1 /* 2 * Copyright (C) 2012-2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define LOG_TAG "DEBUG" 18 19 #include <dirent.h> 20 #include <errno.h> 21 #include <fcntl.h> 22 #include <inttypes.h> 23 #include <signal.h> 24 #include <stddef.h> 25 #include <stdio.h> 26 #include <stdlib.h> 27 #include <string.h> 28 #include <time.h> 29 #include <sys/ptrace.h> 30 #include <sys/socket.h> 31 #include <sys/stat.h> 32 #include <sys/un.h> 33 34 #include <private/android_filesystem_config.h> 35 36 #include <cutils/properties.h> 37 #include <log/log.h> 38 #include <log/logger.h> 39 #include <log/logprint.h> 40 41 #include <backtrace/Backtrace.h> 42 #include <backtrace/BacktraceMap.h> 43 44 #include <selinux/android.h> 45 46 #include <UniquePtr.h> 47 48 #include "machine.h" 49 #include "tombstone.h" 50 #include "backtrace.h" 51 52 #define STACK_WORDS 16 53 54 #define MAX_TOMBSTONES 10 55 #define TOMBSTONE_DIR "/data/tombstones" 56 #define TOMBSTONE_TEMPLATE (TOMBSTONE_DIR"/tombstone_%02d") 57 58 // Must match the path defined in NativeCrashListener.java 59 #define NCRASH_SOCKET_PATH "/data/system/ndebugsocket" 60 61 static bool signal_has_si_addr(int sig) { 62 switch (sig) { 63 case SIGBUS: 64 case SIGFPE: 65 case SIGILL: 66 case SIGSEGV: 67 case SIGTRAP: 68 return true; 69 default: 70 return false; 71 } 72 } 73 74 static const char* get_signame(int sig) { 75 switch(sig) { 76 case SIGABRT: return "SIGABRT"; 77 case SIGBUS: return "SIGBUS"; 78 case SIGFPE: return "SIGFPE"; 79 case SIGILL: return "SIGILL"; 80 case SIGPIPE: return "SIGPIPE"; 81 case SIGSEGV: return "SIGSEGV"; 82 #if defined(SIGSTKFLT) 83 case SIGSTKFLT: return "SIGSTKFLT"; 84 #endif 85 case SIGSTOP: return "SIGSTOP"; 86 case SIGTRAP: return "SIGTRAP"; 87 default: return "?"; 88 } 89 } 90 91 static const char* get_sigcode(int signo, int code) { 92 // Try the signal-specific codes... 93 switch (signo) { 94 case SIGILL: 95 switch (code) { 96 case ILL_ILLOPC: return "ILL_ILLOPC"; 97 case ILL_ILLOPN: return "ILL_ILLOPN"; 98 case ILL_ILLADR: return "ILL_ILLADR"; 99 case ILL_ILLTRP: return "ILL_ILLTRP"; 100 case ILL_PRVOPC: return "ILL_PRVOPC"; 101 case ILL_PRVREG: return "ILL_PRVREG"; 102 case ILL_COPROC: return "ILL_COPROC"; 103 case ILL_BADSTK: return "ILL_BADSTK"; 104 } 105 static_assert(NSIGILL == ILL_BADSTK, "missing ILL_* si_code"); 106 break; 107 case SIGBUS: 108 switch (code) { 109 case BUS_ADRALN: return "BUS_ADRALN"; 110 case BUS_ADRERR: return "BUS_ADRERR"; 111 case BUS_OBJERR: return "BUS_OBJERR"; 112 case BUS_MCEERR_AR: return "BUS_MCEERR_AR"; 113 case BUS_MCEERR_AO: return "BUS_MCEERR_AO"; 114 } 115 static_assert(NSIGBUS == BUS_MCEERR_AO, "missing BUS_* si_code"); 116 break; 117 case SIGFPE: 118 switch (code) { 119 case FPE_INTDIV: return "FPE_INTDIV"; 120 case FPE_INTOVF: return "FPE_INTOVF"; 121 case FPE_FLTDIV: return "FPE_FLTDIV"; 122 case FPE_FLTOVF: return "FPE_FLTOVF"; 123 case FPE_FLTUND: return "FPE_FLTUND"; 124 case FPE_FLTRES: return "FPE_FLTRES"; 125 case FPE_FLTINV: return "FPE_FLTINV"; 126 case FPE_FLTSUB: return "FPE_FLTSUB"; 