1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "dalvik_system_ZygoteHooks.h" 18 19 #include <stdlib.h> 20 21 #include <android-base/logging.h> 22 #include <android-base/stringprintf.h> 23 24 #include "arch/instruction_set.h" 25 #include "art_method-inl.h" 26 #include "base/macros.h" 27 #include "base/mutex.h" 28 #include "base/runtime_debug.h" 29 #include "debugger.h" 30 #include "hidden_api.h" 31 #include "jit/jit.h" 32 #include "jit/jit_code_cache.h" 33 #include "jni/java_vm_ext.h" 34 #include "jni/jni_internal.h" 35 #include "native_util.h" 36 #include "nativehelper/jni_macros.h" 37 #include "nativehelper/scoped_utf_chars.h" 38 #include "non_debuggable_classes.h" 39 #include "oat_file.h" 40 #include "oat_file_manager.h" 41 #include "scoped_thread_state_change-inl.h" 42 #include "stack.h" 43 #include "thread-current-inl.h" 44 #include "thread_list.h" 45 #include "trace.h" 46 47 #include <sys/resource.h> 48 49 namespace art { 50 51 // Set to true to always determine the non-debuggable classes even if we would not allow a debugger 52 // to actually attach. 53 static bool kAlwaysCollectNonDebuggableClasses = 54 RegisterRuntimeDebugFlag(&kAlwaysCollectNonDebuggableClasses); 55 56 using android::base::StringPrintf; 57 58 class ClassSet { 59 public: 60 // The number of classes we reasonably expect to have to look at. Realistically the number is more 61 // ~10 but there is little harm in having some extra. 62 static constexpr int kClassSetCapacity = 100; 63 64 explicit ClassSet(Thread* const self) : self_(self) { 65 self_->GetJniEnv()->PushFrame(kClassSetCapacity); 66 } 67 68 ~ClassSet() { 69 self_->GetJniEnv()->PopFrame(); 70 } 71 72 void AddClass(ObjPtr<mirror::Class> klass) REQUIRES(Locks::mutator_lock_) { 73 class_set_.insert(self_->GetJniEnv()->AddLocalReference<jclass>(klass)); 74 } 75 76 const std::unordered_set<jclass>& GetClasses() const { 77 return class_set_; 78 } 79 80 private: 81 Thread* const self_; 82 std::unordered_set<jclass> class_set_; 83 }; 84 85 static void DoCollectNonDebuggableCallback(Thread* thread, void* data) 86 REQUIRES(Locks::mutator_lock_) { 87 class NonDebuggableStacksVisitor : public StackVisitor { 88 public: 89 NonDebuggableStacksVisitor(Thread* t, ClassSet* class_set) 90 : StackVisitor(t, nullptr, StackVisitor::StackWalkKind::kIncludeInlinedFrames), 91 class_set_(class_set) {} 92 93 ~NonDebuggableStacksVisitor() override {} 94 95 bool VisitFrame() override REQUIRES(Locks::mutator_lock_) { 96 if (GetMethod()->IsRuntimeMethod()) { 97 return true; 98 } 99 class_set_->AddClass(GetMethod()->GetDeclaringClass()); 100 if (kIsDebugBuild) { 101 LOG(INFO) << GetMethod()->GetDeclaringClass()->PrettyClass() 102 << " might not be fully debuggable/deoptimizable due to " 103 << GetMethod()->PrettyMethod() << " appearing on the stack during zygote fork."; 104 } 105 return true; 106 } 107 108 private: 109 ClassSet* class_set_; 110 }; 111 NonDebuggableStacksVisitor visitor(thread, reinterpret_cast<ClassSet*>(data)); 112 visitor.WalkStack(); 113 } 114 115 static void CollectNonDebuggableClasses() REQUIRES(!Locks::mutator_lock_) { 116 Runtime* const runtime = Runtime::Current(); 117 