Home | History | Annotate | Download | only in runtime 
      1 /*
      2  * Copyright (C) 2008 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #include "fault_handler.h"
     18 
     19 #include <setjmp.h>
     20 #include <sys/mman.h>
     21 #include <sys/ucontext.h>
     22 #include "mirror/art_method.h"
     23 #include "mirror/class.h"
     24 #include "sigchain.h"
     25 #include "thread-inl.h"
     26 #include "verify_object-inl.h"
     27 
     28 // Note on nested signal support
     29 // -----------------------------
     30 //
     31 // Typically a signal handler should not need to deal with signals that occur within it.
     32 // However, when a SIGSEGV occurs that is in generated code and is not one of the
     33 // handled signals (implicit checks), we call a function to try to dump the stack
     34 // to the log.  This enhances the debugging experience but may have the side effect
     35 // that it may not work.  If the cause of the original SIGSEGV is a corrupted stack or other
     36 // memory region, the stack backtrace code may run into trouble and may either crash
     37 // or fail with an abort (SIGABRT).  In either case we don't want that (new) signal to
     38 // mask the original signal and thus prevent useful debug output from being presented.
     39 //
     40 // In order to handle this situation, before we call the stack tracer we do the following:
     41 //
     42 // 1. shutdown the fault manager so that we are talking to the real signal management
     43 //    functions rather than those in sigchain.
     44 // 2. use pthread_sigmask to allow SIGSEGV and SIGABRT signals to be delivered to the
     45 //    thread running the signal handler.
     46 // 3. set the handler for SIGSEGV and SIGABRT to a secondary signal handler.
     47 // 4. save the thread's state to the TLS of the current thread using 'setjmp'
     48 //
     49 // We then call the stack tracer and one of two things may happen:
     50 // a. it completes successfully
     51 // b. it crashes and a signal is raised.
     52 //
     53 // In the former case, we fall through and everything is fine.  In the latter case
     54 // our secondary signal handler gets called in a signal context.  This results in
     55 // a call to FaultManager::HandledNestedSignal(), an archirecture specific function
     56 // whose purpose is to call 'longjmp' on the jmp_buf saved in the TLS of the current
     57 // thread.  This results in a return with a non-zero value from 'setjmp'.  We detect this
     58 // and write something to the log to tell the user that it happened.
     59 //
     60 // Regardless of how we got there, we reach the code after the stack tracer and we
     61 // restore the signal states to their original values, reinstate the fault manager (thus
     62 // reestablishing the signal chain) and continue.
     63 
     64 // This is difficult to test with a runtime test.  To invoke the nested signal code
     65 // on any signal, uncomment the following line and run something that throws a
     66 // NullPointerException.
     67 // #define TEST_NESTED_SIGNAL
     68 
     69 namespace art {
     70 // Static fault manger object accessed by signal handler.
     71 FaultManager fault_manager;
     72 
     73 extern "C" {
     74 void art_sigsegv_fault() {
     75   // Set a breakpoint here to be informed when a SIGSEGV is unhandled by ART.
     76   VLOG(signals)<< "Caught unknown SIGSEGV in ART fault handler - chaining to next handler.";
     77 }
     78 }
     79 
     80 // Signal handler called on SIGSEGV.
     81 static void art_fault_handler(int sig, siginfo_t* info, void* context) {
     82   fault_manager.HandleFault(sig, info, context);
     83 }
     84 
     85 // Signal handler for dealing with a nested signal.
     86 static void art_nested_signal_handler(int sig, siginfo_t* info, void* context) {
     87   fault_manager.HandleNestedSignal(sig, info, context);
     88 }
     89 
     90 FaultManager::FaultManager() : initialized_(false) {
     91   sigaction(SIGSEGV, nullptr, &oldaction_);
     92 }
     93 
     94 FaultManager::~FaultManager() {
     95 }
     96 
     97 static void SetUpArtAction(struct sigaction* action) {
     98   action->sa_sigaction = art_fault_handler;
     99   sigemptyset(&action->sa_mask);
    100   action->sa_flags = SA_SIGINFO | SA_ONSTACK;
    101 #if !defined(__APPLE__) && !defined(__mips__)
    102   action->sa_restorer = nullptr;
    103 #endif
    104 }
    105 
    106 void FaultManager::EnsureArtActionInFrontOfSignalChain() {
    107   if (initialized_) {
    108     struct sigaction action;
    109     SetUpArtAction(&action);
    110     EnsureFrontOfChain(SIGSEGV, &action);
    111   } else {
    112     LOG(WARNING) << "Can't call " << __FUNCTION__ << " due to unitialized fault manager";
    113   }
    114 }
    115 
    116 void FaultManager::Init() {
    117   CHECK(!initialized_);
    118   struct sigaction action;
    119   SetUpArtAction(&action);
    120 
    121   // Set our signal handler now.
