1 /*
2 * Copyright 2008, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "DEBUG"
18
19 #include "utility.h"
20
21 #include <errno.h>
22 #include <signal.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <unistd.h>
26 #include <sys/ptrace.h>
27 #include <sys/wait.h>
28
29 #include <backtrace/Backtrace.h>
30 #include <base/file.h>
31 #include <base/stringprintf.h>
32 #include <log/log.h>
33
34 const int SLEEP_TIME_USEC = 50000; // 0.05 seconds
35 const int MAX_TOTAL_SLEEP_USEC = 10000000; // 10 seconds
36
37 // Whitelist output desired in the logcat output.
is_allowed_in_logcat(enum logtype ltype)38 bool is_allowed_in_logcat(enum logtype ltype) {
39 if ((ltype == ERROR)
40 || (ltype == HEADER)
41 || (ltype == REGISTERS)
42 || (ltype == BACKTRACE)) {
43 return true;
44 }
45 return false;
46 }
47
_LOG(log_t * log,enum logtype ltype,const char * fmt,...)48 void _LOG(log_t* log, enum logtype ltype, const char* fmt, ...) {
49 bool write_to_tombstone = (log->tfd != -1);
50 bool write_to_logcat = is_allowed_in_logcat(ltype)
51 && log->crashed_tid != -1
52 && log->current_tid != -1
53 && (log->crashed_tid == log->current_tid);
54 bool write_to_activitymanager = (log->amfd != -1);
55
56 char buf[512];
57 va_list ap;
58 va_start(ap, fmt);
59 vsnprintf(buf, sizeof(buf), fmt, ap);
60 va_end(ap);
61
62 size_t len = strlen(buf);
63 if (len <= 0) {
64 return;
65 }
66
67 if (write_to_tombstone) {
68 TEMP_FAILURE_RETRY(write(log->tfd, buf, len));
69 }
70
71 if (write_to_logcat) {
72 __android_log_buf_write(LOG_ID_CRASH, ANDROID_LOG_FATAL, LOG_TAG, buf);
73 if (write_to_activitymanager) {
74 if (!android::base::WriteFully(log->amfd, buf, len)) {
75 // timeout or other failure on write; stop informing the activity manager
76 ALOGE("AM write failed: %s", strerror(errno));
77 log->amfd = -1;
78 }
79 }
80 }
81 }
82
wait_for_sigstop(pid_t tid,int * total_sleep_time_usec,bool * detach_failed)83 int wait_for_sigstop(pid_t tid, int* total_sleep_time_usec, bool* detach_failed) {
84 bool allow_dead_tid = false;
85 for (;;) {
86 int status;
87 pid_t n = TEMP_FAILURE_RETRY(waitpid(tid, &status, __WALL | WNOHANG));
88 if (n == -1) {
89 ALOGE("waitpid failed: tid %d, %s", tid, strerror(errno));
90 break;
91 } else if (n == tid) {
92 if (WIFSTOPPED(status)) {
93 return WSTOPSIG(status);
94 } else {
95 ALOGE("unexpected waitpid response: n=%d, status=%08x\n", n, status);
96 // This is the only circumstance under which we can allow a detach
97 // to fail with ESRCH, which indicates the tid has exited.
98 allow_dead_tid = true;
99 break;
100 }
101 }
102
103 if (*total_sleep_time_usec > MAX_TOTAL_SLEEP_USEC) {
104 ALOGE("timed out waiting for stop signal: tid=%d", tid);
105 break;
106 }
107
108 usleep(SLEEP_TIME_USEC);
109 *total_sleep_time_usec += SLEEP_TIME_USEC;
110 }
111
112 if (ptrace(PTRACE_DETACH, tid, 0, 0) != 0) {
113 if (allow_dead_tid && errno == ESRCH) {
114 ALOGE("tid exited before attach completed: tid %d", tid);
115 } else {
116 *detach_failed = true;
117 ALOGE("detach failed: tid %d, %s", tid, strerror(errno));
118 }
119 }
120 return -1;
121 }
122
123 #define MEMORY_BYTES_TO_DUMP 256
124 #define MEMORY_BYTES_PER_LINE 16
125
dump_memory(log_t * log,Backtrace * backtrace,uintptr_t addr,const char * fmt,...)126 void dump_memory(log_t* log, Backtrace* backtrace, uintptr_t addr, const char* fmt, ...) {
127 std::string log_msg;
128 va_list ap;
129 va_start(ap, fmt);
130 android::base::StringAppendV(&log_msg, fmt, ap);
131 va_end(ap);
132
133 // Align the address to sizeof(long) and start 32 bytes before the address.
134 addr &= ~(sizeof(long) - 1);
135 if (addr >= 4128) {
136 addr -= 32;
137 }
138
139 // Don't bother if the address looks too low, or looks too high.
