1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *  * Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  *  * Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in
12  *    the documentation and/or other materials provided with the
13  *    distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include <inttypes.h>
30 #include <stdint.h>
31 
32 #include <array>
33 #include <mutex>
34 #include <string>
35 #include <string_view>
36 #include <thread>
37 #include <utility>
38 #include <vector>
39 
40 #include <android/fdsan.h>
41 #include <android/set_abort_message.h>
42 #include <bionic/fdtrack.h>
43 
44 #include <android-base/no_destructor.h>
45 #include <android-base/thread_annotations.h>
46 #include <async_safe/log.h>
47 #include <bionic/reserved_signals.h>
48 
49 #include <unwindstack/AndroidUnwinder.h>
50 
51 struct FdEntry {
52   std::mutex mutex;
53   std::vector<unwindstack::FrameData> backtrace GUARDED_BY(mutex);
54 };
55 
56 extern "C" void fdtrack_dump();
57 extern "C" void fdtrack_dump_fatal();
58 
59 using fdtrack_callback_t = bool (*)(int fd, const char* const* function_names,
60                                     const uint64_t* function_offsets, size_t count, void* arg);
61 extern "C" void fdtrack_iterate(fdtrack_callback_t callback, void* arg);
62 
63 static void fd_hook(android_fdtrack_event* event);
64 
65 // Backtraces for the first 4k file descriptors ought to be enough to diagnose an fd leak.
66 static constexpr size_t kFdTableSize = 4096;
67 
68 // Only unwind up to 32 frames outside of libfdtrack.so.
69 static constexpr size_t kStackDepth = 32;
70 
71 static bool installed = false;
72 static std::array<FdEntry, kFdTableSize> stack_traces [[clang::no_destroy]];
Unwinder()73 static unwindstack::AndroidLocalUnwinder& Unwinder() {
74   // Skip any initial frames from libfdtrack.so.
75   // Also ignore frames from ART (http://b/236197847) because we'd rather spend
76   // our precious few frames on the actual Java calling code rather than the
77   // implementation of JNI!
78   static android::base::NoDestructor<unwindstack::AndroidLocalUnwinder> unwinder(
79       std::vector<std::string>{"libfdtrack.so", "libart.so"});
80   return *unwinder.get();
81 }
82 
ctor()83 __attribute__((constructor)) static void ctor() {
84   for (auto& entry : stack_traces) {
85     entry.backtrace.reserve(kStackDepth);
86   }
87 
88   struct sigaction sa = {};
89   sa.sa_sigaction = [](int, siginfo_t* siginfo, void*) {
90     if (siginfo->si_code == SI_QUEUE && siginfo->si_int == 1) {
91       fdtrack_dump_fatal();
92     } else {
93       fdtrack_dump();
94     }
95   };
96   sa.sa_flags = SA_SIGINFO | SA_ONSTACK;
97   sigaction(BIONIC_SIGNAL_FDTRACK, &sa, nullptr);
98 
99   unwindstack::ErrorData error;
100   if (Unwinder().Initialize(error)) {
101     android_fdtrack_hook_t expected = nullptr;
102     installed = android_fdtrack_compare_exchange_hook(&expected, &fd_hook);
103   }
104 
105   android_fdtrack_set_globally_enabled(true);
106 }
107 
dtor()108 __attribute__((destructor)) static void dtor() {
109   if (installed) {
110     android_fdtrack_hook_t expected = &fd_hook;
111     android_fdtrack_compare_exchange_hook(&expected, nullptr);
112   }
113 }
114 
GetFdEntry(int fd)115 FdEntry* GetFdEntry(int fd) {
116   if (fd >= 0 && fd < static_cast<int>(kFdTableSize)) {
117     return &stack_traces[fd];
118   }
119   return nullptr;
120 }
121 
fd_hook(android_fdtrack_event * event)122 static void fd_hook(android_fdtrack_event* event) {
