1 /*
2  * Copyright (C) 2008 The Android Open Source Project
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *  * Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  *  * Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in
12  *    the documentation and/or other materials provided with the
13  *    distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include "linker.h"
30 #include "linker_gdb_support.h"
31 
32 #include <errno.h>
33 #include <inttypes.h>
34 #include <pthread.h>
35 #include <signal.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <sys/mman.h>
40 #include <sys/prctl.h>
41 #include <sys/socket.h>
42 #include <sys/syscall.h>
43 #include <sys/un.h>
44 #include <unistd.h>
45 
46 extern "C" int tgkill(int tgid, int tid, int sig);
47 
48 // Crash actions have to be sent to the proper debuggerd.
49 // On 64 bit systems, the 32 bit debuggerd is named differently.
50 #if defined(TARGET_IS_64_BIT) && !defined(__LP64__)
51 #define DEBUGGER_SOCKET_NAME "android:debuggerd32"
52 #else
53 #define DEBUGGER_SOCKET_NAME "android:debuggerd"
54 #endif
55 
56 enum debugger_action_t {
57   // dump a crash
58   DEBUGGER_ACTION_CRASH,
59   // dump a tombstone file
60   DEBUGGER_ACTION_DUMP_TOMBSTONE,
61   // dump a backtrace only back to the socket
62   DEBUGGER_ACTION_DUMP_BACKTRACE,
63 };
64 
65 // Message sent over the socket.
66 // NOTE: Any changes to this structure must also be reflected in
67 //       system/core/include/cutils/debugger.h.
68 struct __attribute__((packed)) debugger_msg_t {
69   int32_t action;
70   pid_t tid;
71   uint64_t abort_msg_address;
72   int32_t original_si_code;
73 };
74 
75 // see man(2) prctl, specifically the section about PR_GET_NAME
76 #define MAX_TASK_NAME_LEN (16)
77 
socket_abstract_client(const char * name,int type)78 static int socket_abstract_client(const char* name, int type) {
79   sockaddr_un addr;
80 
81   // Test with length +1 for the *initial* '\0'.
82   size_t namelen = strlen(name);
83   if ((namelen + 1) > sizeof(addr.sun_path)) {
84     errno = EINVAL;
85     return -1;
86   }
87 
88   // This is used for abstract socket namespace, we need
89   // an initial '\0' at the start of the Unix socket path.
90   //
91   // Note: The path in this case is *not* supposed to be
92   // '\0'-terminated. ("man 7 unix" for the gory details.)
93   memset(&addr, 0, sizeof(addr));
94   addr.sun_family = AF_LOCAL;
95   addr.sun_path[0] = 0;
96   memcpy(addr.sun_path + 1, name, namelen);
97 
98   socklen_t alen = namelen + offsetof(sockaddr_un, sun_path) + 1;
99 
100   int s = socket(AF_LOCAL, type, 0);
101   if (s == -1) {
102     return -1;
103   }
104 
105   int rc = TEMP_FAILURE_RETRY(connect(s, reinterpret_cast<sockaddr*>(&addr), alen));
106   if (rc == -1) {
107     close(s);
108     return -1;
109   }
110 
111   return s;
112 }
113 
114 /*
115  * Writes a summary of the signal to the log file.  We do this so that, if
116  * for some reason we're not able to contact debuggerd, there is still some
117  * indication of the failure in the log.
118  *
119  * We could be here as a result of native heap corruption, or while a
120  * mutex is being held, so we don't want to use any libc functions that
121  * could allocate memory or hold a lock.