127 } 128 static_assert(NSIGFPE == FPE_FLTSUB, "missing FPE_* si_code"); 129 break; 130 case SIGSEGV: 131 switch (code) { 132 case SEGV_MAPERR: return "SEGV_MAPERR"; 133 case SEGV_ACCERR: return "SEGV_ACCERR"; 134 } 135 static_assert(NSIGSEGV == SEGV_ACCERR, "missing SEGV_* si_code"); 136 break; 137 case SIGTRAP: 138 switch (code) { 139 case TRAP_BRKPT: return "TRAP_BRKPT"; 140 case TRAP_TRACE: return "TRAP_TRACE"; 141 case TRAP_BRANCH: return "TRAP_BRANCH"; 142 case TRAP_HWBKPT: return "TRAP_HWBKPT"; 143 } 144 static_assert(NSIGTRAP == TRAP_HWBKPT, "missing TRAP_* si_code"); 145 break; 146 } 147 // Then the other codes... 148 switch (code) { 149 case SI_USER: return "SI_USER"; 150 case SI_KERNEL: return "SI_KERNEL"; 151 case SI_QUEUE: return "SI_QUEUE"; 152 case SI_TIMER: return "SI_TIMER"; 153 case SI_MESGQ: return "SI_MESGQ"; 154 case SI_ASYNCIO: return "SI_ASYNCIO"; 155 case SI_SIGIO: return "SI_SIGIO"; 156 case SI_TKILL: return "SI_TKILL"; 157 case SI_DETHREAD: return "SI_DETHREAD"; 158 } 159 // Then give up... 160 return "?"; 161 } 162 163 static void dump_header_info(log_t* log) { 164 char fingerprint[PROPERTY_VALUE_MAX]; 165 char revision[PROPERTY_VALUE_MAX]; 166 167 property_get("ro.build.fingerprint", fingerprint, "unknown"); 168 property_get("ro.revision", revision, "unknown"); 169 170 _LOG(log, logtype::HEADER, "Build fingerprint: '%s'\n", fingerprint); 171 _LOG(log, logtype::HEADER, "Revision: '%s'\n", revision); 172 _LOG(log, logtype::HEADER, "ABI: '%s'\n", ABI_STRING); 173 } 174 175 static void dump_signal_info(log_t* log, pid_t tid, int signal, int si_code) { 176 siginfo_t si; 177 memset(&si, 0, sizeof(si)); 178 if (ptrace(PTRACE_GETSIGINFO, tid, 0, &si) == -1) { 179 _LOG(log, logtype::HEADER, "cannot get siginfo: %s\n", strerror(errno)); 180 return; 181 } 182 183 // bionic has to re-raise some signals, which overwrites the si_code with SI_TKILL. 184 si.si_code = si_code; 185 186 char addr_desc[32]; // ", fault addr 0x1234" 187 if (signal_has_si_addr(signal)) { 188 snprintf(addr_desc, sizeof(addr_desc), "%p", si.si_addr); 189 } else { 190 snprintf(addr_desc, sizeof(addr_desc), "--------"); 191 } 192 193 _LOG(log, logtype::HEADER, "signal %d (%s), code %d (%s), fault addr %s\n", 194 signal, get_signame(signal), si.si_code, get_sigcode(signal, si.si_code), addr_desc); 195 } 196 197 static void dump_thread_info(log_t* log, pid_t pid, pid_t tid) { 198 char path[64]; 199 char threadnamebuf[1024]; 200 char* threadname = NULL; 201 FILE *fp; 202 203 snprintf(path, sizeof(path), "/proc/%d/comm", tid); 204 if ((fp = fopen(path, "r"))) { 205 threadname = fgets(threadnamebuf, sizeof(threadnamebuf), fp); 206 fclose(fp); 207 if (threadname) { 208 size_t len = strlen(threadname); 209 if (len && threadname[len - 1] == '\n') { 210 threadname[len - 1] = '\0'; 211 } 212 } 213 } 214 // Blacklist logd, logd.reader, logd.writer, logd.auditd, logd.control ... 