123   if (event->type == ANDROID_FDTRACK_EVENT_TYPE_CREATE) {
124     if (FdEntry* entry = GetFdEntry(event->fd); entry) {
125       std::lock_guard<std::mutex> lock(entry->mutex);
126       entry->backtrace.clear();
127 
128       unwindstack::AndroidUnwinderData data(kStackDepth);
129       if (Unwinder().Unwind(data)) {
130         entry->backtrace = std::move(data.frames);
131       }
132     }
133   } else if (event->type == ANDROID_FDTRACK_EVENT_TYPE_CLOSE) {
134     if (FdEntry* entry = GetFdEntry(event->fd); entry) {
135       std::lock_guard<std::mutex> lock(entry->mutex);
136       entry->backtrace.clear();
137     }
138   }
139 }
140 
fdtrack_iterate(fdtrack_callback_t callback,void * arg)141 void fdtrack_iterate(fdtrack_callback_t callback, void* arg) {
142   bool prev = android_fdtrack_set_enabled(false);
143 
144   for (int fd = 0; fd < static_cast<int>(stack_traces.size()); ++fd) {
145     const char* function_names[kStackDepth];
146     uint64_t function_offsets[kStackDepth];
147     FdEntry* entry = GetFdEntry(fd);
148     if (!entry) {
149       continue;
150     }
151 
152     if (!entry->mutex.try_lock()) {
153       async_safe_format_log(ANDROID_LOG_WARN, "fdtrack", "fd %d locked, skipping", fd);
154       continue;
155     }
156 
157     if (entry->backtrace.empty()) {
158       entry->mutex.unlock();
159       continue;
160     } else if (entry->backtrace.size() < 2) {
161       async_safe_format_log(ANDROID_LOG_WARN, "fdtrack", "fd %d missing frames: size = %zu", fd,
162                             entry->backtrace.size());
163 
164       entry->mutex.unlock();
165       continue;
166     }
167 
168     for (size_t i = 0; i < entry->backtrace.size(); ++i) {
169       function_names[i] = entry->backtrace[i].function_name.c_str();
170       function_offsets[i] = entry->backtrace[i].function_offset;
171     }
172 
173     bool should_continue =
174         callback(fd, function_names, function_offsets, entry->backtrace.size(), arg);
175 
176     entry->mutex.unlock();
177 
178     if (!should_continue) {
179       break;
180     }
181   }
182 
183   android_fdtrack_set_enabled(prev);
184 }
185 
hash_stack(const char * const * function_names,const uint64_t * function_offsets,size_t stack_depth)186 static size_t hash_stack(const char* const* function_names, const uint64_t* function_offsets,
187                          size_t stack_depth) {
188   size_t hash = 0;
189   for (size_t i = 0; i < stack_depth; ++i) {
190     // To future maintainers: if a libc++ update ever makes this invalid, replace this with +.
191     hash = std::__hash_combine(hash, std::hash<std::string_view>()(function_names[i]));
192     hash = std::__hash_combine(hash, std::hash<uint64_t>()(function_offsets[i]));
193   }
194   return hash;
195 }
196 
fdtrack_dump_impl(bool fatal)197 static void fdtrack_dump_impl(bool fatal) {
198   if (!installed) {
199     async_safe_format_log(ANDROID_LOG_INFO, "fdtrack", "fdtrack not installed");
200   } else {
201     async_safe_format_log(ANDROID_LOG_INFO, "fdtrack", "fdtrack dumping...");
202   }
203 
204   // If we're aborting, identify the most common stack in the hopes that it's the culprit,
205   // and emit that in the abort message so crash reporting can separate different fd leaks out.
206   // This is horrible and quadratic, but we need to avoid allocation since this can happen in
207   // response to a signal generated asynchronously. We're only going to dump 1k fds by default,
208   // and we're about to blow up the entire system, so this isn't too expensive.
