1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include "linker.h"
30 #include "linker_gdb_support.h"
31
32 #include <errno.h>
33 #include <inttypes.h>
34 #include <pthread.h>
35 #include <signal.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <sys/mman.h>
40 #include <sys/prctl.h>
41 #include <sys/socket.h>
42 #include <sys/syscall.h>
43 #include <sys/un.h>
44 #include <unistd.h>
45
46 extern "C" int tgkill(int tgid, int tid, int sig);
47
48 // Crash actions have to be sent to the proper debuggerd.
49 // On 64 bit systems, the 32 bit debuggerd is named differently.
50 #if defined(TARGET_IS_64_BIT) && !defined(__LP64__)
51 #define DEBUGGER_SOCKET_NAME "android:debuggerd32"
52 #else
53 #define DEBUGGER_SOCKET_NAME "android:debuggerd"
54 #endif
55
56 enum debugger_action_t {
57 // dump a crash
58 DEBUGGER_ACTION_CRASH,
59 // dump a tombstone file
60 DEBUGGER_ACTION_DUMP_TOMBSTONE,
61 // dump a backtrace only back to the socket
62 DEBUGGER_ACTION_DUMP_BACKTRACE,
63 };
64
65 // Message sent over the socket.
66 // NOTE: Any changes to this structure must also be reflected in
67 // system/core/include/cutils/debugger.h.
68 struct __attribute__((packed)) debugger_msg_t {
69 int32_t action;
70 pid_t tid;
71 uint64_t abort_msg_address;
72 int32_t original_si_code;
73 };
74
75 // see man(2) prctl, specifically the section about PR_GET_NAME
76 #define MAX_TASK_NAME_LEN (16)
77
socket_abstract_client(const char * name,int type)78 static int socket_abstract_client(const char* name, int type) {
79 sockaddr_un addr;
80
81 // Test with length +1 for the *initial* '\0'.
82 size_t namelen = strlen(name);
83 if ((namelen + 1) > sizeof(addr.sun_path)) {
84 errno = EINVAL;
85 return -1;
86 }
87
88 // This is used for abstract socket namespace, we need
89 // an initial '\0' at the start of the Unix socket path.
90 //
91 // Note: The path in this case is *not* supposed to be
92 // '\0'-terminated. ("man 7 unix" for the gory details.)
93 memset(&addr, 0, sizeof(addr));
94 addr.sun_family = AF_LOCAL;
95 addr.sun_path[0] = 0;
96 memcpy(addr.sun_path + 1, name, namelen);
97
98 socklen_t alen = namelen + offsetof(sockaddr_un, sun_path) + 1;
99
100 int s = socket(AF_LOCAL, type, 0);
101 if (s == -1) {
102 return -1;
103 }
104
105 int rc = TEMP_FAILURE_RETRY(connect(s, reinterpret_cast<sockaddr*>(&addr), alen));
106 if (rc == -1) {
107 close(s);
108 return -1;
109 }
110
111 return s;
112 }
113
114 /*
115 * Writes a summary of the signal to the log file. We do this so that, if
116 * for some reason we're not able to contact debuggerd, there is still some
117 * indication of the failure in the log.
118 *
119 * We could be here as a result of native heap corruption, or while a
120 * mutex is being held, so we don't want to use any libc functions that
121 * could allocate memory or hold a lock.
122 */
log_signal_summary(int signum,const siginfo_t * info)123 static void log_signal_summary(int signum, const siginfo_t* info) {
124 const char* signal_name = "???";
125 bool has_address = false;
126 switch (signum) {
127 case SIGABRT:
128 signal_name = "SIGABRT";
129 break;
130 case SIGBUS:
131 signal_name = "SIGBUS";
132 has_address = true;
133 break;
134 case SIGFPE:
135 signal_name = "SIGFPE";
136 has_address = true;
137 break;
138 case SIGILL:
139 signal_name = "SIGILL";
140 has_address = true;
141 break;
142 case SIGSEGV:
143 signal_name = "SIGSEGV";
144 has_address = true;
145 break;
146 #if defined(SIGSTKFLT)
147 case SIGSTKFLT:
148 signal_name = "SIGSTKFLT";
149 break;
150 #endif
151 case SIGTRAP:
152 signal_name = "SIGTRAP";
153 break;
154 }
155
156 char thread_name[MAX_TASK_NAME_LEN + 1]; // one more for termination
157 if (prctl(PR_GET_NAME, reinterpret_cast<unsigned long>(thread_name), 0, 0, 0) != 0) {
158 strcpy(thread_name, "<name unknown>");
159 } else {
160 // short names are null terminated by prctl, but the man page
161 // implies that 16 byte names are not.