Thread* const self = Thread::Current(); 118 // Get the mutator lock. 119 ScopedObjectAccess soa(self); 120 ClassSet classes(self); 121 { 122 // Drop the shared mutator lock. 123 ScopedThreadSuspension sts(self, art::ThreadState::kNative); 124 // Get exclusive mutator lock with suspend all. 125 ScopedSuspendAll suspend("Checking stacks for non-obsoletable methods!", 126 /*long_suspend=*/false); 127 MutexLock mu(Thread::Current(), *Locks::thread_list_lock_); 128 runtime->GetThreadList()->ForEach(DoCollectNonDebuggableCallback, &classes); 129 } 130 for (jclass klass : classes.GetClasses()) { 131 NonDebuggableClasses::AddNonDebuggableClass(klass); 132 } 133 } 134 135 // Must match values in com.android.internal.os.Zygote. 136 enum { 137 DEBUG_ENABLE_JDWP = 1, 138 DEBUG_ENABLE_CHECKJNI = 1 << 1, 139 DEBUG_ENABLE_ASSERT = 1 << 2, 140 DEBUG_ENABLE_SAFEMODE = 1 << 3, 141 DEBUG_ENABLE_JNI_LOGGING = 1 << 4, 142 DEBUG_GENERATE_DEBUG_INFO = 1 << 5, 143 DEBUG_ALWAYS_JIT = 1 << 6, 144 DEBUG_NATIVE_DEBUGGABLE = 1 << 7, 145 DEBUG_JAVA_DEBUGGABLE = 1 << 8, 146 DISABLE_VERIFIER = 1 << 9, 147 ONLY_USE_SYSTEM_OAT_FILES = 1 << 10, 148 DEBUG_GENERATE_MINI_DEBUG_INFO = 1 << 11, 149 HIDDEN_API_ENFORCEMENT_POLICY_MASK = (1 << 12) 150 | (1 << 13), 151 PROFILE_SYSTEM_SERVER = 1 << 14, 152 USE_APP_IMAGE_STARTUP_CACHE = 1 << 16, 153 154 // bits to shift (flags & HIDDEN_API_ENFORCEMENT_POLICY_MASK) by to get a value 155 // corresponding to hiddenapi::EnforcementPolicy 156 API_ENFORCEMENT_POLICY_SHIFT = CTZ(HIDDEN_API_ENFORCEMENT_POLICY_MASK), 157 }; 158 159 static uint32_t EnableDebugFeatures(uint32_t runtime_flags) { 160 Runtime* const runtime = Runtime::Current(); 161 if ((runtime_flags & DEBUG_ENABLE_CHECKJNI) != 0) { 162 JavaVMExt* vm = runtime->GetJavaVM(); 163 if (!vm->IsCheckJniEnabled()) { 164 LOG(INFO) << "Late-enabling -Xcheck:jni"; 165 vm->SetCheckJniEnabled(true); 166 // There's only one thread running at this point, so only one JNIEnv to fix up. 167 Thread::Current()->GetJniEnv()->SetCheckJniEnabled(true); 168 } else { 169 LOG(INFO) << "Not late-enabling -Xcheck:jni (already on)"; 170 } 171 runtime_flags &= ~DEBUG_ENABLE_CHECKJNI; 172 } 173 174 if ((runtime_flags & DEBUG_ENABLE_JNI_LOGGING) != 0) { 175 gLogVerbosity.third_party_jni = true; 176 runtime_flags &= ~DEBUG_ENABLE_JNI_LOGGING; 177 } 178 179 Dbg::SetJdwpAllowed((runtime_flags & DEBUG_ENABLE_JDWP) != 0); 180 runtime_flags &= ~DEBUG_ENABLE_JDWP; 181 182 const bool safe_mode = (runtime_flags & DEBUG_ENABLE_SAFEMODE) != 0; 183 if (safe_mode) { 184 // Only quicken oat files. 185 runtime->AddCompilerOption("--compiler-filter=quicken"); 186 runtime->SetSafeMode(true); 187 runtime_flags &= ~DEBUG_ENABLE_SAFEMODE; 188 } 189 190 // This is for backwards compatibility with Dalvik. 191 runtime_flags &= ~DEBUG_ENABLE_ASSERT; 192 193 if ((runtime_flags & DEBUG_ALWAYS_JIT) != 0) { 194 jit::JitOptions* jit_options = runtime->GetJITOptions(); 195 CHECK(jit_options != nullptr); 196 Runtime::Current()->DoAndMaybeSwitchInterpreter([=]() { 197 jit_options->SetJitAtFirstUse(); 198 }); 199 runtime_flags &= ~DEBUG_ALWAYS_JIT; 200 } 201 202 bool needs_non_debuggable_classes = false; 203 if ((runtime_flags & DEBUG_JAVA_DEBUGGABLE) != 0) { 204 runtime->AddCompilerOption("--debuggable"); 205 runtime_flags |= DEBUG_GENERATE_MINI_DEBUG_INFO; 206 runtime->SetJavaDebuggable(true); 207 { 208 // Deoptimize the boot image as it may be non-debuggable. 