1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/debug/stack_trace.h" 6 7 #include <errno.h> 8 #include <fcntl.h> 9 #include <signal.h> 10 #include <stddef.h> 11 #include <stdint.h> 12 #include <stdio.h> 13 #include <stdlib.h> 14 #include <string.h> 15 #include <sys/param.h> 16 #include <sys/stat.h> 17 #include <sys/types.h> 18 #include <unistd.h> 19 20 #include <algorithm> 21 #include <map> 22 #include <memory> 23 #include <ostream> 24 #include <string> 25 #include <vector> 26 27 #if !defined(USE_SYMBOLIZE) 28 #include <cxxabi.h> 29 #endif 30 #if !defined(__UCLIBC__) && !defined(_AIX) 31 #include <execinfo.h> 32 #endif 33 34 #if defined(OS_MACOSX) 35 #include <AvailabilityMacros.h> 36 #endif 37 38 #if defined(OS_LINUX) 39 #include "base/debug/proc_maps_linux.h" 40 #endif 41 42 #include "base/cfi_buildflags.h" 43 #include "base/debug/debugger.h" 44 #include "base/files/scoped_file.h" 45 #include "base/logging.h" 46 #include "base/macros.h" 47 #include "base/memory/free_deleter.h" 48 #include "base/memory/singleton.h" 49 #include "base/numerics/safe_conversions.h" 50 #include "base/posix/eintr_wrapper.h" 51 #include "base/strings/string_number_conversions.h" 52 #include "build/build_config.h" 53 54 #if defined(USE_SYMBOLIZE) 55 #include "base/third_party/symbolize/symbolize.h" 56 #endif 57 58 namespace base { 59 namespace debug { 60 61 namespace { 62 63 volatile sig_atomic_t in_signal_handler = 0; 64 65 bool (*try_handle_signal)(int, void*, void*) = nullptr; 66 67 #if !defined(USE_SYMBOLIZE) 68 // The prefix used for mangled symbols, per the Itanium C++ ABI: 69 // http://www.codesourcery.com/cxx-abi/abi.html#mangling 70 const char kMangledSymbolPrefix[] = "_Z"; 71 72 // Characters that can be used for symbols, generated by Ruby: 73 // (('a'..'z').to_a+('A'..'Z').to_a+('0'..'9').to_a + ['_']).join 74 const char kSymbolCharacters[] = 75 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_"; 76 #endif // !defined(USE_SYMBOLIZE) 77 78 #if !defined(USE_SYMBOLIZE) 79 // Demangles C++ symbols in the given text. Example: 80 // 81 // "out/Debug/base_unittests(_ZN10StackTraceC1Ev+0x20) [0x817778c]" 82 // => 83 // "out/Debug/base_unittests(StackTrace::StackTrace()+0x20) [0x817778c]" 84 void DemangleSymbols(std::string* text) { 85 // Note: code in this function is NOT async-signal safe (std::string uses 86 // malloc internally). 87 88 #if !defined(__UCLIBC__) && !defined(_AIX) 89 std::string::size_type search_from = 0; 90 while (search_from < text->size()) { 91 // Look for the start of a mangled symbol, from search_from. 92 std::string::size_type mangled_start = 93 text->find(kMangledSymbolPrefix, search_from); 94 if (mangled_start == std::string::npos) { 95 break; // Mangled symbol not found. 96 } 97 98 // Look for the end of the mangled symbol. 99 std::string::size_type mangled_end = 100 text->find_first_not_of(kSymbolCharacters, mangled_start); 101 if (mangled_end == std::string::npos) { 102 mangled_end = text->size(); 103 } 104 std::string mangled_symbol = 105 text->substr(mangled_start, mangled_end - mangled_start); 106 107 // Try to demangle the mangled symbol candidate. 108 int status = 0; 109 std::unique_ptr<char, base::FreeDeleter> demangled_symbol( 110 abi::__cxa_demangle(mangled_symbol.c_str(), nullptr, 0, &status)); 111 if (status == 0) { // Demangling is successful. 112 // Remove the mangled symbol. 113 text->erase(mangled_start, mangled_end - mangled_start); 114 // Insert the demangled symbol. 115 text->insert(mangled_start, demangled_symbol.get()); 116 // Next time, we'll start right after the demangled symbol we inserted. 117 search_from = mangled_start + strlen(demangled_symbol.get()); 118 } else { 119 // Failed to demangle. Retry after the "_Z" we just found. 