1 /*
2 * Copyright (C) 2012-2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "DEBUG"
18
19 #include <dirent.h>
20 #include <errno.h>
21 #include <fcntl.h>
22 #include <inttypes.h>
23 #include <signal.h>
24 #include <stddef.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <time.h>
29 #include <sys/ptrace.h>
30 #include <sys/socket.h>
31 #include <sys/stat.h>
32 #include <sys/un.h>
33
34 #include <private/android_filesystem_config.h>
35
36 #include <cutils/properties.h>
37 #include <log/log.h>
38 #include <log/logger.h>
39 #include <log/logprint.h>
40
41 #include <backtrace/Backtrace.h>
42 #include <backtrace/BacktraceMap.h>
43
44 #include <selinux/android.h>
45
46 #include <UniquePtr.h>
47
48 #include "machine.h"
49 #include "tombstone.h"
50 #include "backtrace.h"
51
52 #define STACK_WORDS 16
53
54 #define MAX_TOMBSTONES 10
55 #define TOMBSTONE_DIR "/data/tombstones"
56 #define TOMBSTONE_TEMPLATE (TOMBSTONE_DIR"/tombstone_%02d")
57
58 // Must match the path defined in NativeCrashListener.java
59 #define NCRASH_SOCKET_PATH "/data/system/ndebugsocket"
60
signal_has_si_addr(int sig)61 static bool signal_has_si_addr(int sig) {
62 switch (sig) {
63 case SIGBUS:
64 case SIGFPE:
65 case SIGILL:
66 case SIGSEGV:
67 case SIGTRAP:
68 return true;
69 default:
70 return false;
71 }
72 }
73
get_signame(int sig)74 static const char* get_signame(int sig) {
75 switch(sig) {
76 case SIGABRT: return "SIGABRT";
77 case SIGBUS: return "SIGBUS";
78 case SIGFPE: return "SIGFPE";
79 case SIGILL: return "SIGILL";
80 case SIGPIPE: return "SIGPIPE";
81 case SIGSEGV: return "SIGSEGV";
82 #if defined(SIGSTKFLT)
83 case SIGSTKFLT: return "SIGSTKFLT";
84 #endif
85 case SIGSTOP: return "SIGSTOP";
86 case SIGTRAP: return "SIGTRAP";
87 default: return "?";
88 }
89 }
90
get_sigcode(int signo,int code)91 static const char* get_sigcode(int signo, int code) {
92 // Try the signal-specific codes...
93 switch (signo) {
94 case SIGILL:
95 switch (code) {
96 case ILL_ILLOPC: return "ILL_ILLOPC";
97 case ILL_ILLOPN: return "ILL_ILLOPN";
98 case ILL_ILLADR: return "ILL_ILLADR";
99 case ILL_ILLTRP: return "ILL_ILLTRP";
100 case ILL_PRVOPC: return "ILL_PRVOPC";
101 case ILL_PRVREG: return "ILL_PRVREG";
102 case ILL_COPROC: return "ILL_COPROC";
103 case ILL_BADSTK: return "ILL_BADSTK";
104 }
105 static_assert(NSIGILL == ILL_BADSTK, "missing ILL_* si_code");
106 break;
107 case SIGBUS:
108 switch (code) {
109 case BUS_ADRALN: return "BUS_ADRALN";
110 case BUS_ADRERR: return "BUS_ADRERR";
111 case BUS_OBJERR: return "BUS_OBJERR";
112 case BUS_MCEERR_AR: return "BUS_MCEERR_AR";
113 case BUS_MCEERR_AO: return "BUS_MCEERR_AO";
114 }
115 static_assert(NSIGBUS == BUS_MCEERR_AO, "missing BUS_* si_code");
116 break;
117 case SIGFPE:
118 switch (code) {
119 case FPE_INTDIV: return "FPE_INTDIV";
120 case FPE_INTOVF: return "FPE_INTOVF";
121 case FPE_FLTDIV: return "FPE_FLTDIV";
122 case FPE_FLTOVF: return "FPE_FLTOVF";
123 case FPE_FLTUND: return "FPE_FLTUND";
124 case FPE_FLTRES: return "FPE_FLTRES";
125 case FPE_FLTINV: return "FPE_FLTINV";
126 case FPE_FLTSUB: return "FPE_FLTSUB";
127 }
128 static_assert(NSIGFPE == FPE_FLTSUB, "missing FPE_* si_code");
129 break;
130 case SIGSEGV:
131 switch (code) {
132 case SEGV_MAPERR: return "SEGV_MAPERR";
133 case SEGV_ACCERR: return "SEGV_ACCERR";
134 }
135 static_assert(NSIGSEGV == SEGV_ACCERR, "missing SEGV_* si_code");
136 break;
137 case SIGTRAP:
138 switch (code) {
139 case TRAP_BRKPT: return "TRAP_BRKPT";
140 case TRAP_TRACE: return "TRAP_TRACE";
141 case TRAP_BRANCH: return "TRAP_BRANCH";
142 case TRAP_HWBKPT: return "TRAP_HWBKPT";
143 }
144 static_assert(NSIGTRAP == TRAP_HWBKPT, "missing TRAP_* si_code");
145 break;
146 }
147 // Then the other codes...