209 ScopedSuspendAll ssa(__FUNCTION__); 210 runtime->DeoptimizeBootImage(); 211 } 212 runtime_flags &= ~DEBUG_JAVA_DEBUGGABLE; 213 needs_non_debuggable_classes = true; 214 } 215 if (needs_non_debuggable_classes || kAlwaysCollectNonDebuggableClasses) { 216 CollectNonDebuggableClasses(); 217 } 218 219 if ((runtime_flags & DEBUG_NATIVE_DEBUGGABLE) != 0) { 220 runtime->AddCompilerOption("--debuggable"); 221 runtime_flags |= DEBUG_GENERATE_DEBUG_INFO; 222 runtime->SetNativeDebuggable(true); 223 runtime_flags &= ~DEBUG_NATIVE_DEBUGGABLE; 224 } 225 226 if ((runtime_flags & DEBUG_GENERATE_MINI_DEBUG_INFO) != 0) { 227 // Generate native minimal debug information to allow backtracing. 228 runtime->AddCompilerOption("--generate-mini-debug-info"); 229 runtime_flags &= ~DEBUG_GENERATE_MINI_DEBUG_INFO; 230 } 231 232 if ((runtime_flags & DEBUG_GENERATE_DEBUG_INFO) != 0) { 233 // Generate all native debug information we can (e.g. line-numbers). 234 runtime->AddCompilerOption("--generate-debug-info"); 235 runtime_flags &= ~DEBUG_GENERATE_DEBUG_INFO; 236 } 237 238 return runtime_flags; 239 } 240 241 static jlong ZygoteHooks_nativePreFork(JNIEnv* env, jclass) { 242 Runtime* runtime = Runtime::Current(); 243 CHECK(runtime->IsZygote()) << "runtime instance not started with -Xzygote"; 244 245 runtime->PreZygoteFork(); 246 247 // Grab thread before fork potentially makes Thread::pthread_key_self_ unusable. 248 return reinterpret_cast<jlong>(ThreadForEnv(env)); 249 } 250 251 static void ZygoteHooks_nativePostZygoteFork(JNIEnv*, jclass) { 252 Runtime* runtime = Runtime::Current(); 253 if (runtime->IsZygote()) { 254 runtime->PostZygoteFork(); 255 } 256 } 257 258 static void ZygoteHooks_nativePostForkSystemServer(JNIEnv* env ATTRIBUTE_UNUSED, 259 jclass klass ATTRIBUTE_UNUSED) { 260 Runtime::Current()->SetSystemServer(true); 261 // This JIT code cache for system server is created whilst the runtime is still single threaded. 262 // System server has a window where it can create executable pages for this purpose, but this is 263 // turned off after this hook. Consequently, the only JIT mode supported is the dual-view JIT 264 // where one mapping is R->RW and the other is RX. Single view requires RX->RWX->RX. 265 if (Runtime::Current()->GetJit() != nullptr) { 266 Runtime::Current()->GetJit()->GetCodeCache()->PostForkChildAction( 267 /* is_system_server= */ true, /* is_zygote= */ false); 268 } 269 // Allow picking up verity-protected files from the dalvik cache for pre-caching. This window will 270 // be closed in the common nativePostForkChild below. 271 Runtime::Current()->GetOatFileManager().SetOnlyUseSystemOatFiles( 272 /*enforce=*/false, /*assert_no_files_loaded=*/false); 273 } 274 275 static void ZygoteHooks_nativePostForkChild(JNIEnv* env, 276 jclass, 277 jlong token, 278 jint runtime_flags, 279 jboolean is_system_server, 280 jboolean is_zygote, 281 jstring instruction_set) { 282 DCHECK(!