140 if (addr < 4096 ||
141 #if defined(__LP64__)
142 addr > 0x4000000000000000UL - MEMORY_BYTES_TO_DUMP) {
143 #else
144 addr > 0xffff0000 - MEMORY_BYTES_TO_DUMP) {
145 #endif
146 return;
147 }
148
149 _LOG(log, logtype::MEMORY, "\n%s\n", log_msg.c_str());
150
151 // Dump 256 bytes
152 uintptr_t data[MEMORY_BYTES_TO_DUMP/sizeof(uintptr_t)];
153 memset(data, 0, MEMORY_BYTES_TO_DUMP);
154 size_t bytes = backtrace->Read(addr, reinterpret_cast<uint8_t*>(data), sizeof(data));
155 if (bytes % sizeof(uintptr_t) != 0) {
156 // This should never happen, but just in case.
157 ALOGE("Bytes read %zu, is not a multiple of %zu", bytes, sizeof(uintptr_t));
158 bytes &= ~(sizeof(uintptr_t) - 1);
159 }
160
161 if (bytes < MEMORY_BYTES_TO_DUMP && bytes > 0) {
162 // Try to do one more read. This could happen if a read crosses a map, but
163 // the maps do not have any break between them. Only requires one extra
164 // read because a map has to contain at least one page, and the total
165 // number of bytes to dump is smaller than a page.
166 size_t bytes2 = backtrace->Read(addr + bytes, reinterpret_cast<uint8_t*>(data) + bytes,
167 sizeof(data) - bytes);
168 bytes += bytes2;
169 if (bytes2 > 0 && bytes % sizeof(uintptr_t) != 0) {
170 // This should never happen, but we'll try and continue any way.
171 ALOGE("Bytes after second read %zu, is not a multiple of %zu", bytes, sizeof(uintptr_t));
172 bytes &= ~(sizeof(uintptr_t) - 1);
173 }
174 }
175
176 // Dump the code around memory as:
177 // addr contents ascii
178 // 0000000000008d34 ef000000e8bd0090 e1b00000512fff1e ............../Q
179 // 0000000000008d44 ea00b1f9e92d0090 e3a070fcef000000 ......-..p......
180 // On 32-bit machines, there are still 16 bytes per line but addresses and
181 // words are of course presented differently.
182 uintptr_t* data_ptr = data;
183 for (size_t line = 0; line < MEMORY_BYTES_TO_DUMP / MEMORY_BYTES_PER_LINE; line++) {
184 std::string logline;
185 android::base::StringAppendF(&logline, " %" PRIPTR, addr);
186
187 addr += MEMORY_BYTES_PER_LINE;
188 std::string ascii;
189 for (size_t i = 0; i < MEMORY_BYTES_PER_LINE / sizeof(uintptr_t); i++, data_ptr++) {
190 if (bytes >= sizeof(uintptr_t)) {
191 bytes -= sizeof(uintptr_t);
192 android::base::StringAppendF(&logline, " %" PRIPTR, *data_ptr);
193
194 // Fill out the ascii string from the data.
195 uint8_t* ptr = reinterpret_cast<uint8_t*>(data_ptr);
196 for (size_t val = 0; val < sizeof(uintptr_t); val++, ptr++) {
197 if (*ptr >= 0x20 && *ptr < 0x7f) {
198 ascii += *ptr;
199 } else {
200 ascii += '.';
201 }
202 }
203 } else {
204 logline += ' ' + std::string(sizeof(uintptr_t) * 2, '-');
205 ascii += std::string(sizeof(uintptr_t), '.');
206 }
207 }
208 _LOG(log, logtype::MEMORY, "%s %s\n", logline.c_str(), ascii.c_str());
209 }
210 }
211
212 bool pid_contains_tid(pid_t pid, pid_t tid) {
213 char task_path[PATH_MAX];
214 if (snprintf(task_path, PATH_MAX, "/proc/%d/task/%d", pid, tid) >= PATH_MAX) {
215 ALOGE("debuggerd: task path overflow (pid = %d, tid = %d)\n", pid, tid);
216 exit(1);
217 }
218
219 return access(task_path, F_OK) == 0;
220 }
221
222 // Attach to a thread, and verify that it's still a member of the given process
223 bool ptrace_attach_thread(pid_t pid, pid_t tid) {
224 if (ptrace(PTRACE_ATTACH, tid, 0, 0) != 0) {
225 return false;
226 }
227
228 // Make sure that the task we attached to is actually part of the pid we're dumping.
229 if (!pid_contains_tid(pid, tid)) {
230 if (ptrace(PTRACE_DETACH, tid, 0, 0) != 0) {
231 ALOGE("debuggerd: failed to detach from thread '%d'", tid);
232 exit(1);
233 }
234 return false;
235 }
236
237 return true;
238 }
239