    122   int e = sigaction(SIGSEGV, &action, &oldaction_);
    123   if (e != 0) {
    124     VLOG(signals) << "Failed to claim SEGV: " << strerror(errno);
    125   }
    126   // Make sure our signal handler is called before any user handlers.
    127   ClaimSignalChain(SIGSEGV, &oldaction_);
    128   initialized_ = true;
    129 }
    130 
    131 void FaultManager::Shutdown() {
    132   if (initialized_) {
    133     UnclaimSignalChain(SIGSEGV);
    134     initialized_ = false;
    135   }
    136 }
    137 
    138 void FaultManager::HandleFault(int sig, siginfo_t* info, void* context) {
    139   // BE CAREFUL ALLOCATING HERE INCLUDING USING LOG(...)
    140   //
    141   // If malloc calls abort, it will be holding its lock.
    142   // If the handler tries to call malloc, it will deadlock.
    143   VLOG(signals) << "Handling fault";
    144   if (IsInGeneratedCode(info, context, true)) {
    145     VLOG(signals) << "in generated code, looking for handler";
    146     for (const auto& handler : generated_code_handlers_) {
    147       VLOG(signals) << "invoking Action on handler " << handler;
    148       if (handler->Action(sig, info, context)) {
    149 #ifdef TEST_NESTED_SIGNAL
    150         // In test mode we want to fall through to stack trace handler
    151         // on every signal (in reality this will cause a crash on the first
    152         // signal).
    153         break;
    154 #else
    155         // We have handled a signal so it's time to return from the
    156         // signal handler to the appropriate place.
    157         return;
    158 #endif
    159       }
    160     }
    161   }
    162 
    163   // We hit a signal we didn't handle.  This might be something for which
    164   // we can give more information about so call all registered handlers to see
    165   // if it is.
    166   for (const auto& handler : other_handlers_) {
    167     if (handler->Action(sig, info, context)) {
    168       return;
    169     }
    170   }
    171 
    172   // Set a breakpoint in this function to catch unhandled signals.
    173   art_sigsegv_fault();
    174 
    175   // Pass this on to the next handler in the chain, or the default if none.
    176   InvokeUserSignalHandler(sig, info, context);
    177 }
    178 
    179 void FaultManager::AddHandler(FaultHandler* handler, bool generated_code) {
    180   if (generated_code) {
    181     generated_code_handlers_.push_back(handler);
    182   } else {
    183     other_handlers_.push_back(handler);
    184   }
    185 }
    186 
    187 void FaultManager::RemoveHandler(FaultHandler* handler) {
    188   auto it = std::find(generated_code_handlers_.begin(), generated_code_handlers_.end(), handler);
    189   if (it != generated_code_handlers_.end()) {
    190     generated_code_handlers_.erase(it);
    191     return;
    192   }
    193   auto it2 = std::find(other_handlers_.begin(), other_handlers_.end(), handler);
    194   if (it2 != other_handlers_.end()) {
    195     other_handlers_.erase(it);
    196     return;
    197   }
    198   LOG(FATAL) << "Attempted to remove non existent handler " << handler;
    199 }
    200 
    201 // This function is called within the signal handler.  It checks that
    202 // the mutator_lock is held (shared).  No annotalysis is done.
    203 bool FaultManager::IsInGeneratedCode(siginfo_t* siginfo, void* context, bool check_dex_pc) {
    204   // We can only be running Java code in the current thread if it
    205   // is in Runnable state.