122  */
log_signal_summary(int signum,const siginfo_t * info)123 static void log_signal_summary(int signum, const siginfo_t* info) {
124   const char* signal_name = "???";
125   bool has_address = false;
126   switch (signum) {
127     case SIGABRT:
128       signal_name = "SIGABRT";
129       break;
130     case SIGBUS:
131       signal_name = "SIGBUS";
132       has_address = true;
133       break;
134     case SIGFPE:
135       signal_name = "SIGFPE";
136       has_address = true;
137       break;
138     case SIGILL:
139       signal_name = "SIGILL";
140       has_address = true;
141       break;
142     case SIGSEGV:
143       signal_name = "SIGSEGV";
144       has_address = true;
145       break;
146 #if defined(SIGSTKFLT)
147     case SIGSTKFLT:
148       signal_name = "SIGSTKFLT";
149       break;
150 #endif
151     case SIGTRAP:
152       signal_name = "SIGTRAP";
153       break;
154   }
155 
156   char thread_name[MAX_TASK_NAME_LEN + 1]; // one more for termination
157   if (prctl(PR_GET_NAME, reinterpret_cast<unsigned long>(thread_name), 0, 0, 0) != 0) {
158     strcpy(thread_name, "<name unknown>");
159   } else {
160     // short names are null terminated by prctl, but the man page
161     // implies that 16 byte names are not.
162     thread_name[MAX_TASK_NAME_LEN] = 0;
163   }
164 
165   // "info" will be null if the siginfo_t information was not available.
166   // Many signals don't have an address or a code.
167   char code_desc[32]; // ", code -6"
168   char addr_desc[32]; // ", fault addr 0x1234"
169   addr_desc[0] = code_desc[0] = 0;
170   if (info != nullptr) {
171     // For a rethrown signal, this si_code will be right and the one debuggerd shows will
172     // always be SI_TKILL.
173     __libc_format_buffer(code_desc, sizeof(code_desc), ", code %d", info->si_code);
174     if (has_address) {
175       __libc_format_buffer(addr_desc, sizeof(addr_desc), ", fault addr %p", info->si_addr);
176     }
177   }
178   __libc_format_log(ANDROID_LOG_FATAL, "libc",
179                     "Fatal signal %d (%s)%s%s in tid %d (%s)",
180                     signum, signal_name, code_desc, addr_desc, gettid(), thread_name);
181 }
182 
183 /*
184  * Returns true if the handler for signal "signum" has SA_SIGINFO set.
185  */
have_siginfo(int signum)186 static bool have_siginfo(int signum) {
187   struct sigaction old_action, new_action;
188 
189   memset(&new_action, 0, sizeof(new_action));
190   new_action.sa_handler = SIG_DFL;
191   new_action.sa_flags = SA_RESTART;
192   sigemptyset(&new_action.sa_mask);
193 
194   if (sigaction(signum, &new_action, &old_action) < 0) {
195     __libc_format_log(ANDROID_LOG_WARN, "libc", "Failed testing for SA_SIGINFO: %s",
196                       strerror(errno));
197     return false;
198   }
199   bool result = (old_action.sa_flags & SA_SIGINFO) != 0;
200 
201   if (sigaction(signum, &old_action, nullptr) == -1) {
202     __libc_format_log(ANDROID_LOG_WARN, "libc", "Restore failed in test for SA_SIGINFO: %s",
203                       strerror(errno));
204   }
205   return result;
206 }
207 
send_debuggerd_packet(siginfo_t * info)208 static void send_debuggerd_packet(siginfo_t* info) {
209   // Mutex to prevent multiple crashing threads from trying to talk
210   // to debuggerd at the same time.
211   static pthread_mutex_t crash_mutex = PTHREAD_MUTEX_INITIALIZER;
212   int ret = pthread_mutex_trylock(&crash_mutex);
213   if (ret != 0) {
214     if (ret == EBUSY) {
215       __libc_format_log(ANDROID_LOG_INFO, "libc",
216           "Another thread contacted debuggerd first; not contacting debuggerd.");
217       // This will never complete since the lock is never released.
218       pthread_mutex_lock(&crash_mutex);
219     } else {
220       __libc_format_log(ANDROID_LOG_INFO, "libc",
221                         "pthread_mutex_trylock failed: %s", strerror(ret));
222     }
223     return;
224   }
225 
226   int s = socket_abstract_client(DEBUGGER_SOCKET_NAME, SOCK_STREAM | SOCK_CLOEXEC);
227   if (s == -1) {
228     __libc_format_log(ANDROID_LOG_FATAL, "libc", "Unable to open connection to debuggerd: %s",
229                       strerror(errno));
230     return;
231   }
232 
233   // debuggerd knows our pid from the credentials on the
234   // local socket but we need to tell it the tid of the crashing thread.