120 search_from = mangled_start + 2; 121 } 122 } 123 #endif // !defined(__UCLIBC__) && !defined(_AIX) 124 } 125 #endif // !defined(USE_SYMBOLIZE) 126 127 class BacktraceOutputHandler { 128 public: 129 virtual void HandleOutput(const char* output) = 0; 130 131 protected: 132 virtual ~BacktraceOutputHandler() = default; 133 }; 134 135 #if !defined(__UCLIBC__) && !defined(_AIX) 136 void OutputPointer(void* pointer, BacktraceOutputHandler* handler) { 137 // This should be more than enough to store a 64-bit number in hex: 138 // 16 hex digits + 1 for null-terminator. 139 char buf[17] = { '\0' }; 140 handler->HandleOutput("0x"); 141 internal::itoa_r(reinterpret_cast<intptr_t>(pointer), 142 buf, sizeof(buf), 16, 12); 143 handler->HandleOutput(buf); 144 } 145 146 #if defined(USE_SYMBOLIZE) 147 void OutputFrameId(intptr_t frame_id, BacktraceOutputHandler* handler) { 148 // Max unsigned 64-bit number in decimal has 20 digits (18446744073709551615). 149 // Hence, 30 digits should be more than enough to represent it in decimal 150 // (including the null-terminator). 151 char buf[30] = { '\0' }; 152 handler->HandleOutput("#"); 153 internal::itoa_r(frame_id, buf, sizeof(buf), 10, 1); 154 handler->HandleOutput(buf); 155 } 156 #endif // defined(USE_SYMBOLIZE) 157 158 void ProcessBacktrace(void *const *trace, 159 size_t size, 160 BacktraceOutputHandler* handler) { 161 // NOTE: This code MUST be async-signal safe (it's used by in-process 162 // stack dumping signal handler). NO malloc or stdio is allowed here. 163 164 #if defined(USE_SYMBOLIZE) 165 for (size_t i = 0; i < size; ++i) { 166 OutputFrameId(i, handler); 167 handler->HandleOutput(" "); 168 OutputPointer(trace[i], handler); 169 handler->HandleOutput(" "); 170 171 char buf[1024] = { '\0' }; 172 173 // Subtract by one as return address of function may be in the next 174 // function when a function is annotated as noreturn. 175 void* address = static_cast<char*>(trace[i]) - 1; 176 if (google::Symbolize(address, buf, sizeof(buf))) 177 handler->HandleOutput(buf); 178 else 179 handler->HandleOutput("<unknown>"); 180 181 handler->HandleOutput("\n"); 182 } 183 #else 184 bool printed = false; 185 186 // Below part is async-signal unsafe (uses malloc), so execute it only 187 // when we are not executing the signal handler. 188 if (in_signal_handler == 0) { 189 std::unique_ptr<char*, FreeDeleter> trace_symbols( 190 backtrace_symbols(trace, size)); 191 if (trace_symbols.get()) { 192 for (size_t i = 0; i < size; ++i) { 193 std::string trace_symbol = trace_symbols.get()[i]; 194 DemangleSymbols(&trace_symbol); 195 handler->HandleOutput(trace_symbol.c_str()); 196 handler->HandleOutput("\n"); 197 } 198 199 printed = true; 200 } 201 } 202 203 if (!printed) { 204 for (size_t i = 0; i < size; ++i) { 205 handler->HandleOutput(" ["); 206 OutputPointer(trace[i], handler); 207 handler->HandleOutput("]\n"); 208 } 209 } 210 #endif // defined(USE_SYMBOLIZE) 211 } 212 #endif // !defined(__UCLIBC__) && !defined(_AIX) 213 214 void PrintToStderr(const char* output) { 215 // NOTE: This code MUST be async-signal safe (it's used by in-process 216 // stack dumping signal handler). NO malloc or stdio is allowed here. 217 ignore_result(HANDLE_EINTR(write(STDERR_FILENO, output, strlen(output)))); 218 } 219 220 void StackDumpSignalHandler(int signal, siginfo_t* info, void* void_context) { 221 // NOTE: This code MUST be async-signal safe. 222 // NO malloc or stdio is allowed here. 223 224 // Give a registered callback a chance to recover from this signal 225 // 226 // V8 uses guard regions to guarantee memory safety in WebAssembly. This means 227 // some signals might be expected if they originate from Wasm code while 228 // accessing the guard region. We give V8 the chance to handle and recover 229 // from these signals first. 230 if (try_handle_signal != nullptr && 231 try_handle_signal(signal, info, void_context)) { 232 // The first chance handler took care of this. The SA_RESETHAND flag 233 // replaced this signal handler upon entry, but we want to stay 234 // installed. Thus, we reinstall ourselves before returning. 