Home | History | Annotate | Download | only in linker 
      1 /*
      2  * Copyright (C) 2008 The Android Open Source Project
      3  * All rights reserved.
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that the following conditions
      7  * are met:
      8  *  * Redistributions of source code must retain the above copyright
      9  *    notice, this list of conditions and the following disclaimer.
     10  *  * Redistributions in binary form must reproduce the above copyright
     11  *    notice, this list of conditions and the following disclaimer in
     12  *    the documentation and/or other materials provided with the
     13  *    distribution.
     14  *
     15  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     16  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     17  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
     18  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
     19  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
     20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
     21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
     22  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
     23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
     24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
     25  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     26  * SUCH DAMAGE.
     27  */
     28 
     29 #include "linker.h"
     30 #include "linker_gdb_support.h"
     31 
     32 #include <errno.h>
     33 #include <inttypes.h>
     34 #include <pthread.h>
     35 #include <signal.h>
     36 #include <stdio.h>
     37 #include <stdlib.h>
     38 #include <string.h>
     39 #include <sys/mman.h>
     40 #include <sys/prctl.h>
     41 #include <sys/socket.h>
     42 #include <sys/syscall.h>
     43 #include <sys/un.h>
     44 #include <unistd.h>
     45 
     46 extern "C" int tgkill(int tgid, int tid, int sig);
     47 
     48 // Crash actions have to be sent to the proper debuggerd.
     49 // On 64 bit systems, the 32 bit debuggerd is named differently.
     50 #if defined(TARGET_IS_64_BIT) && !defined(__LP64__)
     51 #define DEBUGGER_SOCKET_NAME "android:debuggerd32"
     52 #else
     53 #define DEBUGGER_SOCKET_NAME "android:debuggerd"
     54 #endif
     55 
     56 enum debugger_action_t {
     57   // dump a crash
     58   DEBUGGER_ACTION_CRASH,
     59   // dump a tombstone file
     60   DEBUGGER_ACTION_DUMP_TOMBSTONE,
     61   // dump a backtrace only back to the socket
     62   DEBUGGER_ACTION_DUMP_BACKTRACE,
     63 };
     64 
     65 // Message sent over the socket.
     66 // NOTE: Any changes to this structure must also be reflected in
     67 //       system/core/include/cutils/debugger.h.
     68 struct __attribute__((packed)) debugger_msg_t {
     69   int32_t action;
     70   pid_t tid;
     71   uint64_t abort_msg_address;
     72   int32_t original_si_code;
     73 };
     74 
     75 // see man(2) prctl, specifically the section about PR_GET_NAME
     76 #define MAX_TASK_NAME_LEN (16)
     77 
     78 static int socket_abstract_client(const char* name, int type) {
     79   sockaddr_un addr;
     80 
     81   // Test with length +1 for the *initial* '\0'.
     82   size_t namelen = strlen(name);
     83   if ((namelen + 1) > sizeof(addr.sun_path)) {
     84     errno = EINVAL;
     85     return -1;
     86   }
     87 
     88   // This is used for abstract socket namespace, we need
     89   // an initial '\0' at the start of the Unix socket path.
     90   //
     91   // Note: The path in this case is *not* supposed to be
     92   // '\0'-terminated. ("man 7 unix" for the gory details.)
     93   memset(&addr, 0, sizeof(addr));
     94   addr.sun_family = AF_LOCAL;
     95   addr.sun_path[0] = 0;
     96   memcpy(addr.sun_path + 1, name, namelen);
     97 
     98   socklen_t alen = namelen + offsetof(sockaddr_un, sun_path) + 1;
     99 
    100   int s = socket(AF_LOCAL, type, 0);
    101   if (s == -1) {
    102     return -1;
    103   }
    104 
    105   int rc = TEMP_FAILURE_RETRY(connect(s, reinterpret_cast<sockaddr*>(&addr), alen));
    106   if (rc == -1) {
    107     close(s);
    108     return -1;
    109   }
    110 
    111   return s;
    112 }
    113 
    114 /*
    115  * Writes a summary of the signal to the log file.  We do this so that, if
    116  * for some reason we're not able to contact debuggerd, there is still some
    117  * indication of the failure in the log.
    118  *
    119  * We could be here as a result of native heap corruption, or while a
    120  * mutex is being held, so we don't want to use any libc functions that
    121  * could allocate memory or hold a lock.