148 switch (code) {
149 case SI_USER: return "SI_USER";
150 case SI_KERNEL: return "SI_KERNEL";
151 case SI_QUEUE: return "SI_QUEUE";
152 case SI_TIMER: return "SI_TIMER";
153 case SI_MESGQ: return "SI_MESGQ";
154 case SI_ASYNCIO: return "SI_ASYNCIO";
155 case SI_SIGIO: return "SI_SIGIO";
156 case SI_TKILL: return "SI_TKILL";
157 case SI_DETHREAD: return "SI_DETHREAD";
158 }
159 // Then give up...
160 return "?";
161 }
162
dump_header_info(log_t * log)163 static void dump_header_info(log_t* log) {
164 char fingerprint[PROPERTY_VALUE_MAX];
165 char revision[PROPERTY_VALUE_MAX];
166
167 property_get("ro.build.fingerprint", fingerprint, "unknown");
168 property_get("ro.revision", revision, "unknown");
169
170 _LOG(log, logtype::HEADER, "Build fingerprint: '%s'\n", fingerprint);
171 _LOG(log, logtype::HEADER, "Revision: '%s'\n", revision);
172 _LOG(log, logtype::HEADER, "ABI: '%s'\n", ABI_STRING);
173 }
174
dump_signal_info(log_t * log,pid_t tid,int signal,int si_code)175 static void dump_signal_info(log_t* log, pid_t tid, int signal, int si_code) {
176 siginfo_t si;
177 memset(&si, 0, sizeof(si));
178 if (ptrace(PTRACE_GETSIGINFO, tid, 0, &si) == -1) {
179 _LOG(log, logtype::HEADER, "cannot get siginfo: %s\n", strerror(errno));
180 return;
181 }
182
183 // bionic has to re-raise some signals, which overwrites the si_code with SI_TKILL.
184 si.si_code = si_code;
185
186 char addr_desc[32]; // ", fault addr 0x1234"
187 if (signal_has_si_addr(signal)) {
188 snprintf(addr_desc, sizeof(addr_desc), "%p", si.si_addr);
189 } else {
190 snprintf(addr_desc, sizeof(addr_desc), "--------");
191 }
192
193 _LOG(log, logtype::HEADER, "signal %d (%s), code %d (%s), fault addr %s\n",
194 signal, get_signame(signal), si.si_code, get_sigcode(signal, si.si_code), addr_desc);
195 }
196
dump_thread_info(log_t * log,pid_t pid,pid_t tid)197 static void dump_thread_info(log_t* log, pid_t pid, pid_t tid) {
198 char path[64];
199 char threadnamebuf[1024];
200 char* threadname = NULL;
201 FILE *fp;
202
203 snprintf(path, sizeof(path), "/proc/%d/comm", tid);
204 if ((fp = fopen(path, "r"))) {
205 threadname = fgets(threadnamebuf, sizeof(threadnamebuf), fp);
206 fclose(fp);
207 if (threadname) {
208 size_t len = strlen(threadname);
209 if (len && threadname[len - 1] == '\n') {
210 threadname[len - 1] = '\0';
211 }
212 }
213 }
214 // Blacklist logd, logd.reader, logd.writer, logd.auditd, logd.control ...
