1 /*
2 * Copyright (C) 2012-2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 // for manual checking of stale entries during LogBuffer::erase()
17 //#define DEBUG_CHECK_FOR_STALE_ENTRIES
18
19 #include <ctype.h>
20 #include <endian.h>
21 #include <errno.h>
22 #include <stdio.h>
23 #include <string.h>
24 #include <sys/cdefs.h>
25 #include <sys/user.h>
26 #include <time.h>
27 #include <unistd.h>
28
29 #include <unordered_map>
30
31 #include <cutils/properties.h>
32 #include <private/android_logger.h>
33
34 #include "LogBuffer.h"
35 #include "LogKlog.h"
36 #include "LogReader.h"
37 #include "LogUtils.h"
38
39 #ifndef __predict_false
40 #define __predict_false(exp) __builtin_expect((exp) != 0, 0)
41 #endif
42
43 // Default
44 #define log_buffer_size(id) mMaxSize[id]
45
46 const log_time LogBuffer::pruneMargin(3, 0);
47
init()48 void LogBuffer::init() {
49 log_id_for_each(i) {
50 mLastSet[i] = false;
51 mLast[i] = mLogElements.begin();
52
53 if (setSize(i, __android_logger_get_buffer_size(i))) {
54 setSize(i, LOG_BUFFER_MIN_SIZE);
55 }
56 }
57 bool lastMonotonic = monotonic;
58 monotonic = android_log_clockid() == CLOCK_MONOTONIC;
59 if (lastMonotonic != monotonic) {
60 //
61 // Fixup all timestamps, may not be 100% accurate, but better than
62 // throwing what we have away when we get 'surprised' by a change.
63 // In-place element fixup so no need to check reader-lock. Entries
64 // should already be in timestamp order, but we could end up with a
65 // few out-of-order entries if new monotonics come in before we
66 // are notified of the reinit change in status. A Typical example would
67 // be:
68 // --------- beginning of system
69 // 10.494082 184 201 D Cryptfs : Just triggered post_fs_data
70 // --------- beginning of kernel
71 // 0.000000 0 0 I : Initializing cgroup subsys
72 // as the act of mounting /data would trigger persist.logd.timestamp to
73 // be corrected. 1/30 corner case YMMV.
74 //
75 rdlock();
76 LogBufferElementCollection::iterator it = mLogElements.begin();
77 while ((it != mLogElements.end())) {
78 LogBufferElement* e = *it;
79 if (monotonic) {
80 if (!android::isMonotonic(e->mRealTime)) {
81 LogKlog::convertRealToMonotonic(e->mRealTime);
82 if ((e->mRealTime.tv_nsec % 1000) == 0) {
83 e->mRealTime.tv_nsec++;
84 }
85 }
86 } else {
87 if (android::isMonotonic(e->mRealTime)) {
88 LogKlog::convertMonotonicToReal(e->mRealTime);
89 if ((e->mRealTime.tv_nsec % 1000) == 0) {
90 e->mRealTime.tv_nsec++;
91 }
92 }
93 }
94 ++it;
95 }
96 unlock();
97 }
98
99 // We may have been triggered by a SIGHUP. Release any sleeping reader
100 // threads to dump their current content.
101 //
102 // NB: this is _not_ performed in the context of a SIGHUP, it is
103 // performed during startup, and in context of reinit administrative thread
104 LogTimeEntry::wrlock();
105
106 LastLogTimes::iterator times = mTimes.begin();
107 while (times != mTimes.end()) {
108 LogTimeEntry* entry = (*times);
109 if (entry->owned_Locked()) {
110 entry->triggerReader_Locked();
111 }
112 times++;
113 }
114
115 LogTimeEntry::unlock();
116 }
117
LogBuffer(LastLogTimes * times)118 LogBuffer::LogBuffer(LastLogTimes* times)
119 : monotonic(android_log_clockid() == CLOCK_MONOTONIC), mTimes(*times) {
120 pthread_rwlock_init(&mLogElementsLock, nullptr);
121
122 log_id_for_each(i) {
123 lastLoggedElements[i] = nullptr;
124 droppedElements[i] = nullptr;
125 }
126
127 init();
128 }
129
~LogBuffer()130 LogBuffer::~LogBuffer() {
131 log_id_for_each(i) {
132 delete lastLoggedElements[i];
133 delete droppedElements[i];
134 }
135 }
136
137 enum match_type { DIFFERENT, SAME, SAME_LIBLOG };
138
identical(LogBufferElement * elem,LogBufferElement * last)139 static enum match_type identical(LogBufferElement* elem,
140 LogBufferElement* last) {
141 // is it mostly identical?