235 struct sigaction action; 236 memset(&action, 0, sizeof(action)); 237 action.sa_flags = SA_RESETHAND | SA_SIGINFO; 238 action.sa_sigaction = &StackDumpSignalHandler; 239 sigemptyset(&action.sa_mask); 240 241 sigaction(signal, &action, nullptr); 242 return; 243 } 244 245 // Do not take the "in signal handler" code path on Mac in a DCHECK-enabled 246 // build, as this prevents seeing a useful (symbolized) stack trace on a crash 247 // or DCHECK() failure. While it may not be fully safe to run the stack symbol 248 // printing code, in practice it's better to provide meaningful stack traces - 249 // and the risk is low given we're likely crashing already. 250 #if !defined(OS_MACOSX) || !DCHECK_IS_ON() 251 // Record the fact that we are in the signal handler now, so that the rest 252 // of StackTrace can behave in an async-signal-safe manner. 253 in_signal_handler = 1; 254 #endif 255 256 if (BeingDebugged()) 257 BreakDebugger(); 258 259 PrintToStderr("Received signal "); 260 char buf[1024] = { 0 }; 261 internal::itoa_r(signal, buf, sizeof(buf), 10, 0); 262 PrintToStderr(buf); 263 if (signal == SIGBUS) { 264 if (info->si_code == BUS_ADRALN) 265 PrintToStderr(" BUS_ADRALN "); 266 else if (info->si_code == BUS_ADRERR) 267 PrintToStderr(" BUS_ADRERR "); 268 else if (info->si_code == BUS_OBJERR) 269 PrintToStderr(" BUS_OBJERR "); 270 else 271 PrintToStderr(" <unknown> "); 272 } else if (signal == SIGFPE) { 273 if (info->si_code == FPE_FLTDIV) 274 PrintToStderr(" FPE_FLTDIV "); 275 else if (info->si_code == FPE_FLTINV) 276 PrintToStderr(" FPE_FLTINV "); 277 else if (info->si_code == FPE_FLTOVF) 278 PrintToStderr(" FPE_FLTOVF "); 279 else if (info->si_code == FPE_FLTRES) 280 PrintToStderr(" FPE_FLTRES "); 281 else if (info->si_code == FPE_FLTSUB) 282 PrintToStderr(" FPE_FLTSUB "); 283 else if (info->si_code == FPE_FLTUND) 284 PrintToStderr(" FPE_FLTUND "); 285 else if (info->si_code == FPE_INTDIV) 286 PrintToStderr(" FPE_INTDIV "); 287 else if (info->si_code == FPE_INTOVF) 288 PrintToStderr(" FPE_INTOVF "); 289 else 290 PrintToStderr(" <unknown> "); 291 } else if (signal == SIGILL) { 292 if (info->si_code == ILL_BADSTK) 293 PrintToStderr(" ILL_BADSTK "); 294 else if (info->si_code == ILL_COPROC) 295 PrintToStderr(" ILL_COPROC "); 296 else if (info->si_code == ILL_ILLOPN) 297 PrintToStderr(" ILL_ILLOPN "); 298 else if (info->si_code == ILL_ILLADR) 299 PrintToStderr(" ILL_ILLADR "); 300 else if (info->si_code == ILL_ILLTRP) 301 PrintToStderr(" ILL_ILLTRP "); 302 else if (info->si_code == ILL_PRVOPC) 303 PrintToStderr(" ILL_PRVOPC "); 304 else if (info->si_code == ILL_PRVREG) 305 PrintToStderr(" ILL_PRVREG "); 306 else 307 PrintToStderr(" <unknown> "); 308 } else if (signal == SIGSEGV) { 309 if (info->si_code == SEGV_MAPERR) 310 PrintToStderr(" SEGV_MAPERR "); 311 else if (info->si_code == SEGV_ACCERR) 312 PrintToStderr(" SEGV_ACCERR "); 313 else 314 PrintToStderr(" <unknown> "); 315 } 316 if (signal == SIGBUS || signal == SIGFPE || 317 signal == SIGILL || signal == SIGSEGV) { 318 internal::itoa_r(reinterpret_cast<intptr_t>(info->si_addr), 319 buf, sizeof(buf), 16, 12); 320 PrintToStderr(buf); 321 } 322 PrintToStderr("\n"); 323 324 #if BUILDFLAG(CFI_ENFORCEMENT_TRAP) 325 if (signal == SIGILL && info->si_code == ILL_ILLOPN) { 326 PrintToStderr( 327 "CFI: Most likely a control flow integrity violation; for more " 328 "information see:\n"); 329 PrintToStderr( 330 "https://www.chromium.org/developers/testing/control-flow-integrity\n"); 331 } 332 #endif // BUILDFLAG(CFI_ENFORCEMENT_TRAP) 333 334 debug::StackTrace().Print(); 335 336 #if defined(OS_LINUX) 337 #if ARCH_CPU_X86_FAMILY 338 ucontext_t* context = reinterpret_cast<ucontext_t*>(void_context); 339 const struct { 340 const char* label; 341 greg_t value; 342 } registers[] = { 343 #if ARCH_CPU_32_BITS 344 { " gs: ", context->uc_mcontext.gregs[REG_GS] }, 345 { " fs: ", context->uc_mcontext.gregs[REG_FS] }, 346 { " es: ", context->uc_mcontext.gregs[REG_ES] }, 347 { " ds: ", context->uc_mcontext.gregs[REG_DS] }, 348 { " edi: ", context->uc_mcontext.gregs[REG_EDI] }, 349 { " esi: ", context->uc_mcontext.gregs[REG_ESI] }, 350 { " ebp: ", context->uc_mcontext.gregs[REG_EBP] }, 351 { " esp: ", context->uc_mcontext.gregs[REG_ESP] }, 352 { " ebx: ", context->uc_mcontext.gregs[REG_EBX] }, 353 { " edx: ", context->uc_mcontext.gregs[REG_EDX] }, 354 { " ecx: ", context->uc_mcontext.gregs[REG_ECX] }, 355 { " eax: ", context->uc_mcontext.gregs[REG_EAX] }, 356 { " trp: ", context->uc_mcontext.gregs[REG_TRAPNO] }, 357 { " err: ", context->uc_mcontext.gregs[REG_ERR] }, 358 { " ip: ", context->uc_mcontext.gregs[REG_EIP] }, 359 { " cs: ", context->uc_mcontext.gregs[REG_CS] }, 360 { " efl: ", context->uc_mcontext.gregs[REG_EFL] }, 361 { " usp: ", context->uc_mcontext.gregs[REG_UESP] }, 362 { " ss: ", context->uc_mcontext.gregs[REG_SS] }, 363 #elif ARCH_CPU_64_BITS 364 { " r8: ", context->uc_mcontext.gregs[REG_R8] }, 365 { " r9: ", context->uc_mcontext.gregs[REG_R9] }, 366 { " r10: ", context->uc_mcontext.gregs[REG_R10] }, 367 { " r11: ", context->uc_mcontext.gregs[REG_R11] }, 368 { " r12: ", context->uc_mcontext.gregs[REG_R12] }, 369 { " r13: ", context->uc_mcontext.gregs[REG_R13] }, 370 { " r14: ", context->uc_mcontext.gregs[REG_R14] }, 371 { " r15: ", context->uc_mcontext.gregs[REG_R15] }, 372 { " di: ", context->uc_mcontext.gregs[REG_RDI] }, 373 { " si: ", context->uc_mcontext.gregs[REG_RSI] }, 374 { " bp: ", context->uc_mcontext.gregs[REG_RBP] }, 375 { " bx: ", context->uc_mcontext.gregs[REG_RBX] }, 376 { " dx: ", context->uc_mcontext.gregs[REG_RDX] }, 377 { " ax: ", context->uc_mcontext.gregs[REG_RAX] }, 378 { " cx: ", context->uc_mcontext.gregs[REG_RCX] }, 379 { " sp: ", context->uc_mcontext.gregs[REG_RSP] }, 380 { " ip: ", context->uc_mcontext.gregs[REG_RIP] }, 381 { " efl: ", context->uc_mcontext.gregs[REG_EFL] }, 382 { " cgf: ", context->uc_mcontext.gregs[REG_CSGSFS] }, 383 { " erf: ", context->uc_mcontext.gregs[REG_ERR] }, 384 { " trp: ", context->uc_mcontext.gregs[REG_TRAPNO] }, 385 { " msk: ", context->uc_mcontext.gregs[REG_OLDMASK] }, 386 { " cr2: ", context->uc_mcontext.gregs[REG_CR2] }, 387 #endif // ARCH_CPU_32_BITS 388 }; 389 390 #if ARCH_CPU_32_BITS 391 const int kRegisterPadding = 8; 392 #elif ARCH_CPU_64_BITS 393 const int kRegisterPadding = 16; 394 #endif 395 396 for (size_t i = 0; i < arraysize(registers); i++) { 397 PrintToStderr(registers[i].label); 398 internal::itoa_r(registers[i].value, buf, sizeof(buf), 399 16, kRegisterPadding); 400 PrintToStderr(buf); 401 402 if ((i + 1) % 4 == 0) 403 PrintToStderr("\n"); 404 } 405 PrintToStderr("\n"); 406 #endif // ARCH_CPU_X86_FAMILY 407 #endif // defined(OS_LINUX) 408 409 PrintToStderr("[end of stack trace]\n"); 410 411 #if defined(OS_MACOSX) && !defined(OS_IOS) 412 if (::signal(signal, SIG_DFL) == SIG_ERR) 413 _exit(1); 414 #else 415 // Non-Mac OSes should probably reraise the signal as well, but the Linux 416 // sandbox tests break on CrOS devices. 417 // https://code.google.com/p/chromium/issues/detail?id=551681 418 PrintToStderr("Calling _exit(1). Core file will not be generated.\n"); 419 _exit(1); 420 #endif // defined(OS_MACOSX) && !defined(OS_IOS) 421 } 422 423 class PrintBacktraceOutputHandler : public BacktraceOutputHandler { 424 public: 425 PrintBacktraceOutputHandler() = default; 426 427 void HandleOutput(const char* output) override { 428 // NOTE: This code MUST be async-signal safe (it's used by in-process 429 // stack dumping signal handler). NO malloc or stdio is allowed here. 430 PrintToStderr(output); 431 } 432 433 private: 434 DISALLOW_COPY_AND_ASSIGN(PrintBacktraceOutputHandler); 435 }; 436 437 class StreamBacktraceOutputHandler : public BacktraceOutputHandler { 438 public: 439 explicit StreamBacktraceOutputHandler(std::ostream* os) : os_(os) { 440 } 441 442 void HandleOutput(const char* output) override { (*os_) << output; } 443 444 private: 445 std::ostream* os_; 446 447 DISALLOW_COPY_AND_ASSIGN(StreamBacktraceOutputHandler); 448 }; 449 450 void WarmUpBacktrace() { 451 // Warm up stack trace infrastructure. It turns out that on the first 452 // call glibc initializes some internal data structures using pthread_once, 453 // and even backtrace() can call malloc(), leading to hangs. 