215 static const char logd[] = "logd";
216 if (!strncmp(threadname, logd, sizeof(logd) - 1)
217 && (!threadname[sizeof(logd) - 1] || (threadname[sizeof(logd) - 1] == '.'))) {
218 log->should_retrieve_logcat = false;
219 }
220
221 char procnamebuf[1024];
222 char* procname = NULL;
223
224 snprintf(path, sizeof(path), "/proc/%d/cmdline", pid);
225 if ((fp = fopen(path, "r"))) {
226 procname = fgets(procnamebuf, sizeof(procnamebuf), fp);
227 fclose(fp);
228 }
229
230 _LOG(log, logtype::HEADER, "pid: %d, tid: %d, name: %s >>> %s <<<\n", pid, tid,
231 threadname ? threadname : "UNKNOWN", procname ? procname : "UNKNOWN");
232 }
233
dump_stack_segment(Backtrace * backtrace,log_t * log,uintptr_t * sp,size_t words,int label)234 static void dump_stack_segment(
235 Backtrace* backtrace, log_t* log, uintptr_t* sp, size_t words, int label) {
236 for (size_t i = 0; i < words; i++) {
237 word_t stack_content;
238 if (!backtrace->ReadWord(*sp, &stack_content)) {
239 break;
240 }
241
242 const backtrace_map_t* map = backtrace->FindMap(stack_content);
243 const char* map_name;
244 if (!map) {
245 map_name = "";
246 } else {
247 map_name = map->name.c_str();
248 }
249 uintptr_t offset = 0;
250 std::string func_name(backtrace->GetFunctionName(stack_content, &offset));
251 if (!func_name.empty()) {
252 if (!i && label >= 0) {
253 if (offset) {
254 _LOG(log, logtype::STACK, " #%02d %" PRIPTR " %" PRIPTR " %s (%s+%" PRIuPTR ")\n",
255 label, *sp, stack_content, map_name, func_name.c_str(), offset);
256 } else {
257 _LOG(log, logtype::STACK, " #%02d %" PRIPTR " %" PRIPTR " %s (%s)\n",
258 label, *sp, stack_content, map_name, func_name.c_str());
259 }
260 } else {
261 if (offset) {
262 _LOG(log, logtype::STACK, " %" PRIPTR " %" PRIPTR " %s (%s+%" PRIuPTR ")\n",
263 *sp, stack_content, map_name, func_name.c_str(), offset);
264 } else {
265 _LOG(log, logtype::STACK, " %" PRIPTR " %" PRIPTR " %s (%s)\n",
266 *sp, stack_content, map_name, func_name.c_str());
267 }
268 }
269 } else {
270 if (!i && label >= 0) {
271 _LOG(log, logtype::STACK, " #%02d %" PRIPTR " %" PRIPTR " %s\n",
272 label, *sp, stack_content, map_name);
273 } else {
274 _LOG(log, logtype::STACK, " %" PRIPTR " %" PRIPTR " %s\n",
275 *sp, stack_content, map_name);
276 }
277 }
278
279 *sp += sizeof(word_t);
280 }
281 }
282
dump_stack(Backtrace * backtrace,log_t * log)283 static void dump_stack(Backtrace* backtrace, log_t* log) {
284 size_t first = 0, last;
285 for (size_t i = 0; i < backtrace->NumFrames(); i++) {
286 const backtrace_frame_data_t* frame = backtrace->GetFrame(i);
287 if (frame->sp) {
288 if (!first) {
289 first = i+1;
290 }
291 last = i;
292 }
293 }
294 if (!first) {
295 return;
296 }
297 first--;
298
299 // Dump a few words before the first frame.
300 word_t sp = backtrace->GetFrame(first)->sp - STACK_WORDS * sizeof(word_t);
301 dump_stack_segment(backtrace, log, &sp, STACK_WORDS, -1);
302
303 // Dump a few words from all successive frames.
