1 /* 2 * Copyright 2008, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define LOG_TAG "DEBUG" 18 19 #include "libdebuggerd/utility.h" 20 #include "libdebuggerd/utility_host.h" 21 22 #include <errno.h> 23 #include <signal.h> 24 #include <string.h> 25 #include <sys/capability.h> 26 #include <sys/prctl.h> 27 #include <sys/ptrace.h> 28 #include <sys/uio.h> 29 #include <sys/wait.h> 30 #include <unistd.h> 31 32 #include <set> 33 #include <string> 34 35 #include <android-base/properties.h> 36 #include <android-base/stringprintf.h> 37 #include <android-base/strings.h> 38 #include <android-base/unique_fd.h> 39 #include <async_safe/log.h> 40 #include <bionic/reserved_signals.h> 41 #include <debuggerd/handler.h> 42 #include <log/log.h> 43 #include <unwindstack/AndroidUnwinder.h> 44 #include <unwindstack/Memory.h> 45 #include <unwindstack/Unwinder.h> 46 47 using android::base::StringPrintf; 48 using android::base::unique_fd; 49 is_allowed_in_logcat(enum logtype ltype)50 bool is_allowed_in_logcat(enum logtype ltype) { 51 return (ltype == HEADER) || (ltype == REGISTERS) || (ltype == BACKTRACE); 52 } 53 should_write_to_kmsg()54 static bool should_write_to_kmsg() { 55 // Write to kmsg if tombstoned isn't up, and we're able to do so. 56 if (!android::base::GetBoolProperty("ro.debuggable", false)) { 57 return false; 58 } 59 60 if (android::base::GetProperty("init.svc.tombstoned", "") == "running") { 61 return false; 62 } 63 64 return true; 65 } 66 67 __attribute__((__weak__, visibility("default"))) _LOG(log_t * log,enum logtype ltype,const char * fmt,...)68 void _LOG(log_t* log, enum logtype ltype, const char* fmt, ...) { 69 va_list ap; 70 va_start(ap, fmt); 71 _VLOG(log, ltype, fmt, ap); 72 va_end(ap); 73 } 74 75 __attribute__((__weak__, visibility("default"))) _VLOG(log_t * log,enum logtype ltype,const char * fmt,va_list ap)76 void _VLOG(log_t* log, enum logtype ltype, const char* fmt, va_list ap) { 77 bool write_to_tombstone = (log->tfd != -1); 78 bool write_to_logcat = is_allowed_in_logcat(ltype) 79 && log->crashed_tid != -1 80 && log->current_tid != -1 81 && (log->crashed_tid == log->current_tid); 82 static bool write_to_kmsg = should_write_to_kmsg(); 83 84 std::string msg; 85 android::base::StringAppendV(&msg, fmt, ap); 86 87 if (msg.empty()) return; 88 89 if (write_to_tombstone) { 90 TEMP_FAILURE_RETRY(write(log->tfd, msg.c_str(), msg.size())); 91 } 92 93 if (write_to_logcat) { 94 __android_log_buf_write(LOG_ID_CRASH, ANDROID_LOG_FATAL, LOG_TAG, msg.c_str()); 95 if (log->amfd_data != nullptr) { 96 *log->amfd_data += msg; 97 } 98 99 if (write_to_kmsg) { 100 unique_fd kmsg_fd(open("/dev/kmsg_debug", O_WRONLY | O_APPEND | O_CLOEXEC)); 101 if (kmsg_fd.get() >= 0) { 102 // Our output might contain newlines which would otherwise be handled by the android logger. 103 // Split the lines up ourselves before sending to the kernel logger. 