(is_system_server && is_zygote)); 283 284 Thread* thread = reinterpret_cast<Thread*>(token); 285 // Our system thread ID, etc, has changed so reset Thread state. 286 thread->InitAfterFork(); 287 runtime_flags = EnableDebugFeatures(runtime_flags); 288 hiddenapi::EnforcementPolicy api_enforcement_policy = hiddenapi::EnforcementPolicy::kDisabled; 289 290 Runtime* runtime = Runtime::Current(); 291 292 if ((runtime_flags & DISABLE_VERIFIER) != 0) { 293 runtime->DisableVerifier(); 294 runtime_flags &= ~DISABLE_VERIFIER; 295 } 296 297 bool only_use_system_oat_files = false; 298 if ((runtime_flags & ONLY_USE_SYSTEM_OAT_FILES) != 0 || is_system_server) { 299 only_use_system_oat_files = true; 300 runtime_flags &= ~ONLY_USE_SYSTEM_OAT_FILES; 301 } 302 runtime->GetOatFileManager().SetOnlyUseSystemOatFiles(only_use_system_oat_files, 303 !is_system_server); 304 305 api_enforcement_policy = hiddenapi::EnforcementPolicyFromInt( 306 (runtime_flags & HIDDEN_API_ENFORCEMENT_POLICY_MASK) >> API_ENFORCEMENT_POLICY_SHIFT); 307 runtime_flags &= ~HIDDEN_API_ENFORCEMENT_POLICY_MASK; 308 309 bool profile_system_server = (runtime_flags & PROFILE_SYSTEM_SERVER) == PROFILE_SYSTEM_SERVER; 310 runtime_flags &= ~PROFILE_SYSTEM_SERVER; 311 312 runtime->SetLoadAppImageStartupCacheEnabled( 313 (runtime_flags & USE_APP_IMAGE_STARTUP_CACHE) != 0u); 314 runtime_flags &= ~USE_APP_IMAGE_STARTUP_CACHE; 315 316 if (runtime_flags != 0) { 317 LOG(ERROR) << StringPrintf("Unknown bits set in runtime_flags: %#x", runtime_flags); 318 } 319 320 runtime->GetHeap()->PostForkChildAction(thread); 321 if (runtime->GetJit() != nullptr) { 322 if (!is_system_server) { 323 // System server already called the JIT cache post fork action in `nativePostForkSystemServer`. 324 runtime->GetJit()->GetCodeCache()->PostForkChildAction( 325 /* is_system_server= */ false, is_zygote); 326 } 327 // This must be called after EnableDebugFeatures. 328 runtime->GetJit()->PostForkChildAction(is_system_server, is_zygote); 329 } 330 331 // Update tracing. 332 if (Trace::GetMethodTracingMode() != TracingMode::kTracingInactive) { 333 Trace::TraceOutputMode output_mode = Trace::GetOutputMode(); 334 Trace::TraceMode trace_mode = Trace::GetMode(); 335 size_t buffer_size = Trace::GetBufferSize(); 336 337 // Just drop it. 338 Trace::Abort(); 339 340 // Only restart if it was streaming mode. 341 // TODO: Expose buffer size, so we can also do file mode. 342 if (output_mode == Trace::TraceOutputMode::kStreaming) { 343 static constexpr size_t kMaxProcessNameLength = 100; 344 char name_buf[kMaxProcessNameLength] = {}; 345 int rc = pthread_getname_np(pthread_self(), name_buf, kMaxProcessNameLength); 346 std::string proc_name; 347 348 if (rc == 0) { 349 // On success use the pthread name. 350 proc_name = name_buf; 351 } 352 353 if (proc_name.empty() || proc_name == "zygote" || proc_name == "zygote64") { 354 // Either no process name, or the name hasn't been changed, yet. Just use pid. 355 pid_t pid = getpid(); 356 proc_name = StringPrintf("%u", static_cast<uint32_t>(pid)); 357 } 358 359 std::string trace_file = StringPrintf("/data/misc/trace/%s.trace.bin", proc_name.c_str()); 360 Trace::Start(trace_file.c_str(), 361 buffer_size, 362 0, // TODO: Expose flags. 