304 // Only log the first 3 frames, put the rest in the tombstone.
305 for (size_t i = first; i <= last; i++) {
306 const backtrace_frame_data_t* frame = backtrace->GetFrame(i);
307 if (sp != frame->sp) {
308 _LOG(log, logtype::STACK, " ........ ........\n");
309 sp = frame->sp;
310 }
311 if (i == last) {
312 dump_stack_segment(backtrace, log, &sp, STACK_WORDS, i);
313 if (sp < frame->sp + frame->stack_size) {
314 _LOG(log, logtype::STACK, " ........ ........\n");
315 }
316 } else {
317 size_t words = frame->stack_size / sizeof(word_t);
318 if (words == 0) {
319 words = 1;
320 } else if (words > STACK_WORDS) {
321 words = STACK_WORDS;
322 }
323 dump_stack_segment(backtrace, log, &sp, words, i);
324 }
325 }
326 }
327
dump_backtrace_and_stack(Backtrace * backtrace,log_t * log)328 static void dump_backtrace_and_stack(Backtrace* backtrace, log_t* log) {
329 if (backtrace->NumFrames()) {
330 _LOG(log, logtype::BACKTRACE, "\nbacktrace:\n");
331 dump_backtrace_to_log(backtrace, log, " ");
332
333 _LOG(log, logtype::STACK, "\nstack:\n");
334 dump_stack(backtrace, log);
335 }
336 }
337
dump_map(log_t * log,const backtrace_map_t * map,bool fault_addr)338 static void dump_map(log_t* log, const backtrace_map_t* map, bool fault_addr) {
339 _LOG(log, logtype::MAPS, "%s%" PRIPTR "-%" PRIPTR " %c%c%c %7" PRIdPTR " %s\n",
340 (fault_addr? "--->" : " "), map->start, map->end - 1,
341 (map->flags & PROT_READ) ? 'r' : '-', (map->flags & PROT_WRITE) ? 'w' : '-',
342 (map->flags & PROT_EXEC) ? 'x' : '-',
343 (map->end - map->start), map->name.c_str());
344 }
345
dump_nearby_maps(BacktraceMap * map,log_t * log,pid_t tid)346 static void dump_nearby_maps(BacktraceMap* map, log_t* log, pid_t tid) {
347 siginfo_t si;
348 memset(&si, 0, sizeof(si));
349 if (ptrace(PTRACE_GETSIGINFO, tid, 0, &si)) {
350 _LOG(log, logtype::MAPS, "cannot get siginfo for %d: %s\n", tid, strerror(errno));
351 return;
352 }
353
354 bool has_fault_address = signal_has_si_addr(si.si_signo);
355 uintptr_t addr = reinterpret_cast<uintptr_t>(si.si_addr);
356
357 _LOG(log, logtype::MAPS, "\nmemory map: %s\n", has_fault_address ? "(fault address prefixed with --->)" : "");
358
359 if (has_fault_address && (addr < map->begin()->start)) {
360 _LOG(log, logtype::MAPS, "--->Fault address falls at %" PRIPTR " before any mapped regions\n", addr);
361 }
362
363 BacktraceMap::const_iterator prev = map->begin();
364 for (BacktraceMap::const_iterator it = map->begin(); it != map->end(); ++it) {
365 if (addr >= (*prev).end && addr < (*it).start) {
366 _LOG(log, logtype::MAPS, "--->Fault address falls at %" PRIPTR " between mapped regions\n", addr);
367 }
368 prev = it;
369 bool in_map = has_fault_address && (addr >= (*it).start) && (addr < (*it).end);
370 dump_map(log, &*it, in_map);
371 }
372 if (has_fault_address && (addr >= (*prev).end)) {
373 _LOG(log, logtype::MAPS, "--->Fault address falls at %" PRIPTR " after any mapped regions\n", addr);
374 }
375 }
376
dump_thread(Backtrace * backtrace,log_t * log,int * total_sleep_time_usec)377 static void dump_thread(
378 Backtrace* backtrace, log_t* log, int* total_sleep_time_usec) {
379
380 wait_for_stop(backtrace->Tid(), total_sleep_time_usec);
381
382 dump_registers(log, backtrace->Tid());
383 dump_backtrace_and_stack(backtrace, log);
384
385 dump_memory_and_code(log, backtrace->Tid());
386 dump_nearby_maps(backtrace->GetMap(), log, backtrace->Tid());
387 }
388
389 // Return true if some thread is not detached cleanly
