Current()->SetZygoteNoThreadSection(false);
443 }
444
ZygoteHooks_nativeZygoteLongSuspendOk(JNIEnv * env ATTRIBUTE_UNUSED,jclass klass ATTRIBUTE_UNUSED)445 static jboolean ZygoteHooks_nativeZygoteLongSuspendOk(JNIEnv* env ATTRIBUTE_UNUSED,
446 jclass klass ATTRIBUTE_UNUSED) {
447 // Indefinite thread suspensions are not OK if we're supposed to be JIT-compiling for other
448 // processes. We only care about JIT compilation that affects other processes. The zygote
449 // itself doesn't run appreciable amounts of Java code when running single-threaded, so
450 // suspending the JIT in non-jit-zygote mode is OK.
451 // TODO: Make this potentially return true once we're done with JIT compilation in JIT Zygote.
452 // Only called in zygote. Thus static is OK here.
453 static bool isJitZygote = jit::Jit::InZygoteUsingJit();
454 static bool explicitlyDisabled = Runtime::Current()->IsJavaZygoteForkLoopRequired();
455 return (isJitZygote || explicitlyDisabled) ? JNI_FALSE : JNI_TRUE;
456 }
457
458
459 static JNINativeMethod gMethods[] = {
460 NATIVE_METHOD(ZygoteHooks, nativePreFork, "()J"),
461 NATIVE_METHOD(ZygoteHooks, nativePostZygoteFork, "()V"),
462 NATIVE_METHOD(ZygoteHooks, nativePostForkSystemServer, "(I)V"),
463 NATIVE_METHOD(ZygoteHooks, nativePostForkChild, "(JIZZLjava/lang/String;)V"),
464 NATIVE_METHOD(ZygoteHooks, nativeZygoteLongSuspendOk, "()Z"),
465 NATIVE_METHOD(ZygoteHooks, startZygoteNoThreadCreation, "()V"),
466 NATIVE_METHOD(ZygoteHooks, stopZygoteNoThreadCreation, "()V"),
467 };
468
register_dalvik_system_ZygoteHooks(JNIEnv * env)469 void register_dalvik_system_ZygoteHooks(JNIEnv* env) {
470 REGISTER_NATIVE_METHODS("dalvik/system/ZygoteHooks");
471 }
472
473 } // namespace art
474