215 static const char logd[] = "logd"; 216 if (!strncmp(threadname, logd, sizeof(logd) - 1) 217 && (!threadname[sizeof(logd) - 1] || (threadname[sizeof(logd) - 1] == '.'))) { 218 log->should_retrieve_logcat = false; 219 } 220 221 char procnamebuf[1024]; 222 char* procname = NULL; 223 224 snprintf(path, sizeof(path), "/proc/%d/cmdline", pid); 225 if ((fp = fopen(path, "r"))) { 226 procname = fgets(procnamebuf, sizeof(procnamebuf), fp); 227 fclose(fp); 228 } 229 230 _LOG(log, logtype::HEADER, "pid: %d, tid: %d, name: %s >>> %s <<<\n", pid, tid, 231 threadname ? threadname : "UNKNOWN", procname ? procname : "UNKNOWN"); 232 } 233 234 static void dump_stack_segment( 235 Backtrace* backtrace, log_t* log, uintptr_t* sp, size_t words, int label) { 236 for (size_t i = 0; i < words; i++) { 237 word_t stack_content; 238 if (!backtrace->ReadWord(*sp, &stack_content)) { 239 break; 240 } 241 242 const backtrace_map_t* map = backtrace->FindMap(stack_content); 243 const char* map_name; 244 if (!map) { 245 map_name = ""; 246 } else { 247 map_name = map->name.c_str(); 248 } 249 uintptr_t offset = 0; 250 std::string func_name(backtrace->GetFunctionName(stack_content, &offset)); 251 if (!func_name.empty()) { 252 if (!i && label >= 0) { 253 if (offset) { 254 _LOG(log, logtype::STACK, " #%02d %" PRIPTR " %" PRIPTR " %s (%s+%" PRIuPTR ")\n", 255 label, *sp, stack_content, map_name, func_name.c_str(), offset); 256 } else { 257 _LOG(log, logtype::STACK, " #%02d %" PRIPTR " %" PRIPTR " %s (%s)\n", 258 label, *sp, stack_content, map_name, func_name.c_str()); 259 } 260 } else { 261 if (offset) { 262 _LOG(log, logtype::STACK, " %" PRIPTR " %" PRIPTR " %s (%s+%" PRIuPTR ")\n", 263 *sp, stack_content, map_name, func_name.c_str(), offset); 264 } else { 265 _LOG(log, logtype::STACK, " %" PRIPTR " %" PRIPTR " %s (%s)\n", 266 *sp, stack_content, map_name, func_name.c_str()); 267 } 268 } 269 } else { 270 if (!i && label >= 0) { 271 _LOG(log, logtype::STACK, " #%02d %" PRIPTR " %" PRIPTR " %s\n", 272 label, *sp, stack_content, map_name); 273 } else { 274 _LOG(log, logtype::STACK, " %" PRIPTR " %" PRIPTR " %s\n", 275 *sp, stack_content, map_name); 276 } 277 } 278 279 *sp += sizeof(word_t); 280 } 281 } 282 283 static void dump_stack(Backtrace* backtrace, log_t* log) { 284 size_t first = 0, last; 285 for (size_t i = 0; i < backtrace->NumFrames(); i++) { 286 const backtrace_frame_data_t* frame = backtrace->GetFrame(i); 287 if (frame->sp) { 288 if (!first) { 289 first = i+1; 290 } 291 last = i; 292 } 293 } 294 if (!first) { 295 return; 296 } 297 first--; 298 299 // Dump a few words before the first frame. 300 word_t sp = backtrace->GetFrame(first)->sp - STACK_WORDS * sizeof(word_t); 301 dump_stack_segment(backtrace, log, &sp, STACK_WORDS, -1); 302 303 // Dump a few words from all successive frames. 304 // Only log the first 3 frames, put the rest in the tombstone. 305 for (size_t i = first; i <= last; i++) { 306 const backtrace_frame_data_t* frame = backtrace->GetFrame(i); 307 if (sp != frame->sp) { 308 _LOG(log, logtype::STACK, " ........ ........\n"); 309 sp = frame->sp; 310 } 311 if (i == last) { 312 dump_stack_segment(backtrace, log, &sp, STACK_WORDS, i); 313 if (sp < frame->sp + frame->stack_size) { 314 _LOG(log, logtype::STACK, " ........ ........\n"); 315 } 316 } else { 317 size_t words = frame->stack_size / sizeof(word_t); 318 if (words == 0) { 319 words = 1; 320 } else if (words > STACK_WORDS) { 321 words = STACK_WORDS; 322 } 323 dump_stack_segment(backtrace, log, &sp, words, i); 324 } 325 } 326 } 327 328 static void dump_backtrace_and_stack(Backtrace* backtrace, log_t* log) { 329 if (backtrace->NumFrames()) { 330 _LOG(log, logtype::BACKTRACE, "\nbacktrace:\n"); 331 dump_backtrace_to_log(backtrace, log, " "); 332 333 _LOG(log, logtype::STACK, "\nstack:\n"); 334 dump_stack(backtrace, log); 335 } 336 } 337 338 static void dump_map(log_t* log, const backtrace_map_t* map, bool fault_addr) { 339 _LOG(log, logtype::MAPS, "%s%" PRIPTR "-%" PRIPTR " %c%c%c %7" PRIdPTR " %s\n", 340 (fault_addr? "--->" : " "), map->start, map->end - 1, 341 (map->flags & PROT_READ) ? 'r' : '-', (map->flags & PROT_WRITE) ? 'w' : '-', 342 (map->flags & PROT_EXEC) ? 'x' : '-', 343 (map->end - map->start), map->name.c_str()); 344 } 345 346 static void dump_nearby_maps(BacktraceMap* map, log_t* log, pid_t tid) { 347 siginfo_t si; 348 memset(&si, 0, sizeof(si)); 349 if (ptrace(PTRACE_GETSIGINFO, tid, 0, &si)) { 350 _LOG(log, logtype::MAPS, "cannot get siginfo for %d: %s\n", tid, strerror(errno)); 351 return; 352 } 353 354 bool has_fault_address = signal_has_si_addr(si.si_signo); 355 uintptr_t addr = reinterpret_cast<uintptr_t>(si.si_addr); 356 357 _LOG(log, logtype::MAPS, "\nmemory map: %s\n", has_fault_address ? "(fault address prefixed with --->)" : ""); 358 359 if (has_fault_address && (addr < map->begin()->start)) { 360 _LOG(log, logtype::MAPS, "--->Fault address falls at %" PRIPTR " before any mapped regions\n", addr); 361 } 362 363 BacktraceMap::const_iterator prev = map->begin(); 364 for (BacktraceMap::const_iterator it = map->begin(); it != map->end(); ++it) { 365 if (addr >= (*prev).end && addr < (*it).start) { 366 _LOG(log, logtype::MAPS, "--->Fault address falls at %" PRIPTR " between mapped regions\n", addr); 367 } 368 prev = it; 369 bool in_map = has_fault_address && (addr >= (*it).start) && (addr < (*it).end); 370 dump_map(log, &*it, in_map); 371 } 372 if (has_fault_address && (addr >= (*prev).end)) { 373 _LOG(log, logtype::MAPS, "--->Fault address falls at %" PRIPTR " after any mapped regions\n", addr); 374 } 375 } 376 377 static void dump_thread( 378 Backtrace* backtrace, log_t* log, int* total_sleep_time_usec) { 379 380 wait_for_stop(backtrace->Tid(), total_sleep_time_usec); 381 382 dump_registers(log, backtrace->Tid()); 383 dump_backtrace_and_stack(backtrace, log); 384 385 dump_memory_and_code(log, backtrace->Tid()); 386 dump_nearby_maps(backtrace->GetMap(), log, backtrace->Tid()); 387 } 388 389 // Return true if some thread is not detached cleanly 390 static bool dump_sibling_thread_report( 391 log_t* log, pid_t pid, pid_t tid, int* total_sleep_time_usec, BacktraceMap* map) { 392 char task_path[64]; 393 394 snprintf(task_path, sizeof(task_path), "/proc/%d/task", pid); 395 396 DIR* d = opendir(task_path); 397 // Bail early if the task directory cannot be opened 398 if (d == NULL) { 399 ALOGE("Cannot open /proc/%d/task\n", pid); 400 return false; 401 } 402 403 bool detach_failed = false; 404 struct dirent* de; 405 while ((de = readdir(d)) != NULL) { 406 // Ignore "." and ".." 