142 // if (!elem) return DIFFERENT;
143 ssize_t lenl = elem->getMsgLen();
144 if (lenl <= 0) return DIFFERENT; // value if this represents a chatty elem
145 // if (!last) return DIFFERENT;
146 ssize_t lenr = last->getMsgLen();
147 if (lenr <= 0) return DIFFERENT; // value if this represents a chatty elem
148 // if (elem->getLogId() != last->getLogId()) return DIFFERENT;
149 if (elem->getUid() != last->getUid()) return DIFFERENT;
150 if (elem->getPid() != last->getPid()) return DIFFERENT;
151 if (elem->getTid() != last->getTid()) return DIFFERENT;
152
153 // last is more than a minute old, stop squashing identical messages
154 if (elem->getRealTime().nsec() >
155 (last->getRealTime().nsec() + 60 * NS_PER_SEC))
156 return DIFFERENT;
157
158 // Identical message
159 const char* msgl = elem->getMsg();
160 const char* msgr = last->getMsg();
161 if (lenl == lenr) {
162 if (!fastcmp<memcmp>(msgl, msgr, lenl)) return SAME;
163 // liblog tagged messages (content gets summed)
164 if ((elem->getLogId() == LOG_ID_EVENTS) &&
165 (lenl == sizeof(android_log_event_int_t)) &&
166 !fastcmp<memcmp>(msgl, msgr, sizeof(android_log_event_int_t) -
167 sizeof(int32_t)) &&
168 (elem->getTag() == LIBLOG_LOG_TAG)) {
169 return SAME_LIBLOG;
170 }
171 }
172
173 // audit message (except sequence number) identical?
174 if (last->isBinary()) {
175 if (fastcmp<memcmp>(msgl, msgr, sizeof(android_log_event_string_t) -
176 sizeof(int32_t))) {
177 return DIFFERENT;
178 }
179 msgl += sizeof(android_log_event_string_t);
180 lenl -= sizeof(android_log_event_string_t);
181 msgr += sizeof(android_log_event_string_t);
182 lenr -= sizeof(android_log_event_string_t);
183 }
184 static const char avc[] = "): avc: ";
185 const char* avcl = android::strnstr(msgl, lenl, avc);
186 if (!avcl) return DIFFERENT;
187 lenl -= avcl - msgl;
188 const char* avcr = android::strnstr(msgr, lenr, avc);
189 if (!avcr) return DIFFERENT;
190 lenr -= avcr - msgr;
191 if (lenl != lenr) return DIFFERENT;
192 if (fastcmp<memcmp>(avcl + strlen(avc), avcr + strlen(avc),
193 lenl - strlen(avc))) {
194 return DIFFERENT;
195 }
196 return SAME;
197 }
198
log(log_id_t log_id,log_time realtime,uid_t uid,pid_t pid,pid_t tid,const char * msg,unsigned short len)199 int LogBuffer::log(log_id_t log_id, log_time realtime, uid_t uid, pid_t pid,
200 pid_t tid, const char* msg, unsigned short len) {
201 if ((log_id >= LOG_ID_MAX) || (log_id < 0)) {
202 return -EINVAL;
203 }
204
205 // Slip the time by 1 nsec if the incoming lands on xxxxxx000 ns.
206 // This prevents any chance that an outside source can request an
207 // exact entry with time specified in ms or us precision.