    206   VLOG(signals) << "Checking for generated code";
    207   Thread* thread = Thread::Current();
    208   if (thread == nullptr) {
    209     VLOG(signals) << "no current thread";
    210     return false;
    211   }
    212 
    213   ThreadState state = thread->GetState();
    214   if (state != kRunnable) {
    215     VLOG(signals) << "not runnable";
    216     return false;
    217   }
    218 
    219   // Current thread is runnable.
    220   // Make sure it has the mutator lock.
    221   if (!Locks::mutator_lock_->IsSharedHeld(thread)) {
    222     VLOG(signals) << "no lock";
    223     return false;
    224   }
    225 
    226   mirror::ArtMethod* method_obj = 0;
    227   uintptr_t return_pc = 0;
    228   uintptr_t sp = 0;
    229 
    230   // Get the architecture specific method address and return address.  These
    231   // are in architecture specific files in arch/<arch>/fault_handler_<arch>.
    232   GetMethodAndReturnPcAndSp(siginfo, context, &method_obj, &return_pc, &sp);
    233 
    234   // If we don't have a potential method, we're outta here.
    235   VLOG(signals) << "potential method: " << method_obj;
    236   if (method_obj == 0 || !IsAligned<kObjectAlignment>(method_obj)) {
    237     VLOG(signals) << "no method";
    238     return false;
    239   }
    240 
    241   // Verify that the potential method is indeed a method.
    242   // TODO: check the GC maps to make sure it's an object.
    243   // Check that the class pointer inside the object is not null and is aligned.
    244   // TODO: Method might be not a heap address, and GetClass could fault.
    245   mirror::Class* cls = method_obj->GetClass<kVerifyNone>();
    246   if (cls == nullptr) {
    247     VLOG(signals) << "not a class";
    248     return false;
    249   }
    250   if (!IsAligned<kObjectAlignment>(cls)) {
    251     VLOG(signals) << "not aligned";
    252     return false;
    253   }
    254 
    255 
    256   if (!VerifyClassClass(cls)) {
    257     VLOG(signals) << "not a class class";
    258     return false;
    259   }
    260 
    261   // Now make sure the class is a mirror::ArtMethod.
    262   if (!cls->IsArtMethodClass()) {
    263     VLOG(signals) << "not a method";
    264     return false;
    265   }
    266 
    267   // We can be certain that this is a method now.  Check if we have a GC map
    268   // at the return PC address.
    269   if (true || kIsDebugBuild) {
    270     VLOG(signals) << "looking for dex pc for return pc " << std::hex << return_pc;
    271     const void* code = Runtime::Current()->GetInstrumentation()->GetQuickCodeFor(method_obj,
    272                                                                                  sizeof(void*));
    273     uint32_t sought_offset = return_pc - reinterpret_cast<uintptr_t>(code);
    274     VLOG(signals) << "pc offset: " << std::hex << sought_offset;
    275   }
    276   uint32_t dexpc = method_obj->ToDexPc(return_pc, false);
    277   VLOG(signals) << "dexpc: " << dexpc;
    278   return !check_dex_pc || dexpc != DexFile::kDexNoIndex;
    279 }
    280 
    281 FaultHandler::FaultHandler(FaultManager* manager) : manager_(manager) {
    282 }
    283 
    284 //
    285 // Null pointer fault handler
    286 //
    287 NullPointerHandler::NullPointerHandler(FaultManager* manager) : FaultHandler(manager) {
    288   manager_->AddHandler(this, true);
    289 }
    290 
    291 //
    292 // Suspension fault handler
    293 //
    294 SuspensionHandler::SuspensionHandler(FaultManager* manager) : FaultHandler(manager) {
    295   manager_->AddHandler(this, true);
    296 }
    297 
    298 //
    299 // Stack overflow fault handler
    300 //
    301 StackOverflowHandler::StackOverflowHandler(FaultManager* manager) : FaultHandler(manager) {
    302   manager_->AddHandler(this, true);
    303 }
    304 
    305 //
    306 // Stack trace handler, used to help get a stack trace from SIGSEGV inside of compiled code.
    307 //
    308 JavaStackTraceHandler::JavaStackTraceHandler(FaultManager* manager) : FaultHandler(manager) {
    309   manager_->AddHandler(this, false);
    310 }
    311 
    312 bool JavaStackTraceHandler::Action(int sig, siginfo_t* siginfo, void* context) {
    313   // Make sure that we are in the generated code, but we may not have a dex pc.