104 if (msg.back() == '\n') { 105 msg.back() = '\0'; 106 } 107 108 std::vector<std::string> fragments = android::base::Split(msg, "\n"); 109 for (const std::string& fragment : fragments) { 110 static constexpr char prefix[] = "<3>DEBUG: "; 111 struct iovec iov[3]; 112 iov[0].iov_base = const_cast<char*>(prefix); 113 iov[0].iov_len = strlen(prefix); 114 iov[1].iov_base = const_cast<char*>(fragment.c_str()); 115 iov[1].iov_len = fragment.length(); 116 iov[2].iov_base = const_cast<char*>("\n"); 117 iov[2].iov_len = 1; 118 TEMP_FAILURE_RETRY(writev(kmsg_fd.get(), iov, 3)); 119 } 120 } 121 } 122 } 123 } 124 125 #define MEMORY_BYTES_TO_DUMP 256 126 #define MEMORY_BYTES_PER_LINE 16 127 static_assert(MEMORY_BYTES_PER_LINE == kTagGranuleSize); 128 dump_memory(void * out,size_t len,uint8_t * tags,size_t tags_len,uint64_t * addr,unwindstack::Memory * memory)129 ssize_t dump_memory(void* out, size_t len, uint8_t* tags, size_t tags_len, uint64_t* addr, 130 unwindstack::Memory* memory) { 131 // Align the address to the number of bytes per line to avoid confusing memory tag output if 132 // memory is tagged and we start from a misaligned address. Start 32 bytes before the address. 133 *addr &= ~(MEMORY_BYTES_PER_LINE - 1); 134 if (*addr >= 4128) { 135 *addr -= 32; 136 } 137 138 // We don't want the address tag to appear in the addresses in the memory dump. 139 *addr = untag_address(*addr); 140 141 // Don't bother if the address would overflow, taking tag bits into account. Note that 142 // untag_address truncates to 32 bits on 32-bit platforms as a side effect of returning a 143 // uintptr_t, so this also checks for 32-bit overflow. 144 if (untag_address(*addr + MEMORY_BYTES_TO_DUMP - 1) < *addr) { 145 return -1; 146 } 147 148 memset(out, 0, len); 149 150 size_t bytes = memory->Read(*addr, reinterpret_cast<uint8_t*>(out), len); 151 if (bytes % sizeof(uintptr_t) != 0) { 152 // This should never happen, but just in case. 153 ALOGE("Bytes read %zu, is not a multiple of %zu", bytes, sizeof(uintptr_t)); 154 bytes &= ~(sizeof(uintptr_t) - 1); 155 } 156 157 bool skip_2nd_read = false; 158 if (bytes == 0) { 159 // In this case, we might want to try another read at the beginning of 160 // the next page only if it's within the amount of memory we would have 161 // read. 162 size_t page_size = sysconf(_SC_PAGE_SIZE); 163 uint64_t next_page = (*addr + (page_size - 1)) & ~(page_size - 1); 164 if (next_page == *addr || next_page >= *addr + len) { 165 skip_2nd_read = true; 166 } 167 *addr = next_page; 168 } 169 170 if (bytes < len && !skip_2nd_read) { 171 // Try to do one more read. This could happen if a read crosses a map, 172 // but the maps do not have any break between them. Or it could happen 173 // if reading from an unreadable map, but the read would cross back 174 // into a readable map. Only requires one extra read because a map has 175 // to contain at least one page, and the total number of bytes to dump 176 // is smaller than a page. 177 size_t bytes2 = memory->Read(*addr + bytes, static_cast<uint8_t*>(out) + bytes, len - bytes); 178 bytes += bytes2; 179 if (bytes2 > 0 && bytes % sizeof(uintptr_t) != 0) { 180 // This should never happen, but we'll try and continue any way. 181 ALOGE("Bytes after second read %zu, is not a multiple of %zu", bytes, sizeof(uintptr_t)); 182 bytes &= ~(sizeof(uintptr_t) - 1); 183 } 184 } 185 186 // If we were unable to read anything, it probably means that the register doesn't contain a 187 // valid pointer. 