1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "fault_handler.h" 18 19 #include <string.h> 20 #include <sys/mman.h> 21 #include <sys/ucontext.h> 22 23 #include "art_method-inl.h" 24 #include "base/logging.h" // For VLOG 25 #include "base/safe_copy.h" 26 #include "base/stl_util.h" 27 #include "dex/dex_file_types.h" 28 #include "mirror/class.h" 29 #include "mirror/object_reference.h" 30 #include "oat_quick_method_header.h" 31 #include "sigchain.h" 32 #include "thread-current-inl.h" 33 #include "verify_object-inl.h" 34 35 namespace art { 36 // Static fault manger object accessed by signal handler. 37 FaultManager fault_manager; 38 39 // This needs to be NO_INLINE since some debuggers do not read the inline-info to set a breakpoint 40 // if it isn't. 41 extern "C" NO_INLINE __attribute__((visibility("default"))) void art_sigsegv_fault() { 42 // Set a breakpoint here to be informed when a SIGSEGV is unhandled by ART. 43 VLOG(signals)<< "Caught unknown SIGSEGV in ART fault handler - chaining to next handler."; 44 } 45 46 // Signal handler called on SIGSEGV. 47 static bool art_fault_handler(int sig, siginfo_t* info, void* context) { 48 return fault_manager.HandleFault(sig, info, context); 49 } 50 51 #if defined(__linux__) 52 53 // Change to verify the safe implementations against the original ones. 54 constexpr bool kVerifySafeImpls = false; 55 56 // Provide implementations of ArtMethod::GetDeclaringClass and VerifyClassClass that use SafeCopy 57 // to safely dereference pointers which are potentially garbage. 58 // Only available on Linux due to availability of SafeCopy. 59 60 static mirror::Class* SafeGetDeclaringClass(ArtMethod* method) 61 REQUIRES_SHARED(Locks::mutator_lock_) { 62 char* method_declaring_class = 63 reinterpret_cast<char*>(method) + ArtMethod::DeclaringClassOffset().SizeValue(); 64 65 // ArtMethod::declaring_class_ is a GcRoot<mirror::Class>. 66 // Read it out into as a CompressedReference directly for simplicity's sake. 67 mirror::CompressedReference<mirror::Class> cls; 68 ssize_t rc = SafeCopy(&cls, method_declaring_class, sizeof(cls)); 69 CHECK_NE(-1, rc); 70 71 if (kVerifySafeImpls) { 72 ObjPtr<mirror::Class> actual_class = method->GetDeclaringClassUnchecked<kWithoutReadBarrier>(); 73 CHECK_EQ(actual_class, cls.AsMirrorPtr()); 74 } 75 76 if (rc != sizeof(cls)) { 77 return nullptr; 78 } 79 80 return cls.AsMirrorPtr(); 81 } 82 83 static mirror::Class* SafeGetClass(mirror::Object* obj) REQUIRES_SHARED(Locks::mutator_lock_) { 84 char* obj_cls = reinterpret_cast<char*>(obj) + mirror::Object::ClassOffset().SizeValue(); 85 86 mirror::HeapReference<mirror::Class> cls; 87 ssize_t rc = SafeCopy(&cls, obj_cls, sizeof(cls)); 88 CHECK_NE(-1, rc); 89 90 if (kVerifySafeImpls) { 91 mirror::Class* actual_class = obj->GetClass<kVerifyNone>(); 92 CHECK_EQ(actual_class, cls.AsMirrorPtr()); 93 } 94 95 if (rc != sizeof(cls)) { 96 return nullptr; 97 } 98 99 return cls.AsMirrorPtr(); 100 } 101 102 static bool SafeVerifyClassClass(mirror::Class* cls) REQUIRES_SHARED(Locks::mutator_lock_) { 103 mirror::Class* c_c = SafeGetClass(cls); 104 bool result = c_c != nullptr && c_c == SafeGetClass(c_c); 105 106 if (kVerifySafeImpls) { 107 CHECK_EQ(VerifyClassClass(cls), result); 108 } 109 110 return result; 111 } 112 113 #else 114 115 static mirror::Class* SafeGetDeclaringClass(ArtMethod* method_obj) 116 REQUIRES_SHARED(Locks::mutator_lock_) { 117 return method_obj->GetDeclaringClassUnchecked<kWithoutReadBarrier>().Ptr(); 118 } 119 120 static bool SafeVerifyClassClass(mirror::Class* cls) REQUIRES_SHARED(Locks::mutator_lock_) { 121 return VerifyClassClass(cls); 122 } 123 #endif 124 125 126 FaultManager::FaultManager() : initialized_(false) { 127 sigaction(SIGSEGV, nullptr, &oldaction_); 128 } 129 130 FaultManager::~FaultManager() { 131 } 132 133 void FaultManager::Init() { 134 CHECK(!initialized_); 135 sigset_t mask; 136 sigfillset(&mask); 137 sigdelset(&mask, SIGABRT); 138 sigdelset(&mask, SIGBUS); 139 sigdelset(&mask, SIGFPE); 140 sigdelset(&mask, SIGILL); 141 sigdelset(&mask, SIGSEGV); 142 143 SigchainAction sa = { 144 .sc_sigaction = art_fault_handler, 145 .sc_mask = mask, 146 .sc_flags = 0UL, 147 }; 148 149 AddSpecialSignalHandlerFn(SIGSEGV, &sa); 150 initialized_ = true; 151 } 152 153 void FaultManager::Release() { 154 if (initialized_) { 155 RemoveSpecialSignalHandlerFn(SIGSEGV, art_fault_handler); 156 initialized_ = false; 157 } 158 } 159 160 void FaultManager::Shutdown() { 161 if (initialized_) { 162 Release(); 163 164 // Free all handlers. 