407 if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) { 408 continue; 409 } 410 411 // The main thread at fault has been handled individually 412 char* end; 413 pid_t new_tid = strtoul(de->d_name, &end, 10); 414 if (*end || new_tid == tid) { 415 continue; 416 } 417 418 // Skip this thread if cannot ptrace it 419 if (ptrace(PTRACE_ATTACH, new_tid, 0, 0) < 0) { 420 _LOG(log, logtype::ERROR, "ptrace attach to %d failed: %s\n", new_tid, strerror(errno)); 421 continue; 422 } 423 424 log->current_tid = new_tid; 425 _LOG(log, logtype::THREAD, "--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---\n"); 426 dump_thread_info(log, pid, new_tid); 427 428 UniquePtr<Backtrace> backtrace(Backtrace::Create(pid, new_tid, map)); 429 if (backtrace->Unwind(0)) { 430 dump_thread(backtrace.get(), log, total_sleep_time_usec); 431 } 432 433 log->current_tid = log->crashed_tid; 434 435 if (ptrace(PTRACE_DETACH, new_tid, 0, 0) != 0) { 436 _LOG(log, logtype::ERROR, "ptrace detach from %d failed: %s\n", new_tid, strerror(errno)); 437 detach_failed = true; 438 } 439 } 440 441 closedir(d); 442 return detach_failed; 443 } 444 445 // Reads the contents of the specified log device, filters out the entries 446 // that don't match the specified pid, and writes them to the tombstone file. 447 // 448 // If "tail" is non-zero, log the last "tail" number of lines. 449 static EventTagMap* g_eventTagMap = NULL; 450 451 static void dump_log_file( 452 log_t* log, pid_t pid, const char* filename, unsigned int tail) { 453 bool first = true; 454 struct logger_list* logger_list; 455 456 if (!log->should_retrieve_logcat) { 457 return; 458 } 459 460 logger_list = android_logger_list_open( 461 android_name_to_log_id(filename), O_RDONLY | O_NONBLOCK, tail, pid); 462 463 if (!logger_list) { 464 ALOGE("Unable to open %s: %s\n", filename, strerror(errno)); 465 return; 466 } 467 468 struct log_msg log_entry; 469 470 while (true) { 471 ssize_t actual = android_logger_list_read(logger_list, &log_entry); 472 struct logger_entry* entry; 473 474 if (actual < 0) { 475 if (actual == -EINTR) { 476 // interrupted by signal, retry 477 continue; 478 } else if (actual == -EAGAIN) { 479 // non-blocking EOF; we're done 480 break; 481 } else { 482 _LOG(log, logtype::ERROR, "Error while reading log: %s\n", 483 strerror(-actual)); 484 break; 485 } 486 } else if (actual == 0) { 487 _LOG(log, logtype::ERROR, "Got zero bytes while reading log: %s\n", 488 strerror(errno)); 489 break; 490 } 491 492 // NOTE: if you ALOGV something here, this will spin forever, 493 // because you will be writing as fast as you're reading. Any 494 // high-frequency debug diagnostics should just be written to 495 // the tombstone file. 496 497 entry = &log_entry.entry_v1; 498 499 if (first) { 500 _LOG(log, logtype::LOGS, "--------- %slog %s\n", 501 tail ? "tail end of " : "", filename); 502 first = false; 503 } 504 505 // Msg format is: <priority:1><tag:N>\0<message:N>\0 506 // 507 // We want to display it in the same format as "logcat -v threadtime" 508 // (although in this case the pid is redundant). 