dump_sibling_thread_report(log_t * log,pid_t pid,pid_t tid,int * total_sleep_time_usec,BacktraceMap * map)390 static bool dump_sibling_thread_report(
391 log_t* log, pid_t pid, pid_t tid, int* total_sleep_time_usec, BacktraceMap* map) {
392 char task_path[64];
393
394 snprintf(task_path, sizeof(task_path), "/proc/%d/task", pid);
395
396 DIR* d = opendir(task_path);
397 // Bail early if the task directory cannot be opened
398 if (d == NULL) {
399 ALOGE("Cannot open /proc/%d/task\n", pid);
400 return false;
401 }
402
403 bool detach_failed = false;
404 struct dirent* de;
405 while ((de = readdir(d)) != NULL) {
406 // Ignore "." and ".."
407 if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) {
408 continue;
409 }
410
411 // The main thread at fault has been handled individually
412 char* end;
413 pid_t new_tid = strtoul(de->d_name, &end, 10);
414 if (*end || new_tid == tid) {
415 continue;
416 }
417
418 // Skip this thread if cannot ptrace it
419 if (ptrace(PTRACE_ATTACH, new_tid, 0, 0) < 0) {
420 _LOG(log, logtype::ERROR, "ptrace attach to %d failed: %s\n", new_tid, strerror(errno));
421 continue;
422 }
423
424 log->current_tid = new_tid;
425 _LOG(log, logtype::THREAD, "--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---\n");
426 dump_thread_info(log, pid, new_tid);
427
428 UniquePtr<Backtrace> backtrace(Backtrace::Create(pid, new_tid, map));
429 if (backtrace->Unwind(0)) {
430 dump_thread(backtrace.get(), log, total_sleep_time_usec);
431 }
432
433 log->current_tid = log->crashed_tid;
434
435 if (ptrace(PTRACE_DETACH, new_tid, 0, 0) != 0) {
436 _LOG(log, logtype::ERROR, "ptrace detach from %d failed: %s\n", new_tid, strerror(errno));
437 detach_failed = true;
438 }
439 }
440
441 closedir(d);
442 return detach_failed;
443 }
444
445 // Reads the contents of the specified log device, filters out the entries
446 // that don't match the specified pid, and writes them to the tombstone file.
447 //
448 // If "tail" is non-zero, log the last "tail" number of lines.
449 static EventTagMap* g_eventTagMap = NULL;
450
dump_log_file(log_t * log,pid_t pid,const char * filename,unsigned int tail)451 static void dump_log_file(
452 log_t* log, pid_t pid, const char* filename, unsigned int tail) {
453 bool first = true;
454 struct logger_list* logger_list;
455
456 if (!log->should_retrieve_logcat) {
457 return;
458 }
459
460 logger_list = android_logger_list_open(
461 android_name_to_log_id(filename), O_RDONLY | O_NONBLOCK, tail, pid);
462
463 if (!logger_list) {
464 ALOGE("Unable to open %s: %s\n", filename, strerror(errno));
465 return;
466 }
467
468 struct log_msg log_entry;
469
470 while (true) {
471 ssize_t actual = android_logger_list_read(logger_list, &log_entry);
472 struct logger_entry* entry;
473
474 if (actual < 0) {
475 if (actual == -EINTR) {
476 // interrupted by signal, retry
477 continue;
478 } else if (actual == -EAGAIN) {
479 // non-blocking EOF; we're done
480 break;
481 } else {
482 _LOG(log, logtype::ERROR, "Error while reading log: %s\n",
483 strerror(-actual));
484 break;
485 }
486 } else if (actual == 0) {
487 _LOG(log, logtype::ERROR, "Got zero bytes while reading log: %s\n",
488 strerror(errno));
489 break;
490 }
491
492 // NOTE: if you ALOGV something here, this will spin forever,
493 // because you will be writing as fast as you're reading. Any
494 // high-frequency debug diagnostics should just be written to
495 // the tombstone file.