363 output_mode, 364 trace_mode, 365 0); // TODO: Expose interval. 366 if (thread->IsExceptionPending()) { 367 ScopedObjectAccess soa(env); 368 thread->ClearException(); 369 } 370 } 371 } 372 373 bool do_hidden_api_checks = api_enforcement_policy != hiddenapi::EnforcementPolicy::kDisabled; 374 DCHECK(!(is_system_server && do_hidden_api_checks)) 375 << "SystemServer should be forked with EnforcementPolicy::kDisable"; 376 DCHECK(!(is_zygote && do_hidden_api_checks)) 377 << "Child zygote processes should be forked with EnforcementPolicy::kDisable"; 378 runtime->SetHiddenApiEnforcementPolicy(api_enforcement_policy); 379 runtime->SetDedupeHiddenApiWarnings(true); 380 if (api_enforcement_policy != hiddenapi::EnforcementPolicy::kDisabled && 381 runtime->GetHiddenApiEventLogSampleRate() != 0) { 382 // Hidden API checks are enabled, and we are sampling access for the event log. Initialize the 383 // random seed, to ensure the sampling is actually random. We do this post-fork, as doing it 384 // pre-fork would result in the same sequence for every forked process. 385 std::srand(static_cast<uint32_t>(NanoTime())); 386 } 387 388 if (is_zygote) { 389 // If creating a child-zygote, do not call into the runtime's post-fork logic. 390 // Doing so would spin up threads for Binder and JDWP. Instead, the Java side 391 // of the child process will call a static main in a class specified by the parent. 392 return; 393 } 394 395 if (instruction_set != nullptr && !is_system_server) { 396 ScopedUtfChars isa_string(env, instruction_set); 397 InstructionSet isa = GetInstructionSetFromString(isa_string.c_str()); 398 Runtime::NativeBridgeAction action = Runtime::NativeBridgeAction::kUnload; 399 if (isa != InstructionSet::kNone && isa != kRuntimeISA) { 400 action = Runtime::NativeBridgeAction::kInitialize; 401 } 402 runtime->InitNonZygoteOrPostFork(env, is_system_server, action, isa_string.c_str()); 403 } else { 404 runtime->InitNonZygoteOrPostFork( 405 env, 406 is_system_server, 407 Runtime::NativeBridgeAction::kUnload, 408 /*isa=*/ nullptr, 409 profile_system_server); 410 } 411 } 412 413 static void ZygoteHooks_startZygoteNoThreadCreation(JNIEnv* env ATTRIBUTE_UNUSED, 414 jclass klass ATTRIBUTE_UNUSED) { 415 Runtime::Current()->SetZygoteNoThreadSection(true); 416 } 417 418 static void ZygoteHooks_stopZygoteNoThreadCreation(JNIEnv* env ATTRIBUTE_UNUSED, 419 jclass klass ATTRIBUTE_UNUSED) { 420 Runtime::Current()->SetZygoteNoThreadSection(false); 421 } 422 423 static JNINativeMethod gMethods[] = { 424 NATIVE_METHOD(ZygoteHooks, nativePreFork, "()J"), 425 NATIVE_METHOD(ZygoteHooks, nativePostZygoteFork, "()V"), 426 NATIVE_METHOD(ZygoteHooks, nativePostForkSystemServer, "()V"), 427 NATIVE_METHOD(ZygoteHooks, nativePostForkChild, "(JIZZLjava/lang/String;)V"), 428 NATIVE_METHOD(ZygoteHooks, startZygoteNoThreadCreation, "()V"), 429 NATIVE_METHOD(ZygoteHooks, stopZygoteNoThreadCreation, "()V"), 430 }; 431 432 void register_dalvik_system_ZygoteHooks(JNIEnv* env) { 433 REGISTER_NATIVE_METHODS("dalvik/system/ZygoteHooks"); 434 } 435 436 } // namespace art 437