509 static const char* kPrioChars = "!.VDIWEFS"; 510 unsigned hdr_size = log_entry.entry.hdr_size; 511 if (!hdr_size) { 512 hdr_size = sizeof(log_entry.entry_v1); 513 } 514 char* msg = reinterpret_cast<char*>(log_entry.buf) + hdr_size; 515 516 char timeBuf[32]; 517 time_t sec = static_cast<time_t>(entry->sec); 518 struct tm tmBuf; 519 struct tm* ptm; 520 ptm = localtime_r(&sec, &tmBuf); 521 strftime(timeBuf, sizeof(timeBuf), "%m-%d %H:%M:%S", ptm); 522 523 if (log_entry.id() == LOG_ID_EVENTS) { 524 if (!g_eventTagMap) { 525 g_eventTagMap = android_openEventTagMap(EVENT_TAG_MAP_FILE); 526 } 527 AndroidLogEntry e; 528 char buf[512]; 529 android_log_processBinaryLogBuffer(entry, &e, g_eventTagMap, buf, sizeof(buf)); 530 _LOG(log, logtype::LOGS, "%s.%03d %5d %5d %c %-8s: %s\n", 531 timeBuf, entry->nsec / 1000000, entry->pid, entry->tid, 532 'I', e.tag, e.message); 533 continue; 534 } 535 536 unsigned char prio = msg[0]; 537 char* tag = msg + 1; 538 msg = tag + strlen(tag) + 1; 539 540 // consume any trailing newlines 541 char* nl = msg + strlen(msg) - 1; 542 while (nl >= msg && *nl == '\n') { 543 *nl-- = '\0'; 544 } 545 546 char prioChar = (prio < strlen(kPrioChars) ? kPrioChars[prio] : '?'); 547 548 // Look for line breaks ('\n') and display each text line 549 // on a separate line, prefixed with the header, like logcat does. 550 do { 551 nl = strchr(msg, '\n'); 552 if (nl) { 553 *nl = '\0'; 554 ++nl; 555 } 556 557 _LOG(log, logtype::LOGS, "%s.%03d %5d %5d %c %-8s: %s\n", 558 timeBuf, entry->nsec / 1000000, entry->pid, entry->tid, 559 prioChar, tag, msg); 560 } while ((msg = nl)); 561 } 562 563 android_logger_list_free(logger_list); 564 } 565 566 // Dumps the logs generated by the specified pid to the tombstone, from both 567 // "system" and "main" log devices. Ideally we'd interleave the output. 568 static void dump_logs(log_t* log, pid_t pid, unsigned int tail) { 569 dump_log_file(log, pid, "system", tail); 570 dump_log_file(log, pid, "main", tail); 571 } 572 573 static void dump_abort_message(Backtrace* backtrace, log_t* log, uintptr_t address) { 574 if (address == 0) { 575 return; 576 } 577 578 address += sizeof(size_t); // Skip the buffer length. 579 580 char msg[512]; 581 memset(msg, 0, sizeof(msg)); 582 char* p = &msg[0]; 583 while (p < &msg[sizeof(msg)]) { 584 word_t data; 585 size_t len = sizeof(word_t); 586 if (!backtrace->ReadWord(address, &data)) { 587 break; 588 } 589 address += sizeof(word_t); 590 591 while (len > 0 && (*p++ = (data >> (sizeof(word_t) - len) * 8) & 0xff) != 0) 592 len--; 593 } 594 msg[sizeof(msg) - 1] = '\0'; 595 596 _LOG(log, logtype::HEADER, "Abort message: '%s'\n", msg); 597 } 598 599 // Dumps all information about the specified pid to the tombstone. 