188 if (bytes == 0) { 189 return -1; 190 } 191 192 for (uint64_t tag_granule = 0; tag_granule < bytes / kTagGranuleSize; ++tag_granule) { 193 long tag = memory->ReadTag(*addr + kTagGranuleSize * tag_granule); 194 if (tag_granule < tags_len) { 195 tags[tag_granule] = tag >= 0 ? tag : 0; 196 } else { 197 ALOGE("Insufficient space for tags"); 198 } 199 } 200 201 return bytes; 202 } 203 dump_memory(log_t * log,unwindstack::Memory * memory,uint64_t addr,const std::string & label)204 void dump_memory(log_t* log, unwindstack::Memory* memory, uint64_t addr, const std::string& label) { 205 // Dump 256 bytes 206 uintptr_t data[MEMORY_BYTES_TO_DUMP / sizeof(uintptr_t)]; 207 uint8_t tags[MEMORY_BYTES_TO_DUMP / kTagGranuleSize]; 208 209 ssize_t bytes = dump_memory(data, sizeof(data), tags, sizeof(tags), &addr, memory); 210 if (bytes == -1) { 211 return; 212 } 213 214 _LOG(log, logtype::MEMORY, "\n%s:\n", label.c_str()); 215 216 // Dump the code around memory as: 217 // addr contents ascii 218 // 0000000000008d34 ef000000e8bd0090 e1b00000512fff1e ............../Q 219 // 0000000000008d44 ea00b1f9e92d0090 e3a070fcef000000 ......-..p...... 220 // On 32-bit machines, there are still 16 bytes per line but addresses and 221 // words are of course presented differently. 222 uintptr_t* data_ptr = data; 223 uint8_t* tags_ptr = tags; 224 for (size_t line = 0; line < static_cast<size_t>(bytes) / MEMORY_BYTES_PER_LINE; line++) { 225 uint64_t tagged_addr = addr | static_cast<uint64_t>(*tags_ptr++) << 56; 226 std::string logline; 227 android::base::StringAppendF(&logline, " %" PRIPTR, tagged_addr); 228 229 addr += MEMORY_BYTES_PER_LINE; 230 std::string ascii; 231 for (size_t i = 0; i < MEMORY_BYTES_PER_LINE / sizeof(uintptr_t); i++) { 232 android::base::StringAppendF(&logline, " %" PRIPTR, static_cast<uint64_t>(*data_ptr)); 233 234 // Fill out the ascii string from the data. 235 uint8_t* ptr = reinterpret_cast<uint8_t*>(data_ptr); 236 for (size_t val = 0; val < sizeof(uintptr_t); val++, ptr++) { 237 if (*ptr >= 0x20 && *ptr < 0x7f) { 238 ascii += *ptr; 239 } else { 240 ascii += '.'; 241 } 242 } 243 data_ptr++; 244 } 245 _LOG(log, logtype::MEMORY, "%s %s\n", logline.c_str(), ascii.c_str()); 246 } 247 } 248 drop_capabilities()249 void drop_capabilities() { 250 __user_cap_header_struct capheader; 251 memset(&capheader, 0, sizeof(capheader)); 252 capheader.version = _LINUX_CAPABILITY_VERSION_3; 253 capheader.pid = 0; 254 255 __user_cap_data_struct capdata[2]; 256 memset(&capdata, 0, sizeof(capdata)); 257 258 if (capset(&capheader, &capdata[0]) == -1) { 259 async_safe_fatal("failed to drop capabilities: %s", strerror(errno)); 260 } 261 262 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) { 263 async_safe_fatal("failed to set PR_SET_NO_NEW_PRIVS: %s", strerror(errno)); 264 } 265 } 266 signal_has_si_addr(const siginfo_t * si)267 bool signal_has_si_addr(const siginfo_t* si) { 268 // Manually sent signals won't have si_addr. 269 if (si->si_code == SI_USER || si->si_code == SI_QUEUE || si->si_code == SI_TKILL) { 270 return false; 271 } 272 273 switch (si->si_signo) { 274 case SIGBUS: 275 case SIGFPE: 276 case SIGILL: 277 case SIGTRAP: 278 return true; 279 case SIGSEGV: 280 return si->si_code != SEGV_MTEAERR; 281 default: 282 return false; 283 } 284 } 285 signal_has_sender(const siginfo_t * si,pid_t caller_pid)286 bool signal_has_sender(const siginfo_t* si, pid_t caller_pid) { 287 return