496
497 entry = &log_entry.entry_v1;
498
499 if (first) {
500 _LOG(log, logtype::LOGS, "--------- %slog %s\n",
501 tail ? "tail end of " : "", filename);
502 first = false;
503 }
504
505 // Msg format is: <priority:1><tag:N>\0<message:N>\0
506 //
507 // We want to display it in the same format as "logcat -v threadtime"
508 // (although in this case the pid is redundant).
509 static const char* kPrioChars = "!.VDIWEFS";
510 unsigned hdr_size = log_entry.entry.hdr_size;
511 if (!hdr_size) {
512 hdr_size = sizeof(log_entry.entry_v1);
513 }
514 char* msg = reinterpret_cast<char*>(log_entry.buf) + hdr_size;
515
516 char timeBuf[32];
517 time_t sec = static_cast<time_t>(entry->sec);
518 struct tm tmBuf;
519 struct tm* ptm;
520 ptm = localtime_r(&sec, &tmBuf);
521 strftime(timeBuf, sizeof(timeBuf), "%m-%d %H:%M:%S", ptm);
522
523 if (log_entry.id() == LOG_ID_EVENTS) {
524 if (!g_eventTagMap) {
525 g_eventTagMap = android_openEventTagMap(EVENT_TAG_MAP_FILE);
526 }
527 AndroidLogEntry e;
528 char buf[512];
529 android_log_processBinaryLogBuffer(entry, &e, g_eventTagMap, buf, sizeof(buf));
530 _LOG(log, logtype::LOGS, "%s.%03d %5d %5d %c %-8s: %s\n",
531 timeBuf, entry->nsec / 1000000, entry->pid, entry->tid,
532 'I', e.tag, e.message);
533 continue;
534 }
535
536 unsigned char prio = msg[0];
537 char* tag = msg + 1;
538 msg = tag + strlen(tag) + 1;
539
540 // consume any trailing newlines
541 char* nl = msg + strlen(msg) - 1;
542 while (nl >= msg && *nl == '\n') {
543 *nl-- = '\0';
544 }
545
546 char prioChar = (prio < strlen(kPrioChars) ? kPrioChars[prio] : '?');
547
548 // Look for line breaks ('\n') and display each text line
549 // on a separate line, prefixed with the header, like logcat does.
550 do {
551 nl = strchr(msg, '\n');
552 if (nl) {
553 *nl = '\0';
554 ++nl;
555 }
556
557 _LOG(log, logtype::LOGS, "%s.%03d %5d %5d %c %-8s: %s\n",
558 timeBuf, entry->nsec / 1000000, entry->pid, entry->tid,
559 prioChar, tag, msg);
560 } while ((msg = nl));
561 }
562
563 android_logger_list_free(logger_list);
564 }
565
566 // Dumps the logs generated by the specified pid to the tombstone, from both
567 // "system" and "main" log devices. Ideally we'd interleave the output.
dump_logs(log_t * log,pid_t pid,unsigned int tail)568 static void dump_logs(log_t* log, pid_t pid, unsigned int tail) {
569 dump_log_file(log, pid, "system", tail);
570 dump_log_file(log, pid, "main", tail);
571 }
572
dump_abort_message(Backtrace * backtrace,log_t * log,uintptr_t address)573 static void dump_abort_message(Backtrace* backtrace, log_t* log, uintptr_t address) {
574 if (address == 0) {
575 return;
576 }
577
578 address += sizeof(size_t); // Skip the buffer length.