454 // 455 // Example stack trace snippet (with tcmalloc): 456 // 457 // #8 0x0000000000a173b5 in tc_malloc 458 // at ./third_party/tcmalloc/chromium/src/debugallocation.cc:1161 459 // #9 0x00007ffff7de7900 in _dl_map_object_deps at dl-deps.c:517 460 // #10 0x00007ffff7ded8a9 in dl_open_worker at dl-open.c:262 461 // #11 0x00007ffff7de9176 in _dl_catch_error at dl-error.c:178 462 // #12 0x00007ffff7ded31a in _dl_open (file=0x7ffff625e298 "libgcc_s.so.1") 463 // at dl-open.c:639 464 // #13 0x00007ffff6215602 in do_dlopen at dl-libc.c:89 465 // #14 0x00007ffff7de9176 in _dl_catch_error at dl-error.c:178 466 // #15 0x00007ffff62156c4 in dlerror_run at dl-libc.c:48 467 // #16 __GI___libc_dlopen_mode at dl-libc.c:165 468 // #17 0x00007ffff61ef8f5 in init 469 // at ../sysdeps/x86_64/../ia64/backtrace.c:53 470 // #18 0x00007ffff6aad400 in pthread_once 471 // at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_once.S:104 472 // #19 0x00007ffff61efa14 in __GI___backtrace 473 // at ../sysdeps/x86_64/../ia64/backtrace.c:104 474 // #20 0x0000000000752a54 in base::debug::StackTrace::StackTrace 475 // at base/debug/stack_trace_posix.cc:175 476 // #21 0x00000000007a4ae5 in 477 // base::(anonymous namespace)::StackDumpSignalHandler 478 // at base/process_util_posix.cc:172 479 // #22 <signal handler called> 480 StackTrace stack_trace; 481 } 482 483 #if defined(USE_SYMBOLIZE) 484 485 // class SandboxSymbolizeHelper. 486 // 487 // The purpose of this class is to prepare and install a "file open" callback 488 // needed by the stack trace symbolization code 489 // (base/third_party/symbolize/symbolize.h) so that it can function properly 490 // in a sandboxed process. The caveat is that this class must be instantiated 491 // before the sandboxing is enabled so that it can get the chance to open all 492 // the object files that are loaded in the virtual address space of the current 493 // process. 494 class SandboxSymbolizeHelper { 495 public: 496 // Returns the singleton instance. 497 static SandboxSymbolizeHelper* GetInstance() { 498 return Singleton<SandboxSymbolizeHelper, 499 LeakySingletonTraits<SandboxSymbolizeHelper>>::get(); 500 } 501 502 private: 503 friend struct DefaultSingletonTraits<SandboxSymbolizeHelper>; 504 505 SandboxSymbolizeHelper() 506 : is_initialized_(false) { 507 Init(); 508 } 509 510 ~SandboxSymbolizeHelper() { 511 UnregisterCallback(); 512 CloseObjectFiles(); 513 } 514 515 // Returns a O_RDONLY file descriptor for |file_path| if it was opened 516 // successfully during the initialization. The file is repositioned at 517 // offset 0. 518 // IMPORTANT: This function must be async-signal-safe because it can be 519 // called from a signal handler (symbolizing stack frames for a crash). 520 int GetFileDescriptor(const char* file_path) { 521 int fd = -1; 522 523 #if !defined(OFFICIAL_BUILD) 524 if (file_path) { 525 // The assumption here is that iterating over std::map<std::string, int> 526 // using a const_iterator does not allocate dynamic memory, hense it is 527 // async-signal-safe. 528 std::map<std::string, int>::const_iterator it; 529 for (it = modules_.begin(); it != modules_.end(); ++it) { 530 if (strcmp((it->first).c_str(), file_path) == 0) { 531 // POSIX.1-2004 requires an implementation to guarantee that dup() 532 // is async-signal-safe. 533 fd = HANDLE_EINTR(dup(it->second)); 534 break; 535 } 536 } 537 // POSIX.1-2004 requires an implementation to guarantee that lseek() 538 // is async-signal-safe. 539 if (fd >= 0 && lseek(fd, 0, SEEK_SET) < 0) { 540 // Failed to seek. 541 fd = -1; 542 } 543 } 544 #endif // !defined(OFFICIAL_BUILD) 545 546 return fd; 547 } 548 549 // Searches for the object file (from /proc/self/maps) that contains 550 // the specified pc. If found, sets |start_address| to the start address 551 // of where this object file is mapped in memory, sets the module base 552 // address into |base_address|, copies the object file name into 553 // |out_file_name|, and attempts to open the object file. If the object 554 // file is opened successfully, returns the file descriptor. Otherwise, 555 // returns -1. |out_file_name_size| is the size of the file name buffer 556 // (including the null terminator). 