SI_FROMUSER(si) && (si->si_pid != 0) && (si->si_pid != caller_pid); 288 } 289 get_signal_sender(char * buf,size_t n,const siginfo_t * si)290 void get_signal_sender(char* buf, size_t n, const siginfo_t* si) { 291 snprintf(buf, n, " from pid %d, uid %d", si->si_pid, si->si_uid); 292 } 293 get_signame(const siginfo_t * si)294 const char* get_signame(const siginfo_t* si) { 295 switch (si->si_signo) { 296 case SIGABRT: return "SIGABRT"; 297 case SIGBUS: return "SIGBUS"; 298 case SIGFPE: return "SIGFPE"; 299 case SIGILL: return "SIGILL"; 300 case SIGSEGV: return "SIGSEGV"; 301 case SIGSTKFLT: return "SIGSTKFLT"; 302 case SIGSTOP: return "SIGSTOP"; 303 case SIGSYS: return "SIGSYS"; 304 case SIGTRAP: return "SIGTRAP"; 305 case BIONIC_SIGNAL_DEBUGGER: 306 return "<debuggerd signal>"; 307 default: return "?"; 308 } 309 } 310 get_sigcode(const siginfo_t * si)311 const char* get_sigcode(const siginfo_t* si) { 312 // Try the signal-specific codes... 313 switch (si->si_signo) { 314 case SIGILL: 315 switch (si->si_code) { 316 case ILL_ILLOPC: return "ILL_ILLOPC"; 317 case ILL_ILLOPN: return "ILL_ILLOPN"; 318 case ILL_ILLADR: return "ILL_ILLADR"; 319 case ILL_ILLTRP: return "ILL_ILLTRP"; 320 case ILL_PRVOPC: return "ILL_PRVOPC"; 321 case ILL_PRVREG: return "ILL_PRVREG"; 322 case ILL_COPROC: return "ILL_COPROC"; 323 case ILL_BADSTK: return "ILL_BADSTK"; 324 case ILL_BADIADDR: 325 return "ILL_BADIADDR"; 326 case __ILL_BREAK: 327 return "ILL_BREAK"; 328 case __ILL_BNDMOD: 329 return "ILL_BNDMOD"; 330 } 331 static_assert(NSIGILL == __ILL_BNDMOD, "missing ILL_* si_code"); 332 break; 333 case SIGBUS: 334 switch (si->si_code) { 335 case BUS_ADRALN: return "BUS_ADRALN"; 336 case BUS_ADRERR: return "BUS_ADRERR"; 337 case BUS_OBJERR: return "BUS_OBJERR"; 338 case BUS_MCEERR_AR: return "BUS_MCEERR_AR"; 339 case BUS_MCEERR_AO: return "BUS_MCEERR_AO"; 340 } 341 static_assert(NSIGBUS == BUS_MCEERR_AO, "missing BUS_* si_code"); 342 break; 343 case SIGFPE: 344 switch (si->si_code) { 345 case FPE_INTDIV: return "FPE_INTDIV"; 346 case FPE_INTOVF: return "FPE_INTOVF"; 347 case FPE_FLTDIV: return "FPE_FLTDIV"; 348 case FPE_FLTOVF: return "FPE_FLTOVF"; 349 case FPE_FLTUND: return "FPE_FLTUND"; 350 case FPE_FLTRES: return "FPE_FLTRES"; 351 case FPE_FLTINV: return "FPE_FLTINV"; 352 case FPE_FLTSUB: return "FPE_FLTSUB"; 353 case __FPE_DECOVF: 354 return "FPE_DECOVF"; 355 case __FPE_DECDIV: 356 return "FPE_DECDIV"; 357 case __FPE_DECERR: 358 return "FPE_DECERR"; 359 case __FPE_INVASC: 360 return "FPE_INVASC"; 361 case __FPE_INVDEC: 362 return "FPE_INVDEC"; 363 case FPE_FLTUNK: 364 return "FPE_FLTUNK"; 365 case FPE_CONDTRAP: 366 return "FPE_CONDTRAP"; 367 } 368 static_assert(NSIGFPE == FPE_CONDTRAP, "missing FPE_* si_code"); 369 break; 370 case SIGSEGV: 371 switch (si->si_code) { 372 case SEGV_MAPERR: return "SEGV_MAPERR"; 373 case SEGV_ACCERR: return "SEGV_ACCERR"; 374 case SEGV_BNDERR: return "SEGV_BNDERR"; 375 case SEGV_PKUERR: return "SEGV_PKUERR"; 376 case SEGV_ACCADI: 377 return "SEGV_ACCADI"; 378 case SEGV_ADIDERR: 379 return "SEGV_ADIDERR"; 380 case SEGV_ADIPERR: 381 return "SEGV_ADIPERR"; 382 case SEGV_MTEAERR: 383 return "SEGV_MTEAERR"; 384 case SEGV_MTESERR: 385 return "SEGV_MTESERR"; 386 case SEGV_CPERR: 387 return "SEGV_CPERR"; 388 } 389 