    122  */
    123 static void log_signal_summary(int signum, const siginfo_t* info) {
    124   const char* signal_name = "???";
    125   bool has_address = false;
    126   switch (signum) {
    127     case SIGABRT:
    128       signal_name = "SIGABRT";
    129       break;
    130     case SIGBUS:
    131       signal_name = "SIGBUS";
    132       has_address = true;
    133       break;
    134     case SIGFPE:
    135       signal_name = "SIGFPE";
    136       has_address = true;
    137       break;
    138     case SIGILL:
    139       signal_name = "SIGILL";
    140       has_address = true;
    141       break;
    142     case SIGSEGV:
    143       signal_name = "SIGSEGV";
    144       has_address = true;
    145       break;
    146 #if defined(SIGSTKFLT)
    147     case SIGSTKFLT:
    148       signal_name = "SIGSTKFLT";
    149       break;
    150 #endif
    151     case SIGTRAP:
    152       signal_name = "SIGTRAP";
    153       break;
    154   }
    155 
    156   char thread_name[MAX_TASK_NAME_LEN + 1]; // one more for termination
    157   if (prctl(PR_GET_NAME, reinterpret_cast<unsigned long>(thread_name), 0, 0, 0) != 0) {
    158     strcpy(thread_name, "<name unknown>");
    159   } else {
    160     // short names are null terminated by prctl, but the man page
    161     // implies that 16 byte names are not.
    162     thread_name[MAX_TASK_NAME_LEN] = 0;
    163   }
    164 
    165   // "info" will be null if the siginfo_t information was not available.
    166   // Many signals don't have an address or a code.
    167   char code_desc[32]; // ", code -6"
    168   char addr_desc[32]; // ", fault addr 0x1234"
    169   addr_desc[0] = code_desc[0] = 0;
    170   if (info != nullptr) {
    171     // For a rethrown signal, this si_code will be right and the one debuggerd shows will
    172     // always be SI_TKILL.
    173     __libc_format_buffer(code_desc, sizeof(code_desc), ", code %d", info->si_code);
    174     if (has_address) {
    175       __libc_format_buffer(addr_desc, sizeof(addr_desc), ", fault addr %p", info->si_addr);
    176     }
    177   }
    178   __libc_format_log(ANDROID_LOG_FATAL, "libc",
    179                     "Fatal signal %d (%s)%s%s in tid %d (%s)",
    180                     signum, signal_name, code_desc, addr_desc, gettid(), thread_name);
    181 }
    182 
    183 /*
    184  * Returns true if the handler for signal "signum" has SA_SIGINFO set.
    185  */
    186 static bool have_siginfo(int signum) {
    187   struct sigaction old_action, new_action;
    188 
    189   memset(&new_action, 0, sizeof(new_action));
    190   new_action.sa_handler = SIG_DFL;
    191   new_action.sa_flags = SA_RESTART;
    192   sigemptyset(&new_action.sa_mask);
    193 
    194   if (sigaction(signum, &new_action, &old_action) < 0) {
    195     __libc_format_log(ANDROID_LOG_WARN, "libc", "Failed testing for SA_SIGINFO: %s",
    196                       strerror(errno));
    197     return false;
    198   }
    199   bool result = (old_action.sa_flags & SA_SIGINFO) != 0;
    200 
    201   if (sigaction(signum, &old_action, nullptr) == -1) {
    202     __libc_format_log(ANDROID_LOG_WARN, "libc", "Restore failed in test for SA_SIGINFO: %s",
    203                       strerror(errno));
    204   }
    205   return result;
    206 }
    207 
    208 static void send_debuggerd_packet(siginfo_t* info) {
    209   // Mutex to prevent multiple crashing threads from trying to talk
    210   // to debuggerd at the same time.
    211   static pthread_mutex_t crash_mutex = PTHREAD_MUTEX_INITIALIZER;
    212   int ret = pthread_mutex_trylock(&crash_mutex);
    213   if (ret != 0) {
    214     if (ret == EBUSY) {
    215       __libc_format_log(ANDROID_LOG_INFO, "libc",
    216           "Another thread contacted debuggerd first; not contacting debuggerd.");
    217       // This will never complete since the lock is never released.
    218       pthread_mutex_lock(&crash_mutex);
    219     } else {
    220       __libc_format_log(ANDROID_LOG_INFO, "libc",
    221                         "pthread_mutex_trylock failed: %s", strerror(ret));
    222     }
    223     return;
    224   }
    225 
    226   int s = socket_abstract_client(DEBUGGER_SOCKET_NAME, SOCK_STREAM | SOCK_CLOEXEC);
    227   if (s == -1) {
    228     __libc_format_log(ANDROID_LOG_FATAL, "libc", "Unable to open connection to debuggerd: %s",
    229                       strerror(errno));
    230     return;
    231   }
    232 
    233   // debuggerd knows our pid from the credentials on the
    234   // local socket but we need to tell it the tid of the crashing thread.