557 // IMPORTANT: This function must be async-signal-safe because it can be 558 // called from a signal handler (symbolizing stack frames for a crash). 559 static int OpenObjectFileContainingPc(uint64_t pc, uint64_t& start_address, 560 uint64_t& base_address, char* file_path, 561 int file_path_size) { 562 // This method can only be called after the singleton is instantiated. 563 // This is ensured by the following facts: 564 // * This is the only static method in this class, it is private, and 565 // the class has no friends (except for the DefaultSingletonTraits). 566 // The compiler guarantees that it can only be called after the 567 // singleton is instantiated. 568 // * This method is used as a callback for the stack tracing code and 569 // the callback registration is done in the constructor, so logically 570 // it cannot be called before the singleton is created. 571 SandboxSymbolizeHelper* instance = GetInstance(); 572 573 // The assumption here is that iterating over 574 // std::vector<MappedMemoryRegion> using a const_iterator does not allocate 575 // dynamic memory, hence it is async-signal-safe. 576 for (const MappedMemoryRegion& region : instance->regions_) { 577 if (region.start <= pc && pc < region.end) { 578 start_address = region.start; 579 base_address = region.base; 580 if (file_path && file_path_size > 0) { 581 strncpy(file_path, region.path.c_str(), file_path_size); 582 // Ensure null termination. 583 file_path[file_path_size - 1] = '\0'; 584 } 585 return instance->GetFileDescriptor(region.path.c_str()); 586 } 587 } 588 return -1; 589 } 590 591 // Set the base address for each memory region by reading ELF headers in 592 // process memory. 593 void SetBaseAddressesForMemoryRegions() { 594 base::ScopedFD mem_fd( 595 HANDLE_EINTR(open("/proc/self/mem", O_RDONLY | O_CLOEXEC))); 596 if (!mem_fd.is_valid()) 597 return; 598 599 auto safe_memcpy = [&mem_fd](void* dst, uintptr_t src, size_t size) { 600 return HANDLE_EINTR(pread(mem_fd.get(), dst, size, src)) == ssize_t(size); 601 }; 602 603 uintptr_t cur_base = 0; 604 for (auto& r : regions_) { 605 ElfW(Ehdr) ehdr; 606 static_assert(SELFMAG <= sizeof(ElfW(Ehdr)), "SELFMAG too large"); 607 if ((r.permissions & MappedMemoryRegion::READ) && 608 safe_memcpy(&ehdr, r.start, sizeof(ElfW(Ehdr))) && 609 memcmp(ehdr.e_ident, ELFMAG, SELFMAG) == 0) { 610 switch (ehdr.e_type) { 611 case ET_EXEC: 612 cur_base = 0; 613 break; 614 case ET_DYN: 615 // Find the segment containing file offset 0. This will correspond 616 // to the ELF header that we just read. Normally this will have 617 // virtual address 0, but this is not guaranteed. We must subtract 618 // the virtual address from the address where the ELF header was 619 // mapped to get the base address. 620 // 621 // If we fail to find a segment for file offset 0, use the address 622 // of the ELF header as the base address. 623 cur_base = r.start; 624 for (unsigned i = 0; i != ehdr.e_phnum; ++i) { 625 ElfW(Phdr) phdr; 626 if (safe_memcpy(&phdr, r.start + ehdr.e_phoff + i * sizeof(phdr), 627 sizeof(phdr)) && 628 phdr.p_type == PT_LOAD && phdr.p_offset == 0) { 629 cur_base = r.start - phdr.p_vaddr; 630 break; 631 } 632 } 633 break; 634 default: 635 // ET_REL or ET_CORE. These aren't directly executable, so they 636 // don't affect the base address. 637 break; 638 } 639 } 640 641 r.base = cur_base; 642 } 643 } 644 645 // Parses /proc/self/maps in order to compile a list of all object file names 646 // for the modules that are loaded in the current process. 647 // Returns true on success. 