165 STLDeleteElements(&generated_code_handlers_); 166 STLDeleteElements(&other_handlers_); 167 } 168 } 169 170 bool FaultManager::HandleFaultByOtherHandlers(int sig, siginfo_t* info, void* context) { 171 if (other_handlers_.empty()) { 172 return false; 173 } 174 175 Thread* self = Thread::Current(); 176 177 DCHECK(self != nullptr); 178 DCHECK(Runtime::Current() != nullptr); 179 DCHECK(Runtime::Current()->IsStarted()); 180 for (const auto& handler : other_handlers_) { 181 if (handler->Action(sig, info, context)) { 182 return true; 183 } 184 } 185 return false; 186 } 187 188 static const char* SignalCodeName(int sig, int code) { 189 if (sig != SIGSEGV) { 190 return "UNKNOWN"; 191 } else { 192 switch (code) { 193 case SEGV_MAPERR: return "SEGV_MAPERR"; 194 case SEGV_ACCERR: return "SEGV_ACCERR"; 195 default: return "UNKNOWN"; 196 } 197 } 198 } 199 static std::ostream& PrintSignalInfo(std::ostream& os, siginfo_t* info) { 200 os << " si_signo: " << info->si_signo << " (" << strsignal(info->si_signo) << ")\n" 201 << " si_code: " << info->si_code 202 << " (" << SignalCodeName(info->si_signo, info->si_code) << ")"; 203 if (info->si_signo == SIGSEGV) { 204 os << "\n" << " si_addr: " << info->si_addr; 205 } 206 return os; 207 } 208 209 bool FaultManager::HandleFault(int sig, siginfo_t* info, void* context) { 210 if (VLOG_IS_ON(signals)) { 211 PrintSignalInfo(VLOG_STREAM(signals) << "Handling fault:" << "\n", info); 212 } 213 214 #ifdef TEST_NESTED_SIGNAL 215 // Simulate a crash in a handler. 216 raise(SIGSEGV); 217 #endif 218 219 if (IsInGeneratedCode(info, context, true)) { 220 VLOG(signals) << "in generated code, looking for handler"; 221 for (const auto& handler : generated_code_handlers_) { 222 VLOG(signals) << "invoking Action on handler " << handler; 223 if (handler->Action(sig, info, context)) { 224 // We have handled a signal so it's time to return from the 225 // signal handler to the appropriate place. 226 return true; 227 } 228 } 229 } 230 231 // We hit a signal we didn't handle. This might be something for which 232 // we can give more information about so call all registered handlers to 233 // see if it is. 234 if (HandleFaultByOtherHandlers(sig, info, context)) { 235 return true; 236 } 237 238 // Set a breakpoint in this function to catch unhandled signals. 239 art_sigsegv_fault(); 240 return false; 241 } 242 243 void FaultManager::AddHandler(FaultHandler* handler, bool generated_code) { 244 DCHECK(initialized_); 245 if (generated_code) { 246 generated_code_handlers_.push_back(handler); 247 } else { 248 other_handlers_.push_back(handler); 249 } 250 } 251 252 void FaultManager::RemoveHandler(FaultHandler* handler) { 253 auto it = std::find(generated_code_handlers_.begin(), generated_code_handlers_.end(), handler); 254 if (it != generated_code_handlers_.end()) { 255 generated_code_handlers_.erase(it); 256 return; 257 } 258 auto it2 = std::find(other_handlers_.begin(), other_handlers_.end(), handler); 259 if (it2 != other_handlers_.end()) { 260 other_handlers_.erase(it2); 261 return; 262 } 263 LOG(FATAL) << "Attempted to remove non existent handler " << handler; 264 } 265 266 // This function is called within the signal handler. It checks that 267 // the mutator_lock is held (shared). No annotalysis is done. 268 bool FaultManager::IsInGeneratedCode(siginfo_t* siginfo, void* context, bool check_dex_pc) { 269 // We can only be running Java code in the current thread if it 270 // is in Runnable state. 271 VLOG(signals) << "Checking for generated code"; 272 Thread* thread = Thread::Current(); 273 if (thread == nullptr) { 274 VLOG(signals) << "no current thread"; 275 return false; 276 } 277 278 ThreadState state = thread->GetState(); 279 if (state != kRunnable) { 280 VLOG(signals) << "not runnable"; 281 return false; 282 } 283 284 // Current thread is runnable. 