    235   // debuggerd will be paranoid and verify that we sent a tid
    236   // that's actually in our process.
    237   debugger_msg_t msg;
    238   msg.action = DEBUGGER_ACTION_CRASH;
    239   msg.tid = gettid();
    240   msg.abort_msg_address = reinterpret_cast<uintptr_t>(g_abort_message);
    241   msg.original_si_code = (info != nullptr) ? info->si_code : 0;
    242   ret = TEMP_FAILURE_RETRY(write(s, &msg, sizeof(msg)));
    243   if (ret == sizeof(msg)) {
    244     char debuggerd_ack;
    245     ret = TEMP_FAILURE_RETRY(read(s, &debuggerd_ack, 1));
    246     int saved_errno = errno;
    247     notify_gdb_of_libraries();
    248     errno = saved_errno;
    249   } else {
    250     // read or write failed -- broken connection?
    251     __libc_format_log(ANDROID_LOG_FATAL, "libc", "Failed while talking to debuggerd: %s",
    252                       strerror(errno));
    253   }
    254 
    255   close(s);
    256 }
    257 
    258 /*
    259  * Catches fatal signals so we can ask debuggerd to ptrace us before
    260  * we crash.
    261  */
    262 static void debuggerd_signal_handler(int signal_number, siginfo_t* info, void*) {
    263   // It's possible somebody cleared the SA_SIGINFO flag, which would mean
    264   // our "info" arg holds an undefined value.
    265   if (!have_siginfo(signal_number)) {
    266     info = nullptr;
    267   }
    268 
    269   log_signal_summary(signal_number, info);
    270 
    271   send_debuggerd_packet(info);
    272 
    273   // We need to return from the signal handler so that debuggerd can dump the
    274   // thread that crashed, but returning here does not guarantee that the signal
    275   // will be thrown again, even for SIGSEGV and friends, since the signal could
    276   // have been sent manually. Resend the signal with rt_tgsigqueueinfo(2) to
    277   // preserve the SA_SIGINFO contents.
    278   signal(signal_number, SIG_DFL);
    279 
    280   struct siginfo si;
    281   if (!info) {
    282     memset(&si, 0, sizeof(si));
    283     si.si_code = SI_USER;
    284     si.si_pid = getpid();
    285     si.si_uid = getuid();
    286     info = &si;
    287   } else if (info->si_code >= 0 || info->si_code == SI_TKILL) {
    288     // rt_tgsigqueueinfo(2)'s documentation appears to be incorrect on kernels
    289     // that contain commit 66dd34a (3.9+). The manpage claims to only allow
    290     // negative si_code values that are not SI_TKILL, but 66dd34a changed the
    291     // check to allow all si_code values in calls coming from inside the house.
    292   }
    293 
    294   int rc = syscall(SYS_rt_tgsigqueueinfo, getpid(), gettid(), signal_number, info);
    295   if (rc != 0) {
    296     __libc_format_log(ANDROID_LOG_FATAL, "libc", "failed to resend signal during crash: %s",
    297                       strerror(errno));
    298     _exit(0);
    299   }
    300 }
    301 
    302 __LIBC_HIDDEN__ void debuggerd_init() {
    303   struct sigaction action;
    304   memset(&action, 0, sizeof(action));
    305   sigemptyset(&action.sa_mask);
    306   action.sa_sigaction = debuggerd_signal_handler;
    307   action.sa_flags = SA_RESTART | SA_SIGINFO;
    308 
    309   // Use the alternate signal stack if available so we can catch stack overflows.
    310   action.sa_flags |= SA_ONSTACK;
    311 
    312   sigaction(SIGABRT, &action, nullptr);
    313   sigaction(SIGBUS, &action, nullptr);
    314   sigaction(SIGFPE, &action, nullptr);
    315   sigaction(SIGILL, &action, nullptr);
    316   sigaction(SIGSEGV, &action, nullptr);
    317 #if defined(SIGSTKFLT)
    318   sigaction(SIGSTKFLT, &action, nullptr);
    319 #endif
    320   sigaction(SIGTRAP, &action, nullptr);
    321 }
    322