162 thread_name[MAX_TASK_NAME_LEN] = 0;
163 }
164
165 // "info" will be null if the siginfo_t information was not available.
166 // Many signals don't have an address or a code.
167 char code_desc[32]; // ", code -6"
168 char addr_desc[32]; // ", fault addr 0x1234"
169 addr_desc[0] = code_desc[0] = 0;
170 if (info != nullptr) {
171 // For a rethrown signal, this si_code will be right and the one debuggerd shows will
172 // always be SI_TKILL.
173 __libc_format_buffer(code_desc, sizeof(code_desc), ", code %d", info->si_code);
174 if (has_address) {
175 __libc_format_buffer(addr_desc, sizeof(addr_desc), ", fault addr %p", info->si_addr);
176 }
177 }
178 __libc_format_log(ANDROID_LOG_FATAL, "libc",
179 "Fatal signal %d (%s)%s%s in tid %d (%s)",
180 signum, signal_name, code_desc, addr_desc, gettid(), thread_name);
181 }
182
183 /*
184 * Returns true if the handler for signal "signum" has SA_SIGINFO set.
185 */
have_siginfo(int signum)186 static bool have_siginfo(int signum) {
187 struct sigaction old_action, new_action;
188
189 memset(&new_action, 0, sizeof(new_action));
190 new_action.sa_handler = SIG_DFL;
191 new_action.sa_flags = SA_RESTART;
192 sigemptyset(&new_action.sa_mask);
193
194 if (sigaction(signum, &new_action, &old_action) < 0) {
195 __libc_format_log(ANDROID_LOG_WARN, "libc", "Failed testing for SA_SIGINFO: %s",
196 strerror(errno));
197 return false;
198 }
199 bool result = (old_action.sa_flags & SA_SIGINFO) != 0;
200
201 if (sigaction(signum, &old_action, nullptr) == -1) {
202 __libc_format_log(ANDROID_LOG_WARN, "libc", "Restore failed in test for SA_SIGINFO: %s",
203 strerror(errno));
204 }
205 return result;
206 }
207
send_debuggerd_packet(siginfo_t * info)208 static void send_debuggerd_packet(siginfo_t* info) {
209 // Mutex to prevent multiple crashing threads from trying to talk
210 // to debuggerd at the same time.
211 static pthread_mutex_t crash_mutex = PTHREAD_MUTEX_INITIALIZER;
212 int ret = pthread_mutex_trylock(&crash_mutex);
213 if (ret != 0) {
214 if (ret == EBUSY) {
215 __libc_format_log(ANDROID_LOG_INFO, "libc",
216 "Another thread contacted debuggerd first; not contacting debuggerd.");
217 // This will never complete since the lock is never released.
218 pthread_mutex_lock(&crash_mutex);
219 } else {
220 __libc_format_log(ANDROID_LOG_INFO, "libc",
221 "pthread_mutex_trylock failed: %s", strerror(ret));
222 }
223 return;
224 }
225
226 int s = socket_abstract_client(DEBUGGER_SOCKET_NAME, SOCK_STREAM | SOCK_CLOEXEC);
227 if (s == -1) {
228 __libc_format_log(ANDROID_LOG_FATAL, "libc", "Unable to open connection to debuggerd: %s",
229 strerror(errno));
230 return;
231 }
232
233 // debuggerd knows our pid from the credentials on the
234 // local socket but we need to tell it the tid of the crashing thread.