579
580 char msg[512];
581 memset(msg, 0, sizeof(msg));
582 char* p = &msg[0];
583 while (p < &msg[sizeof(msg)]) {
584 word_t data;
585 size_t len = sizeof(word_t);
586 if (!backtrace->ReadWord(address, &data)) {
587 break;
588 }
589 address += sizeof(word_t);
590
591 while (len > 0 && (*p++ = (data >> (sizeof(word_t) - len) * 8) & 0xff) != 0)
592 len--;
593 }
594 msg[sizeof(msg) - 1] = '\0';
595
596 _LOG(log, logtype::HEADER, "Abort message: '%s'\n", msg);
597 }
598
599 // Dumps all information about the specified pid to the tombstone.
dump_crash(log_t * log,pid_t pid,pid_t tid,int signal,int si_code,uintptr_t abort_msg_address,bool dump_sibling_threads,int * total_sleep_time_usec)600 static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal, int si_code,
601 uintptr_t abort_msg_address, bool dump_sibling_threads,
602 int* total_sleep_time_usec) {
603 // don't copy log messages to tombstone unless this is a dev device
604 char value[PROPERTY_VALUE_MAX];
605 property_get("ro.debuggable", value, "0");
606 bool want_logs = (value[0] == '1');
607
608 if (log->amfd >= 0) {
609 // Activity Manager protocol: binary 32-bit network-byte-order ints for the
610 // pid and signal number, followed by the raw text of the dump, culminating
611 // in a zero byte that marks end-of-data.
612 uint32_t datum = htonl(pid);
613 TEMP_FAILURE_RETRY( write(log->amfd, &datum, 4) );
614 datum = htonl(signal);
615 TEMP_FAILURE_RETRY( write(log->amfd, &datum, 4) );
616 }
617
618 _LOG(log, logtype::HEADER,
619 "*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***\n");
620 dump_header_info(log);
621 dump_thread_info(log, pid, tid);
622
623 if (signal) {
624 dump_signal_info(log, tid, signal, si_code);
625 }
626
627 UniquePtr<BacktraceMap> map(BacktraceMap::Create(pid));
628 UniquePtr<Backtrace> backtrace(Backtrace::Create(pid, tid, map.get()));
629 if (backtrace->Unwind(0)) {
630 dump_abort_message(backtrace.get(), log, abort_msg_address);
631 dump_thread(backtrace.get(), log, total_sleep_time_usec);
632 }
633
634 if (want_logs) {
635 dump_logs(log, pid, 5);
636 }
637
638 bool detach_failed = false;
639 if (dump_sibling_threads) {
640 detach_failed = dump_sibling_thread_report(log, pid, tid, total_sleep_time_usec, map.get());
641 }
642
643 if (want_logs) {
644 dump_logs(log, pid, 0);
645 }
646
647 // send EOD to the Activity Manager, then wait for its ack to avoid racing ahead
648 // and killing the target out from under it
649 if (log->amfd >= 0) {
650 uint8_t eodMarker = 0;
651 TEMP_FAILURE_RETRY( write(log->amfd, &eodMarker, 1) );
652 // 3 sec timeout reading the ack; we're fine if that happens
653 TEMP_FAILURE_RETRY( read(log->amfd, &eodMarker, 1) );
654 }
655
656 return detach_failed;
657 }
658
659 // find_and_open_tombstone - find an available tombstone slot, if any, of the
660 // form tombstone_XX where XX is 00 to MAX_TOMBSTONES-1, inclusive. If no
661 // file is available, we reuse the least-recently-modified file.
662 //
663 // Returns the path of the tombstone file, allocated using malloc(). Caller must free() it.
find_and_open_tombstone(int * fd)664 static char* find_and_open_tombstone(int* fd) {
665 // In a single pass, find an available slot and, in case none
666 // exist, find and record the least-recently-modified file.
667 char path[128];
668 int oldest = -1;
669 struct stat oldest_sb;
670 for (int i = 0; i < MAX_TOMBSTONES; i++) {
671 snprintf(path, sizeof(path), TOMBSTONE_TEMPLATE, i);
672
673 struct stat sb;
674 if (!stat(path, &sb)) {
675 if (oldest < 0 || sb.st_mtime < oldest_sb.st_mtime) {
676 oldest = i;
677 oldest_sb.st_mtime = sb.st_mtime;
678 }
679 continue;
680 }
681 if (errno != ENOENT)
682 continue;
683
684 *fd = open(path, O_CREAT | O_EXCL | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, 0600);
685 if (*fd < 0)
686 continue; // raced ?