600 static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal, int si_code, 601 uintptr_t abort_msg_address, bool dump_sibling_threads, 602 int* total_sleep_time_usec) { 603 // don't copy log messages to tombstone unless this is a dev device 604 char value[PROPERTY_VALUE_MAX]; 605 property_get("ro.debuggable", value, "0"); 606 bool want_logs = (value[0] == '1'); 607 608 if (log->amfd >= 0) { 609 // Activity Manager protocol: binary 32-bit network-byte-order ints for the 610 // pid and signal number, followed by the raw text of the dump, culminating 611 // in a zero byte that marks end-of-data. 612 uint32_t datum = htonl(pid); 613 TEMP_FAILURE_RETRY( write(log->amfd, &datum, 4) ); 614 datum = htonl(signal); 615 TEMP_FAILURE_RETRY( write(log->amfd, &datum, 4) ); 616 } 617 618 _LOG(log, logtype::HEADER, 619 "*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***\n"); 620 dump_header_info(log); 621 dump_thread_info(log, pid, tid); 622 623 if (signal) { 624 dump_signal_info(log, tid, signal, si_code); 625 } 626 627 UniquePtr<BacktraceMap> map(BacktraceMap::Create(pid)); 628 UniquePtr<Backtrace> backtrace(Backtrace::Create(pid, tid, map.get())); 629 if (backtrace->Unwind(0)) { 630 dump_abort_message(backtrace.get(), log, abort_msg_address); 631 dump_thread(backtrace.get(), log, total_sleep_time_usec); 632 } 633 634 if (want_logs) { 635 dump_logs(log, pid, 5); 636 } 637 638 bool detach_failed = false; 639 if (dump_sibling_threads) { 640 detach_failed = dump_sibling_thread_report(log, pid, tid, total_sleep_time_usec, map.get()); 641 } 642 643 if (want_logs) { 644 dump_logs(log, pid, 0); 645 } 646 647 // send EOD to the Activity Manager, then wait for its ack to avoid racing ahead 648 // and killing the target out from under it 649 if (log->amfd >= 0) { 650 uint8_t eodMarker = 0; 651 TEMP_FAILURE_RETRY( write(log->amfd, &eodMarker, 1) ); 652 // 3 sec timeout reading the ack; we're fine if that happens 653 TEMP_FAILURE_RETRY( read(log->amfd, &eodMarker, 1) ); 654 } 655 656 return detach_failed; 657 } 658 659 // find_and_open_tombstone - find an available tombstone slot, if any, of the 660 // form tombstone_XX where XX is 00 to MAX_TOMBSTONES-1, inclusive. If no 661 // file is available, we reuse the least-recently-modified file. 662 // 663 // Returns the path of the tombstone file, allocated using malloc(). Caller must free() it. 664 static char* find_and_open_tombstone(int* fd) { 665 // In a single pass, find an available slot and, in case none 666 // exist, find and record the least-recently-modified file. 667 char path[128]; 668 int oldest = -1; 669 struct stat oldest_sb; 670 for (int i = 0; i < MAX_TOMBSTONES; i++) { 671 snprintf(path, sizeof(path), TOMBSTONE_TEMPLATE, i); 672 673 struct stat sb; 674 if (!stat(path, &sb)) { 675 if (oldest < 0 || sb.st_mtime < oldest_sb.st_mtime) { 676 oldest = i; 677 oldest_sb.st_mtime = sb.st_mtime; 678 } 679 continue; 680 } 681 if (errno != ENOENT) 682 continue; 683 684 *fd = open(path, O_CREAT | O_EXCL | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, 0600); 685 if (*fd < 0) 686 continue; // raced ? 