235 // debuggerd will be paranoid and verify that we sent a tid
236 // that's actually in our process.
237 debugger_msg_t msg;
238 msg.action = DEBUGGER_ACTION_CRASH;
239 msg.tid = gettid();
240 msg.abort_msg_address = reinterpret_cast<uintptr_t>(g_abort_message);
241 msg.original_si_code = (info != nullptr) ? info->si_code : 0;
242 ret = TEMP_FAILURE_RETRY(write(s, &msg, sizeof(msg)));
243 if (ret == sizeof(msg)) {
244 char debuggerd_ack;
245 ret = TEMP_FAILURE_RETRY(read(s, &debuggerd_ack, 1));
246 int saved_errno = errno;
247 notify_gdb_of_libraries();
248 errno = saved_errno;
249 } else {
250 // read or write failed -- broken connection?
251 __libc_format_log(ANDROID_LOG_FATAL, "libc", "Failed while talking to debuggerd: %s",
252 strerror(errno));
253 }
254
255 close(s);
256 }
257
258 /*
259 * Catches fatal signals so we can ask debuggerd to ptrace us before
260 * we crash.
261 */
debuggerd_signal_handler(int signal_number,siginfo_t * info,void *)262 static void debuggerd_signal_handler(int signal_number, siginfo_t* info, void*) {
263 // It's possible somebody cleared the SA_SIGINFO flag, which would mean
264 // our "info" arg holds an undefined value.
265 if (!have_siginfo(signal_number)) {
266 info = nullptr;
267 }
268
269 log_signal_summary(signal_number, info);
270
271 send_debuggerd_packet(info);
272
273 // We need to return from the signal handler so that debuggerd can dump the
274 // thread that crashed, but returning here does not guarantee that the signal
275 // will be thrown again, even for SIGSEGV and friends, since the signal could
276 // have been sent manually. Resend the signal with rt_tgsigqueueinfo(2) to
277 // preserve the SA_SIGINFO contents.
278 signal(signal_number, SIG_DFL);
279
280 struct siginfo si;
281 if (!info) {
282 memset(&si, 0, sizeof(si));
283 si.si_code = SI_USER;
284 si.si_pid = getpid();
285 si.si_uid = getuid();
286 info = &si;
287 } else if (info->si_code >= 0 || info->si_code == SI_TKILL) {
288 // rt_tgsigqueueinfo(2)'s documentation appears to be incorrect on kernels
289 // that contain commit 66dd34a (3.9+). The manpage claims to only allow
290 // negative si_code values that are not SI_TKILL, but 66dd34a changed the
291 // check to allow all si_code values in calls coming from inside the house.
292 }
293
294 int rc = syscall(SYS_rt_tgsigqueueinfo, getpid(), gettid(), signal_number, info);
295 if (rc != 0) {
296 __libc_format_log(ANDROID_LOG_FATAL, "libc", "failed to resend signal during crash: %s",
297 strerror(errno));
298 _exit(0);
299 }
300 }
301
debuggerd_init()302 __LIBC_HIDDEN__ void debuggerd_init() {
303 struct sigaction action;
304 memset(&action, 0, sizeof(action));
305 sigemptyset(&action.sa_mask);
306 action.sa_sigaction = debuggerd_signal_handler;
307 action.sa_flags = SA_RESTART | SA_SIGINFO;
308
309 // Use the alternate signal stack if available so we can catch stack overflows.
310 action.sa_flags |= SA_ONSTACK;
311
312 sigaction(SIGABRT, &action, nullptr);
313 sigaction(SIGBUS, &action, nullptr);
314 sigaction(SIGFPE, &action, nullptr);
315 sigaction(SIGILL, &action, nullptr);
316 sigaction(SIGSEGV, &action, nullptr);
317 #if defined(SIGSTKFLT)
318 sigaction(SIGSTKFLT, &action, nullptr);
319 #endif
320 sigaction(SIGTRAP, &action, nullptr);
321 }
322