285 // Make sure it has the mutator lock. 286 if (!Locks::mutator_lock_->IsSharedHeld(thread)) { 287 VLOG(signals) << "no lock"; 288 return false; 289 } 290 291 ArtMethod* method_obj = nullptr; 292 uintptr_t return_pc = 0; 293 uintptr_t sp = 0; 294 295 // Get the architecture specific method address and return address. These 296 // are in architecture specific files in arch/<arch>/fault_handler_<arch>. 297 GetMethodAndReturnPcAndSp(siginfo, context, &method_obj, &return_pc, &sp); 298 299 // If we don't have a potential method, we're outta here. 300 VLOG(signals) << "potential method: " << method_obj; 301 // TODO: Check linear alloc and image. 302 DCHECK_ALIGNED(ArtMethod::Size(kRuntimePointerSize), sizeof(void*)) 303 << "ArtMethod is not pointer aligned"; 304 if (method_obj == nullptr || !IsAligned<sizeof(void*)>(method_obj)) { 305 VLOG(signals) << "no method"; 306 return false; 307 } 308 309 // Verify that the potential method is indeed a method. 310 // TODO: check the GC maps to make sure it's an object. 311 // Check that the class pointer inside the object is not null and is aligned. 312 // No read barrier because method_obj may not be a real object. 313 mirror::Class* cls = SafeGetDeclaringClass(method_obj); 314 if (cls == nullptr) { 315 VLOG(signals) << "not a class"; 316 return false; 317 } 318 319 if (!IsAligned<kObjectAlignment>(cls)) { 320 VLOG(signals) << "not aligned"; 321 return false; 322 } 323 324 if (!SafeVerifyClassClass(cls)) { 325 VLOG(signals) << "not a class class"; 326 return false; 327 } 328 329 const OatQuickMethodHeader* method_header = method_obj->GetOatQuickMethodHeader(return_pc); 330 331 // We can be certain that this is a method now. Check if we have a GC map 332 // at the return PC address. 333 if (true || kIsDebugBuild) { 334 VLOG(signals) << "looking for dex pc for return pc " << std::hex << return_pc; 335 uint32_t sought_offset = return_pc - 336 reinterpret_cast<uintptr_t>(method_header->GetEntryPoint()); 337 VLOG(signals) << "pc offset: " << std::hex << sought_offset; 338 } 339 uint32_t dexpc = method_header->ToDexPc(method_obj, return_pc, false); 340 VLOG(signals) << "dexpc: " << dexpc; 341 return !check_dex_pc || dexpc != dex::kDexNoIndex; 342 } 343 344 FaultHandler::FaultHandler(FaultManager* manager) : manager_(manager) { 345 } 346 347 // 348 // Null pointer fault handler 349 // 350 NullPointerHandler::NullPointerHandler(FaultManager* manager) : FaultHandler(manager) { 351 manager_->AddHandler(this, true); 352 } 353 354 // 355 // Suspension fault handler 356 // 357 SuspensionHandler::SuspensionHandler(FaultManager* manager) : FaultHandler(manager) { 358 manager_->AddHandler(this, true); 359 } 360 361 // 362 // Stack overflow fault handler 363 // 364 StackOverflowHandler::StackOverflowHandler(FaultManager* manager) : FaultHandler(manager) { 365 manager_->AddHandler(this, true); 366 } 367 368 // 369 // Stack trace handler, used to help get a stack trace from SIGSEGV inside of compiled code. 370 // 371 JavaStackTraceHandler::JavaStackTraceHandler(FaultManager* manager) : FaultHandler(manager) { 372 manager_->AddHandler(this, false); 373 } 374 375 bool JavaStackTraceHandler::Action(int sig ATTRIBUTE_UNUSED, siginfo_t* siginfo, void* context) { 376 // Make sure that we are in the generated code, but we may not have a dex pc. 377 bool in_generated_code = manager_->IsInGeneratedCode(siginfo, context, false); 378 if (in_generated_code) { 379 LOG(ERROR) << "Dumping java stack trace for crash in generated code"; 380 ArtMethod* method = nullptr; 381 uintptr_t return_pc = 0; 382 uintptr_t sp = 0; 383 Thread* self = Thread::Current(); 384 385 manager_->GetMethodAndReturnPcAndSp(siginfo, context, &method, &return_pc, &sp); 386 // Inside of generated code, sp[0] is the method, so sp is the frame. 387 self->SetTopOfStack(reinterpret_cast<ArtMethod**>(sp)); 388 self->DumpJavaStack(LOG_STREAM(ERROR)); 389 } 390 391 return false; // Return false since we want to propagate the fault to the main signal handler. 392 } 393 394 } // namespace art 395