235   // debuggerd will be paranoid and verify that we sent a tid
236   // that's actually in our process.
237   debugger_msg_t msg;
238   msg.action = DEBUGGER_ACTION_CRASH;
239   msg.tid = gettid();
240   msg.abort_msg_address = reinterpret_cast<uintptr_t>(g_abort_message);
241   msg.original_si_code = (info != nullptr) ? info->si_code : 0;
242   ret = TEMP_FAILURE_RETRY(write(s, &msg, sizeof(msg)));
243   if (ret == sizeof(msg)) {
244     char debuggerd_ack;
245     ret = TEMP_FAILURE_RETRY(read(s, &debuggerd_ack, 1));
246     int saved_errno = errno;
247     notify_gdb_of_libraries();
248     errno = saved_errno;
249   } else {
250     // read or write failed -- broken connection?
251     __libc_format_log(ANDROID_LOG_FATAL, "libc", "Failed while talking to debuggerd: %s",
252                       strerror(errno));
253   }
254 
255   close(s);
256 }
257 
258 /*
259  * Catches fatal signals so we can ask debuggerd to ptrace us before
260  * we crash.
261  */
debuggerd_signal_handler(int signal_number,siginfo_t * info,void *)262 static void debuggerd_signal_handler(int signal_number, siginfo_t* info, void*) {
263   // It's possible somebody cleared the SA_SIGINFO flag, which would mean
264   // our "info" arg holds an undefined value.
265   if (!have_siginfo(signal_number)) {
266     info = nullptr;
267   }
268 
269   log_signal_summary(signal_number, info);
270 
271   send_debuggerd_packet(info);
272 
273   // We need to return from the signal handler so that debuggerd can dump the
274   // thread that crashed, but returning here does not guarantee that the signal
275   // will be thrown again, even for SIGSEGV and friends, since the signal could
276   // have been sent manually. Resend the signal with rt_tgsigqueueinfo(2) to
277   // preserve the SA_SIGINFO contents.
278   signal(signal_number, SIG_DFL);
279 
280   struct siginfo si;
281   if (!info) {
282     memset(&si, 0, sizeof(si));
283     si.si_code = SI_USER;
284     si.si_pid = getpid();
285     si.si_uid = getuid();
286     info = &si;
287   } else if (info->si_code >= 0 || info->si_code == SI_TKILL) {
288     // rt_tgsigqueueinfo(2)'s documentation appears to be incorrect on kernels
289     // that contain commit 66dd34a (3.9+). The manpage claims to only allow
290     // negative si_code values that are not SI_TKILL, but 66dd34a changed the
291     // check to allow all si_code values in calls coming from inside the house.
292   }
293 
294   int rc = syscall(SYS_rt_tgsigqueueinfo, getpid(), gettid(), signal_number, info);
295   if (rc != 0) {
296     __libc_format_log(ANDROID_LOG_FATAL, "libc", "failed to resend signal during crash: %s",
297                       strerror(errno));
298     _exit(0);
299   }
300 }
301 
debuggerd_init()302 __LIBC_HIDDEN__ void debuggerd_init() {
303   struct sigaction action;
304   memset(&action, 0, sizeof(action));
305   sigemptyset(&action.sa_mask);
306   action.sa_sigaction = debuggerd_signal_handler;
307   action.sa_flags = SA_RESTART | SA_SIGINFO;
308 
309   // Use the alternate signal stack if available so we can catch stack overflows.
310   action.sa_flags |= SA_ONSTACK;
311 
312   sigaction(SIGABRT, &action, nullptr);
313   sigaction(SIGBUS, &action, nullptr);
314   sigaction(SIGFPE, &action, nullptr);
315   sigaction(SIGILL, &action, nullptr);
316   sigaction(SIGSEGV, &action, nullptr);
317 #if defined(SIGSTKFLT)
318   sigaction(SIGSTKFLT, &action, nullptr);
319 #endif
320   sigaction(SIGTRAP, &action, nullptr);
321 }
322