687
688 fchown(*fd, AID_SYSTEM, AID_SYSTEM);
689 return strdup(path);
690 }
691
692 if (oldest < 0) {
693 ALOGE("Failed to find a valid tombstone, default to using tombstone 0.\n");
694 oldest = 0;
695 }
696
697 // we didn't find an available file, so we clobber the oldest one
698 snprintf(path, sizeof(path), TOMBSTONE_TEMPLATE, oldest);
699 *fd = open(path, O_CREAT | O_TRUNC | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, 0600);
700 if (*fd < 0) {
701 ALOGE("failed to open tombstone file '%s': %s\n", path, strerror(errno));
702 return NULL;
703 }
704 fchown(*fd, AID_SYSTEM, AID_SYSTEM);
705 return strdup(path);
706 }
707
activity_manager_connect()708 static int activity_manager_connect() {
709 int amfd = socket(PF_UNIX, SOCK_STREAM, 0);
710 if (amfd >= 0) {
711 struct sockaddr_un address;
712 int err;
713
714 memset(&address, 0, sizeof(address));
715 address.sun_family = AF_UNIX;
716 strncpy(address.sun_path, NCRASH_SOCKET_PATH, sizeof(address.sun_path));
717 err = TEMP_FAILURE_RETRY(connect(
718 amfd, reinterpret_cast<struct sockaddr*>(&address), sizeof(address)));
719 if (!err) {
720 struct timeval tv;
721 memset(&tv, 0, sizeof(tv));
722 tv.tv_sec = 1; // tight leash
723 err = setsockopt(amfd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
724 if (!err) {
725 tv.tv_sec = 3; // 3 seconds on handshake read
726 err = setsockopt(amfd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
727 }
728 }
729 if (err) {
730 close(amfd);
731 amfd = -1;
732 }
733 }
734
735 return amfd;
736 }
737
engrave_tombstone(pid_t pid,pid_t tid,int signal,int original_si_code,uintptr_t abort_msg_address,bool dump_sibling_threads,bool * detach_failed,int * total_sleep_time_usec)738 char* engrave_tombstone(pid_t pid, pid_t tid, int signal, int original_si_code,
739 uintptr_t abort_msg_address, bool dump_sibling_threads,
740 bool* detach_failed, int* total_sleep_time_usec) {
741
742 log_t log;
743 log.current_tid = tid;
744 log.crashed_tid = tid;
745
746 if ((mkdir(TOMBSTONE_DIR, 0755) == -1) && (errno != EEXIST)) {
747 _LOG(&log, logtype::ERROR, "failed to create %s: %s\n", TOMBSTONE_DIR, strerror(errno));
748 }
749
750 if (chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM) == -1) {
751 _LOG(&log, logtype::ERROR, "failed to change ownership of %s: %s\n", TOMBSTONE_DIR, strerror(errno));
752 }
753
754 int fd = -1;
755 char* path = NULL;
756 if (selinux_android_restorecon(TOMBSTONE_DIR, 0) == 0) {
757 path = find_and_open_tombstone(&fd);
758 } else {
759 _LOG(&log, logtype::ERROR, "Failed to restore security context, not writing tombstone.\n");
760 }
761
762 if (fd < 0) {
763 _LOG(&log, logtype::ERROR, "Skipping tombstone write, nothing to do.\n");
764 *detach_failed = false;
765 return NULL;
766 }
767
768 log.tfd = fd;
769 // Preserve amfd since it can be modified through the calls below without
770 // being closed.
771 int amfd = activity_manager_connect();
772 log.amfd = amfd;
773 *detach_failed = dump_crash(&log, pid, tid, signal, original_si_code, abort_msg_address,
774 dump_sibling_threads, total_sleep_time_usec);
775
776 ALOGI("\nTombstone written to: %s\n", path);
777
778 // Either of these file descriptors can be -1, any error is ignored.
779 close(amfd);
780 close(fd);
781
782 return path;
783 }
784