1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include "linker.h" 30 31 #include <errno.h> 32 #include <inttypes.h> 33 #include <pthread.h> 34 #include <signal.h> 35 #include <stdio.h> 36 #include <stdlib.h> 37 #include <string.h> 38 #include <sys/mman.h> 39 #include <sys/prctl.h> 40 #include <sys/socket.h> 41 #include <sys/un.h> 42 #include <unistd.h> 43 44 extern "C" int tgkill(int tgid, int tid, int sig); 45 46 // Crash actions have to be sent to the proper debuggerd. 47 // On 64 bit systems, the 32 bit debuggerd is named differently. 48 #if defined(TARGET_IS_64_BIT) && !defined(__LP64__) 49 #define DEBUGGER_SOCKET_NAME "android:debuggerd32" 50 #else 51 #define DEBUGGER_SOCKET_NAME "android:debuggerd" 52 #endif 53 54 enum debugger_action_t { 55 // dump a crash 56 DEBUGGER_ACTION_CRASH, 57 // dump a tombstone file 58 DEBUGGER_ACTION_DUMP_TOMBSTONE, 59 // dump a backtrace only back to the socket 60 DEBUGGER_ACTION_DUMP_BACKTRACE, 61 }; 62 63 /* message sent over the socket */ 64 struct __attribute__((packed)) debugger_msg_t { 65 int32_t action; 66 pid_t tid; 67 uint64_t abort_msg_address; 68 int32_t original_si_code; 69 }; 70 71 // see man(2) prctl, specifically the section about PR_GET_NAME 72 #define MAX_TASK_NAME_LEN (16) 73 74 static int socket_abstract_client(const char* name, int type) { 75 sockaddr_un addr; 76 77 // Test with length +1 for the *initial* '\0'. 78 size_t namelen = strlen(name); 79 if ((namelen + 1) > sizeof(addr.sun_path)) { 80 errno = EINVAL; 81 return -1; 82 } 83 84 // This is used for abstract socket namespace, we need 85 // an initial '\0' at the start of the Unix socket path. 86 // 87 // Note: The path in this case is *not* supposed to be 88 // '\0'-terminated. ("man 7 unix" for the gory details.) 89 memset(&addr, 0, sizeof(addr)); 90 addr.sun_family = AF_LOCAL; 91 addr.sun_path[0] = 0; 92 memcpy(addr.sun_path + 1, name, namelen); 93 94 socklen_t alen = namelen + offsetof(sockaddr_un, sun_path) + 1; 95 96 int s = socket(AF_LOCAL, type, 0); 97 if (s == -1) { 98 return -1; 99 } 100 101 int rc = TEMP_FAILURE_RETRY(connect(s, reinterpret_cast<sockaddr*>(&addr), alen)); 102 if (rc == -1) { 103 close(s); 104 return -1; 105 } 106 107 return s; 108 } 109 110 /* 111 * Writes a summary of the signal to the log file. We do this so that, if 112 * for some reason we're not able to contact debuggerd, there is still some 113 * indication of the failure in the log. 114 * 115 * We could be here as a result of native heap corruption, or while a 116 * mutex is being held, so we don't want to use any libc functions that 117 * could allocate memory or hold a lock. 118 */ 119 static void log_signal_summary(int signum, const siginfo_t* info) { 120 const char* signal_name = "???"; 121 bool has_address = false; 122 switch (signum) { 123 case SIGABRT: 124 signal_name = "SIGABRT"; 125 break; 126 case SIGBUS: 127 signal_name = "SIGBUS"; 128 has_address = true; 129 break; 130 case SIGFPE: 131 signal_name = "SIGFPE"; 132 has_address = true; 133 break; 134 case SIGILL: 135 signal_name = "SIGILL"; 136 has_address = true; 137 break; 138 case SIGPIPE: 139 signal_name = "SIGPIPE"; 140 break; 141 case SIGSEGV: 142 signal_name = "SIGSEGV"; 143 has_address = true; 144 break; 145 #if defined(SIGSTKFLT) 146 case SIGSTKFLT: 147 signal_name = "SIGSTKFLT"; 148 break; 149 #endif 150 case SIGTRAP: 151 signal_name = "SIGTRAP"; 152 break; 153 } 154 155 char thread_name[MAX_TASK_NAME_LEN + 1]; // one more for termination 156 if (prctl(PR_GET_NAME, reinterpret_cast<unsigned long>(thread_name), 0, 0, 0) != 0) { 157 strcpy(thread_name, "<name unknown>"); 158 } else { 159 // short names are null terminated by prctl, but the man page 160 // implies that 16 byte names are not. 161 thread_name[MAX_TASK_NAME_LEN] = 0; 162 } 163 164 // "info" will be null if the siginfo_t information was not available. 165 // Many signals don't have an address or a code. 166 char code_desc[32]; // ", code -6" 167 char addr_desc[32]; // ", fault addr 0x1234" 168 addr_desc[0] = code_desc[0] = 0; 169 if (info != nullptr) { 170 // For a rethrown signal, this si_code will be right and the one debuggerd shows will 171 // always be SI_TKILL. 