static_assert(NSIGSEGV == SEGV_CPERR, "missing SEGV_* si_code"); 390 break; 391 case SIGSYS: 392 switch (si->si_code) { 393 case SYS_SECCOMP: return "SYS_SECCOMP"; 394 case SYS_USER_DISPATCH: 395 return "SYS_USER_DISPATCH"; 396 } 397 static_assert(NSIGSYS == SYS_USER_DISPATCH, "missing SYS_* si_code"); 398 break; 399 case SIGTRAP: 400 switch (si->si_code) { 401 case TRAP_BRKPT: return "TRAP_BRKPT"; 402 case TRAP_TRACE: return "TRAP_TRACE"; 403 case TRAP_BRANCH: return "TRAP_BRANCH"; 404 case TRAP_HWBKPT: return "TRAP_HWBKPT"; 405 case TRAP_UNK: 406 return "TRAP_UNDIAGNOSED"; 407 case TRAP_PERF: 408 return "TRAP_PERF"; 409 } 410 if ((si->si_code & 0xff) == SIGTRAP) { 411 switch ((si->si_code >> 8) & 0xff) { 412 case PTRACE_EVENT_FORK: 413 return "PTRACE_EVENT_FORK"; 414 case PTRACE_EVENT_VFORK: 415 return "PTRACE_EVENT_VFORK"; 416 case PTRACE_EVENT_CLONE: 417 return "PTRACE_EVENT_CLONE"; 418 case PTRACE_EVENT_EXEC: 419 return "PTRACE_EVENT_EXEC"; 420 case PTRACE_EVENT_VFORK_DONE: 421 return "PTRACE_EVENT_VFORK_DONE"; 422 case PTRACE_EVENT_EXIT: 423 return "PTRACE_EVENT_EXIT"; 424 case PTRACE_EVENT_SECCOMP: 425 return "PTRACE_EVENT_SECCOMP"; 426 case PTRACE_EVENT_STOP: 427 return "PTRACE_EVENT_STOP"; 428 } 429 } 430 static_assert(NSIGTRAP == TRAP_PERF, "missing TRAP_* si_code"); 431 break; 432 } 433 // Then the other codes... 434 switch (si->si_code) { 435 case SI_USER: return "SI_USER"; 436 case SI_KERNEL: return "SI_KERNEL"; 437 case SI_QUEUE: return "SI_QUEUE"; 438 case SI_TIMER: return "SI_TIMER"; 439 case SI_MESGQ: return "SI_MESGQ"; 440 case SI_ASYNCIO: return "SI_ASYNCIO"; 441 case SI_SIGIO: return "SI_SIGIO"; 442 case SI_TKILL: return "SI_TKILL"; 443 case SI_DETHREAD: return "SI_DETHREAD"; 444 } 445 // Then give up... 446 return "?"; 447 } 448 log_backtrace(log_t * log,unwindstack::AndroidUnwinder * unwinder,unwindstack::AndroidUnwinderData & data,const char * prefix)449 void log_backtrace(log_t* log, unwindstack::AndroidUnwinder* unwinder, 450 unwindstack::AndroidUnwinderData& data, const char* prefix) { 451 std::set<std::string> unreadable_elf_files; 452 for (const auto& frame : data.frames) { 453 if (frame.map_info != nullptr && frame.map_info->ElfFileNotReadable()) { 454 unreadable_elf_files.emplace(frame.map_info->name()); 455 } 456 } 457 458 // Put the preamble ahead of the backtrace. 459 if (!unreadable_elf_files.empty()) { 460 _LOG(log, logtype::BACKTRACE, 461 "%sNOTE: Function names and BuildId information is missing for some frames due\n", prefix); 462 _LOG(log, logtype::BACKTRACE, 463 "%sNOTE: to unreadable libraries. For unwinds of apps, only shared libraries\n", prefix); 464 _LOG(log, logtype::BACKTRACE, "%sNOTE: found under the lib/ directory are readable.\n", prefix); 465 #if defined(ROOT_POSSIBLE) 466 _LOG(log, logtype::BACKTRACE, 467 "%sNOTE: On this device, run setenforce 0 to make the libraries readable.\n", prefix); 468 #endif 469 _LOG(log, logtype::BACKTRACE, "%sNOTE: Unreadable libraries:\n", prefix); 470 for (auto& name : unreadable_elf_files) { 471 _LOG(log, logtype::BACKTRACE, "%sNOTE: %s\n", prefix, name.c_str()); 472 } 473 } 474 475 for (const auto& frame : data.frames) { 476 _LOG(log, logtype::BACKTRACE, "%s%s\n", prefix, unwinder->FormatFrame(frame).c_str()); 477 } 478 } 479