687 688 fchown(*fd, AID_SYSTEM, AID_SYSTEM); 689 return strdup(path); 690 } 691 692 if (oldest < 0) { 693 ALOGE("Failed to find a valid tombstone, default to using tombstone 0.\n"); 694 oldest = 0; 695 } 696 697 // we didn't find an available file, so we clobber the oldest one 698 snprintf(path, sizeof(path), TOMBSTONE_TEMPLATE, oldest); 699 *fd = open(path, O_CREAT | O_TRUNC | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, 0600); 700 if (*fd < 0) { 701 ALOGE("failed to open tombstone file '%s': %s\n", path, strerror(errno)); 702 return NULL; 703 } 704 fchown(*fd, AID_SYSTEM, AID_SYSTEM); 705 return strdup(path); 706 } 707 708 static int activity_manager_connect() { 709 int amfd = socket(PF_UNIX, SOCK_STREAM, 0); 710 if (amfd >= 0) { 711 struct sockaddr_un address; 712 int err; 713 714 memset(&address, 0, sizeof(address)); 715 address.sun_family = AF_UNIX; 716 strncpy(address.sun_path, NCRASH_SOCKET_PATH, sizeof(address.sun_path)); 717 err = TEMP_FAILURE_RETRY(connect( 718 amfd, reinterpret_cast<struct sockaddr*>(&address), sizeof(address))); 719 if (!err) { 720 struct timeval tv; 721 memset(&tv, 0, sizeof(tv)); 722 tv.tv_sec = 1; // tight leash 723 err = setsockopt(amfd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); 724 if (!err) { 725 tv.tv_sec = 3; // 3 seconds on handshake read 726 err = setsockopt(amfd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)); 727 } 728 } 729 if (err) { 730 close(amfd); 731 amfd = -1; 732 } 733 } 734 735 return amfd; 736 } 737 738 char* engrave_tombstone(pid_t pid, pid_t tid, int signal, int original_si_code, 739 uintptr_t abort_msg_address, bool dump_sibling_threads, 740 bool* detach_failed, int* total_sleep_time_usec) { 741 742 log_t log; 743 log.current_tid = tid; 744 log.crashed_tid = tid; 745 746 if ((mkdir(TOMBSTONE_DIR, 0755) == -1) && (errno != EEXIST)) { 747 _LOG(&log, logtype::ERROR, "failed to create %s: %s\n", TOMBSTONE_DIR, strerror(errno)); 748 } 749 750 if (chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM) == -1) { 751 _LOG(&log, logtype::ERROR, "failed to change ownership of %s: %s\n", TOMBSTONE_DIR, strerror(errno)); 752 } 753 754 int fd = -1; 755 char* path = NULL; 756 if (selinux_android_restorecon(TOMBSTONE_DIR, 0) == 0) { 757 path = find_and_open_tombstone(&fd); 758 } else { 759 _LOG(&log, logtype::ERROR, "Failed to restore security context, not writing tombstone.\n"); 760 } 761 762 if (fd < 0) { 763 _LOG(&log, logtype::ERROR, "Skipping tombstone write, nothing to do.\n"); 764 *detach_failed = false; 765 return NULL; 766 } 767 768 log.tfd = fd; 769 // Preserve amfd since it can be modified through the calls below without 770 // being closed. 771 int amfd = activity_manager_connect(); 772 log.amfd = amfd; 773 *detach_failed = dump_crash(&log, pid, tid, signal, original_si_code, abort_msg_address, 774 dump_sibling_threads, total_sleep_time_usec); 775 776 ALOGI("\nTombstone written to: %s\n", path); 777 778 // Either of these file descriptors can be -1, any error is ignored. 779 close(amfd); 780 close(fd); 781 782 return path; 783 } 784