172 __libc_format_buffer(code_desc, sizeof(code_desc), ", code %d", info->si_code); 173 if (has_address) { 174 __libc_format_buffer(addr_desc, sizeof(addr_desc), ", fault addr %p", info->si_addr); 175 } 176 } 177 __libc_format_log(ANDROID_LOG_FATAL, "libc", 178 "Fatal signal %d (%s)%s%s in tid %d (%s)", 179 signum, signal_name, code_desc, addr_desc, gettid(), thread_name); 180 } 181 182 /* 183 * Returns true if the handler for signal "signum" has SA_SIGINFO set. 184 */ 185 static bool have_siginfo(int signum) { 186 struct sigaction old_action, new_action; 187 188 memset(&new_action, 0, sizeof(new_action)); 189 new_action.sa_handler = SIG_DFL; 190 new_action.sa_flags = SA_RESTART; 191 sigemptyset(&new_action.sa_mask); 192 193 if (sigaction(signum, &new_action, &old_action) < 0) { 194 __libc_format_log(ANDROID_LOG_WARN, "libc", "Failed testing for SA_SIGINFO: %s", 195 strerror(errno)); 196 return false; 197 } 198 bool result = (old_action.sa_flags & SA_SIGINFO) != 0; 199 200 if (sigaction(signum, &old_action, nullptr) == -1) { 201 __libc_format_log(ANDROID_LOG_WARN, "libc", "Restore failed in test for SA_SIGINFO: %s", 202 strerror(errno)); 203 } 204 return result; 205 } 206 207 static void send_debuggerd_packet(siginfo_t* info) { 208 // Mutex to prevent multiple crashing threads from trying to talk 209 // to debuggerd at the same time. 210 static pthread_mutex_t crash_mutex = PTHREAD_MUTEX_INITIALIZER; 211 int ret = pthread_mutex_trylock(&crash_mutex); 212 if (ret != 0) { 213 if (ret == EBUSY) { 214 __libc_format_log(ANDROID_LOG_INFO, "libc", 215 "Another thread contacted debuggerd first; not contacting debuggerd."); 216 // This will never complete since the lock is never released. 217 pthread_mutex_lock(&crash_mutex); 218 } else { 219 __libc_format_log(ANDROID_LOG_INFO, "libc", 220 "pthread_mutex_trylock failed: %s", strerror(ret)); 221 } 222 return; 223 } 224 225 int s = socket_abstract_client(DEBUGGER_SOCKET_NAME, SOCK_STREAM | SOCK_CLOEXEC); 226 if (s == -1) { 227 __libc_format_log(ANDROID_LOG_FATAL, "libc", "Unable to open connection to debuggerd: %s", 228 strerror(errno)); 229 return; 230 } 231 232 // debuggerd knows our pid from the credentials on the 233 // local socket but we need to tell it the tid of the crashing thread. 234 // debuggerd will be paranoid and verify that we sent a tid 235 // that's actually in our process. 236 debugger_msg_t msg; 237 msg.action = DEBUGGER_ACTION_CRASH; 238 msg.tid = gettid(); 239 msg.abort_msg_address = reinterpret_cast<uintptr_t>(g_abort_message); 240 msg.original_si_code = (info != nullptr) ? info->si_code : 0; 241 ret = TEMP_FAILURE_RETRY(write(s, &msg, sizeof(msg))); 242 if (ret == sizeof(msg)) { 243 char debuggerd_ack; 244 ret = TEMP_FAILURE_RETRY(read(s, &debuggerd_ack, 1)); 245 int saved_errno = errno; 246 notify_gdb_of_libraries(); 247 errno = saved_errno; 248 } else { 249 // read or write failed -- broken connection? 250 __libc_format_log(ANDROID_LOG_FATAL, "libc", "Failed while talking to debuggerd: %s", 251 strerror(errno)); 252 } 253 254 close(s); 255 } 256 257 /* 258 * Catches fatal signals so we can ask debuggerd to ptrace us before 259 * we crash. 260 */ 261 static void debuggerd_signal_handler(int signal_number, siginfo_t* info, void*) { 262 // It's possible somebody cleared the SA_SIGINFO flag, which would mean 263 // our "info" arg holds an undefined value. 264 if (!have_siginfo(signal_number)) { 265 info = nullptr; 266 } 267 268 log_signal_summary(signal_number, info); 269 270 send_debuggerd_packet(info); 271 272 // Remove our net so we fault for real when we return. 273 signal(signal_number, SIG_DFL); 274 275 // These signals are not re-thrown when we resume. This means that 276 // crashing due to (say) SIGPIPE doesn't work the way you'd expect it 277 // to. We work around this by throwing them manually. We don't want 278 // to do this for *all* signals because it'll screw up the si_addr for 279 // faults like SIGSEGV. It does screw up the si_code, which is why we 280 // passed that to debuggerd above. 281 switch (signal_number) { 282 case SIGABRT: 283 case SIGFPE: 284 case SIGPIPE: 285 #if defined(SIGSTKFLT) 286 case SIGSTKFLT: 287 #endif 288 case SIGTRAP: 289 tgkill(getpid(), gettid(), signal_number); 290 break; 291 default: // SIGILL, SIGBUS, SIGSEGV 292 break; 293 } 294 } 295 296 __LIBC_HIDDEN__ void debuggerd_init() { 297 struct sigaction action; 298 memset(&action, 0, sizeof(action)); 299 sigemptyset(&action.sa_mask); 300 action.sa_sigaction = debuggerd_signal_handler; 301 action.sa_flags = SA_RESTART | SA_SIGINFO; 302 303 // Use the alternate signal stack if available so we can catch stack overflows. 304 action.sa_flags |= SA_ONSTACK; 305 306 sigaction(SIGABRT, &action, nullptr); 307 sigaction(SIGBUS, &action, nullptr); 308 sigaction(SIGFPE, &action, nullptr); 309 sigaction(SIGILL, &action, nullptr); 310 sigaction(SIGPIPE, &action, nullptr); 311 sigaction(SIGSEGV, &action, nullptr); 312 #if defined(SIGSTKFLT) 313 sigaction(SIGSTKFLT, &action, nullptr); 314 #endif 315 sigaction(SIGTRAP, &action, nullptr); 316 } 317