209   struct StackInfo {
210     size_t hash = 0;
211     size_t count = 0;
212 
213     size_t stack_depth = 0;
214     const char* function_names[kStackDepth];
215     uint64_t function_offsets[kStackDepth];
216   };
217   struct StackList {
218     size_t count = 0;
219     std::array<StackInfo, 128> data;
220   };
221   static StackList stacks;
222 
223   fdtrack_iterate(
224       [](int fd, const char* const* function_names, const uint64_t* function_offsets,
225          size_t stack_depth, void* stacks_ptr) {
226         auto stacks = static_cast<StackList*>(stacks_ptr);
227         uint64_t fdsan_owner = android_fdsan_get_owner_tag(fd);
228         if (fdsan_owner != 0) {
229           async_safe_format_log(ANDROID_LOG_INFO, "fdtrack", "fd %d: (owner = 0x%" PRIx64 ")", fd,
230                                 fdsan_owner);
231         } else {
232           async_safe_format_log(ANDROID_LOG_INFO, "fdtrack", "fd %d: (unowned)", fd);
233         }
234 
235         for (size_t i = 0; i < stack_depth; ++i) {
236           async_safe_format_log(ANDROID_LOG_INFO, "fdtrack", "  %zu: %s+%" PRIu64, i,
237                                 function_names[i], function_offsets[i]);
238         }
239 
240         if (stacks) {
241           size_t hash = hash_stack(function_names, function_offsets, stack_depth);
242           bool found_stack = false;
243           for (size_t i = 0; i < stacks->count; ++i) {
244             if (stacks->data[i].hash == hash) {
245               ++stacks->data[i].count;
246               found_stack = true;
247               break;
248             }
249           }
250 
251           if (!found_stack) {
252             if (stacks->count < stacks->data.size()) {
253               auto& stack = stacks->data[stacks->count++];
254               stack.hash = hash;
255               stack.count = 1;
256               stack.stack_depth = stack_depth;
257               for (size_t i = 0; i < stack_depth; ++i) {
258                 stack.function_names[i] = function_names[i];
259                 stack.function_offsets[i] = function_offsets[i];
260               }
261             }
262           }
263         }
264 
265         return true;
266       },
267       fatal ? &stacks : nullptr);
268 
269   if (fatal) {
270     // Find the most common stack.
271     size_t max = 0;
272     StackInfo* stack = nullptr;
273     for (size_t i = 0; i < stacks.count; ++i) {
274       if (stacks.data[i].count > max) {
275         stack = &stacks.data[i];
276         max = stack->count;
277       }
278     }
279 
280     static char buf[1024];
281 
282     if (!stack) {
283       async_safe_format_buffer(buf, sizeof(buf),
284                                "aborting due to fd leak: see \"open files\" in the tombstone; "
285                                "no stacks?!");
286     } else {
287       char* p = buf;
288       p += async_safe_format_buffer(buf, sizeof(buf),
289                                     "aborting due to fd leak: see \"open files\" in the tombstone; "
290                                     "most common stack (%zu/%zu) is\n", max, stacks.count);
291 
292       for (size_t i = 0; i < stack->stack_depth; ++i) {
293         ssize_t bytes_left = buf + sizeof(buf) - p;
294         if (bytes_left > 0) {
295           p += async_safe_format_buffer(p, buf + sizeof(buf) - p, "  %zu: %s+%" PRIu64 "\n", i,
296                                         stack->function_names[i], stack->function_offsets[i]);
297         }
298       }
299     }
300 
301     android_set_abort_message(buf);
302 
303     // Abort on a different thread to avoid ART dumping runtime stacks.
304     std::thread([]() { abort(); }).join();
305   }
306 }
307 
fdtrack_dump()308 void fdtrack_dump() {
309   fdtrack_dump_impl(false);
310 }
311 
fdtrack_dump_fatal()312 void fdtrack_dump_fatal() {
313   fdtrack_dump_impl(true);
314 }
315