648 bool CacheMemoryRegions() { 649 // Reads /proc/self/maps. 650 std::string contents; 651 if (!ReadProcMaps(&contents)) { 652 LOG(ERROR) << "Failed to read /proc/self/maps"; 653 return false; 654 } 655 656 // Parses /proc/self/maps. 657 if (!ParseProcMaps(contents, ®ions_)) { 658 LOG(ERROR) << "Failed to parse the contents of /proc/self/maps"; 659 return false; 660 } 661 662 SetBaseAddressesForMemoryRegions(); 663 664 is_initialized_ = true; 665 return true; 666 } 667 668 // Opens all object files and caches their file descriptors. 669 void OpenSymbolFiles() { 670 // Pre-opening and caching the file descriptors of all loaded modules is 671 // not safe for production builds. Hence it is only done in non-official 672 // builds. For more details, take a look at: http://crbug.com/341966. 673 #if !defined(OFFICIAL_BUILD) 674 // Open the object files for all read-only executable regions and cache 675 // their file descriptors. 676 std::vector<MappedMemoryRegion>::const_iterator it; 677 for (it = regions_.begin(); it != regions_.end(); ++it) { 678 const MappedMemoryRegion& region = *it; 679 // Only interesed in read-only executable regions. 680 if ((region.permissions & MappedMemoryRegion::READ) == 681 MappedMemoryRegion::READ && 682 (region.permissions & MappedMemoryRegion::WRITE) == 0 && 683 (region.permissions & MappedMemoryRegion::EXECUTE) == 684 MappedMemoryRegion::EXECUTE) { 685 if (region.path.empty()) { 686 // Skip regions with empty file names. 687 continue; 688 } 689 if (region.path[0] == '[') { 690 // Skip pseudo-paths, like [stack], [vdso], [heap], etc ... 691 continue; 692 } 693 // Avoid duplicates. 694 if (modules_.find(region.path) == modules_.end()) { 695 int fd = open(region.path.c_str(), O_RDONLY | O_CLOEXEC); 696 if (fd >= 0) { 697 modules_.insert(std::make_pair(region.path, fd)); 698 } else { 699 LOG(WARNING) << "Failed to open file: " << region.path 700 << "\n Error: " << strerror(errno); 701 } 702 } 703 } 704 } 705 #endif // !defined(OFFICIAL_BUILD) 706 } 707 708 // Initializes and installs the symbolization callback. 709 void Init() { 710 if (CacheMemoryRegions()) { 711 OpenSymbolFiles(); 712 google::InstallSymbolizeOpenObjectFileCallback( 713 &OpenObjectFileContainingPc); 714 } 715 } 716 717 // Unregister symbolization callback. 718 void UnregisterCallback() { 719 if (is_initialized_) { 720 google::InstallSymbolizeOpenObjectFileCallback(nullptr); 721 is_initialized_ = false; 722 } 723 } 724 725 // Closes all file descriptors owned by this instance. 726 void CloseObjectFiles() { 727 #if !defined(OFFICIAL_BUILD) 728 std::map<std::string, int>::iterator it; 729 for (it = modules_.begin(); it != modules_.end(); ++it) { 730 int ret = IGNORE_EINTR(close(it->second)); 731 DCHECK(!ret); 732 it->second = -1; 733 } 734 modules_.clear(); 735 #endif // !defined(OFFICIAL_BUILD) 736 } 737 738 // Set to true upon successful initialization. 739 bool is_initialized_; 740 741 #if !defined(OFFICIAL_BUILD) 742 // Mapping from file name to file descriptor. Includes file descriptors 743 // for all successfully opened object files and the file descriptor for 744 // /proc/self/maps. This code is not safe for production builds. 745 std::map<std::string, int> modules_; 746 #endif // !defined(OFFICIAL_BUILD) 747 748 // Cache for the process memory regions. Produced by parsing the contents 749 // of /proc/self/maps cache. 750 std::vector<MappedMemoryRegion> regions_; 751 752 DISALLOW_COPY_AND_ASSIGN(SandboxSymbolizeHelper); 753 }; 754 #endif // USE_SYMBOLIZE 755 756 } // namespace 757 758 bool EnableInProcessStackDumping() { 759 #if defined(USE_SYMBOLIZE) 760 SandboxSymbolizeHelper::GetInstance(); 761 #endif // USE_SYMBOLIZE 762 763 // When running in an application, our code typically expects SIGPIPE 764 // to be ignored. Therefore, when testing that same code, it should run 765 // with SIGPIPE ignored as well. 766 struct sigaction sigpipe_action; 767 memset(&sigpipe_action, 0, sizeof(sigpipe_action)); 768 sigpipe_action.sa_handler = SIG_IGN; 769 sigemptyset(&sigpipe_action.sa_mask); 770 bool success = (sigaction(SIGPIPE, &sigpipe_action, nullptr) == 0); 771 772 // Avoid hangs during backtrace initialization, see above. 