    314 
    315 #ifdef TEST_NESTED_SIGNAL
    316   bool in_generated_code = true;
    317 #else
    318   bool in_generated_code = manager_->IsInGeneratedCode(siginfo, context, false);
    319 #endif
    320   if (in_generated_code) {
    321     LOG(ERROR) << "Dumping java stack trace for crash in generated code";
    322     mirror::ArtMethod* method = nullptr;
    323     uintptr_t return_pc = 0;
    324     uintptr_t sp = 0;
    325     Thread* self = Thread::Current();
    326 
    327     // Shutdown the fault manager so that it will remove the signal chain for
    328     // SIGSEGV and we call the real sigaction.
    329     fault_manager.Shutdown();
    330 
    331     // The action for SIGSEGV should be the default handler now.
    332 
    333     // Unblock the signals we allow so that they can be delivered in the signal handler.
    334     sigset_t sigset;
    335     sigemptyset(&sigset);
    336     sigaddset(&sigset, SIGSEGV);
    337     sigaddset(&sigset, SIGABRT);
    338     pthread_sigmask(SIG_UNBLOCK, &sigset, nullptr);
    339 
    340     // If we get a signal in this code we want to invoke our nested signal
    341     // handler.
    342     struct sigaction action, oldsegvaction, oldabortaction;
    343     action.sa_sigaction = art_nested_signal_handler;
    344 
    345     // Explictly mask out SIGSEGV and SIGABRT from the nested signal handler.  This
    346     // should be the default but we definitely don't want these happening in our
    347     // nested signal handler.
    348     sigemptyset(&action.sa_mask);
    349     sigaddset(&action.sa_mask, SIGSEGV);
    350     sigaddset(&action.sa_mask, SIGABRT);
    351 
    352     action.sa_flags = SA_SIGINFO | SA_ONSTACK;
    353 #if !defined(__APPLE__) && !defined(__mips__)
    354     action.sa_restorer = nullptr;
    355 #endif
    356 
    357     // Catch SIGSEGV and SIGABRT to invoke our nested handler
    358     int e1 = sigaction(SIGSEGV, &action, &oldsegvaction);
    359     int e2 = sigaction(SIGABRT, &action, &oldabortaction);
    360     if (e1 != 0 || e2 != 0) {
    361       LOG(ERROR) << "Unable to register nested signal handler - no stack trace possible";
    362       // If sigaction failed we have a serious problem.  We cannot catch
    363       // any failures in the stack tracer and it's likely to occur since
    364       // the program state is bad.  Therefore we don't even try to give
    365       // a stack trace.
    366     } else {
    367       // Save the current state and try to dump the stack.  If this causes a signal
    368       // our nested signal handler will be invoked and this will longjmp to the saved
    369       // state.
    370       if (setjmp(*self->GetNestedSignalState()) == 0) {
    371         manager_->GetMethodAndReturnPcAndSp(siginfo, context, &method, &return_pc, &sp);
    372         // Inside of generated code, sp[0] is the method, so sp is the frame.
    373         StackReference<mirror::ArtMethod>* frame =
    374             reinterpret_cast<StackReference<mirror::ArtMethod>*>(sp);
    375         self->SetTopOfStack(frame, 0);  // Since we don't necessarily have a dex pc, pass in 0.
    376 #ifdef TEST_NESTED_SIGNAL
    377         // To test the nested signal handler we raise a signal here.  This will cause the
    378         // nested signal handler to be called and perform a longjmp back to the setjmp
    379         // above.
    380         abort();
    381 #endif
    382         self->DumpJavaStack(LOG(ERROR));
    383       } else {
    384         LOG(ERROR) << "Stack trace aborted due to nested signal - original signal being reported";
    385       }
    386 
    387       // Restore the signal handlers.
    388       sigaction(SIGSEGV, &oldsegvaction, nullptr);
    389       sigaction(SIGABRT, &oldabortaction, nullptr);
    390     }
    391 
    392     // Now put the fault manager back in place.
    393     fault_manager.Init();
    394 
    395     // And we're done.
    396   }
    397 
    398   return false;  // Return false since we want to propagate the fault to the main signal handler.
    399 }
    400 
    401 }   // namespace art
    402 
    403