773 WarmUpBacktrace(); 774 775 struct sigaction action; 776 memset(&action, 0, sizeof(action)); 777 action.sa_flags = SA_RESETHAND | SA_SIGINFO; 778 action.sa_sigaction = &StackDumpSignalHandler; 779 sigemptyset(&action.sa_mask); 780 781 success &= (sigaction(SIGILL, &action, nullptr) == 0); 782 success &= (sigaction(SIGABRT, &action, nullptr) == 0); 783 success &= (sigaction(SIGFPE, &action, nullptr) == 0); 784 success &= (sigaction(SIGBUS, &action, nullptr) == 0); 785 success &= (sigaction(SIGSEGV, &action, nullptr) == 0); 786 // On Linux, SIGSYS is reserved by the kernel for seccomp-bpf sandboxing. 787 #if !defined(OS_LINUX) 788 success &= (sigaction(SIGSYS, &action, nullptr) == 0); 789 #endif // !defined(OS_LINUX) 790 791 return success; 792 } 793 794 void SetStackDumpFirstChanceCallback(bool (*handler)(int, void*, void*)) { 795 DCHECK(try_handle_signal == nullptr || handler == nullptr); 796 try_handle_signal = handler; 797 } 798 799 StackTrace::StackTrace(size_t count) { 800 // NOTE: This code MUST be async-signal safe (it's used by in-process 801 // stack dumping signal handler). NO malloc or stdio is allowed here. 802 803 #if !defined(__UCLIBC__) && !defined(_AIX) 804 count = std::min(arraysize(trace_), count); 805 806 // Though the backtrace API man page does not list any possible negative 807 // return values, we take no chance. 808 count_ = base::saturated_cast<size_t>(backtrace(trace_, count)); 809 #else 810 count_ = 0; 811 #endif 812 } 813 814 void StackTrace::Print() const { 815 // NOTE: This code MUST be async-signal safe (it's used by in-process 816 // stack dumping signal handler). NO malloc or stdio is allowed here. 817 818 #if !defined(__UCLIBC__) && !defined(_AIX) 819 PrintBacktraceOutputHandler handler; 820 ProcessBacktrace(trace_, count_, &handler); 821 #endif 822 } 823 824 #if !defined(__UCLIBC__) && !defined(_AIX) 825 void StackTrace::OutputToStream(std::ostream* os) const { 826 StreamBacktraceOutputHandler handler(os); 827 ProcessBacktrace(trace_, count_, &handler); 828 } 829 #endif 830 831 namespace internal { 832 833 // NOTE: code from sandbox/linux/seccomp-bpf/demo.cc. 834 char* itoa_r(intptr_t i, char* buf, size_t sz, int base, size_t padding) { 835 // Make sure we can write at least one NUL byte. 836 size_t n = 1; 837 if (n > sz) 838 return nullptr; 839 840 if (base < 2 || base > 16) { 841 buf[0] = '\000'; 842 return nullptr; 843 } 844 845 char* start = buf; 846 847 uintptr_t j = i; 848 849 // Handle negative numbers (only for base 10). 850 if (i < 0 && base == 10) { 851 // This does "j = -i" while avoiding integer overflow. 852 j = static_cast<uintptr_t>(-(i + 1)) + 1; 853 854 // Make sure we can write the '-' character. 855 if (++n > sz) { 856 buf[0] = '\000'; 857 return nullptr; 858 } 859 *start++ = '-'; 860 } 861 862 // Loop until we have converted the entire number. Output at least one 863 // character (i.e. '0'). 864 char* ptr = start; 865 do { 866 // Make sure there is still enough space left in our output buffer. 867 if (++n > sz) { 868 buf[0] = '\000'; 869 return nullptr; 870 } 871 872 // Output the next digit. 873 *ptr++ = "0123456789abcdef"[j % base]; 874 j /= base; 875 876 if (padding > 0) 877 padding--; 878 } while (j > 0 || padding > 0); 879 880 // Terminate the output with a NUL character. 881 *ptr = '\000'; 882 883 // Conversion to ASCII actually resulted in the digits being in reverse 884 // order. We can't easily generate them in forward order, as we can't tell 885 // the number of characters needed until we are done converting. 886 // So, now, we reverse the string (except for the possible "-" sign). 887 while (--ptr > start) { 888 char ch = *ptr; 889 *ptr = *start; 890 *start++ = ch; 891 } 892 return buf; 893 } 894 895 } // namespace internal 896 897 } // namespace debug 898 } // namespace base 899