208 if ((realtime.tv_nsec % 1000) == 0) ++realtime.tv_nsec;
209
210 LogBufferElement* elem =
211 new LogBufferElement(log_id, realtime, uid, pid, tid, msg, len);
212 if (log_id != LOG_ID_SECURITY) {
213 int prio = ANDROID_LOG_INFO;
214 const char* tag = nullptr;
215 if (log_id == LOG_ID_EVENTS) {
216 tag = tagToName(elem->getTag());
217 } else {
218 prio = *msg;
219 tag = msg + 1;
220 }
221 if (!__android_log_is_loggable(prio, tag, ANDROID_LOG_VERBOSE)) {
222 // Log traffic received to total
223 wrlock();
224 stats.addTotal(elem);
225 unlock();
226 delete elem;
227 return -EACCES;
228 }
229 }
230
231 wrlock();
232 LogBufferElement* currentLast = lastLoggedElements[log_id];
233 if (currentLast) {
234 LogBufferElement* dropped = droppedElements[log_id];
235 unsigned short count = dropped ? dropped->getDropped() : 0;
236 //
237 // State Init
238 // incoming:
239 // dropped = nullptr
240 // currentLast = nullptr;
241 // elem = incoming message
242 // outgoing:
243 // dropped = nullptr -> State 0
244 // currentLast = copy of elem
245 // log elem
246 // State 0
247 // incoming:
248 // count = 0
249 // dropped = nullptr
250 // currentLast = copy of last message
251 // elem = incoming message
252 // outgoing: if match != DIFFERENT
253 // dropped = copy of first identical message -> State 1
254 // currentLast = reference to elem
255 // break: if match == DIFFERENT
256 // dropped = nullptr -> State 0
257 // delete copy of last message (incoming currentLast)
258 // currentLast = copy of elem
259 // log elem
260 // State 1
261 // incoming:
262 // count = 0
263 // dropped = copy of first identical message
264 // currentLast = reference to last held-back incoming
265 // message
266 // elem = incoming message
267 // outgoing: if match == SAME
268 // delete copy of first identical message (dropped)
269 // dropped = reference to last held-back incoming
270 // message set to chatty count of 1 -> State 2
271 // currentLast = reference to elem
272 // outgoing: if match == SAME_LIBLOG
273 // dropped = copy of first identical message -> State 1
274 // take sum of currentLast and elem
275 // if sum overflows:
276 // log currentLast
277 // currentLast = reference to elem
278 // else
279 // delete currentLast
280 // currentLast = reference to elem, sum liblog.
281 // break: if match == DIFFERENT
282 // delete dropped
283 // dropped = nullptr -> State 0
284 // log reference to last held-back (currentLast)
285 // currentLast = copy of elem
286 // log elem
287 // State 2
288 // incoming:
289 // count = chatty count
290 // dropped = chatty message holding count
291 // currentLast = reference to last held-back incoming
292 // message.
293 // dropped = chatty message holding count
294 // elem = incoming message
295 // outgoing: if match != DIFFERENT
296 // delete chatty message holding count
297 // dropped = reference to last held-back incoming
298 // message, set to chatty count + 1
299 // currentLast = reference to elem
300 // break: if match == DIFFERENT
301 // log dropped (chatty message)
302 // dropped = nullptr -> State 0
303 // log reference to last held-back (currentLast)
304 // currentLast = copy of elem
305 // log elem
306 //
307 enum match_type match = identical(elem, currentLast);
308 if (match != DIFFERENT) {
309 if (dropped) {
310 // Sum up liblog tag messages?
311 if ((count == 0) /* at Pass 1 */ && (match == SAME_LIBLOG)) {
312 android_log_event_int_t* event =
313 reinterpret_cast<android_log_event_int_t*>(
314 const_cast<char*>(currentLast->getMsg()));
315 //
316 // To unit test, differentiate with something like:
317 // event->header.tag = htole32(CHATTY_LOG_TAG);
318 // here, then instead of delete currentLast below,
319 // log(currentLast) to see the incremental sums form.
320 //
321 uint32_t swab = event->payload.data;
322 unsigned long long total = htole32(swab);
323 event = reinterpret_cast<android_log_event_int_t*>(
324 const_cast<char*>(elem->getMsg()));
325 swab = event->payload.data;
326
327 lastLoggedElements[LOG_ID_EVENTS] = elem;
328 total += htole32(swab);
329 // check for overflow
330 if (total >= UINT32_MAX) {
331 log(currentLast);
332 unlock();
333 return len;
334 }
335 stats.addTotal(currentLast);
336 delete currentLast;
337 swab = total;
338 event->payload.data = htole32(swab);
339 unlock();
340 return len;
341 }
342 if (count == USHRT_MAX) {
343 log(dropped);
344 count = 1;
345 } else {
346 delete dropped;
347 ++count;
348 }
349 }
350 if (count) {
351 stats.addTotal(currentLast);
352 currentLast->setDropped(count);
353 }
354 droppedElements[log_id] = currentLast;
355 lastLoggedElements[log_id] = elem;
356 unlock();
357 return len;
358 }
359 if (dropped) { // State 1 or 2
360 if (count) { // State 2
361 log(dropped); // report chatty
362 } else { // State 1
363 delete dropped;
364 }
365 droppedElements[log_id] = nullptr;
366 log(currentLast); // report last message in the series
367 } else { // State 0
368 delete currentLast;
369 }
370 }
371 lastLoggedElements[log_id] = new LogBufferElement(*elem);
372
373 log(elem);
374 unlock();
375
376 return len;
377 }
378
379 // assumes LogBuffer::wrlock() held, owns elem, look after garbage collection
log(LogBufferElement * elem)380 void LogBuffer::log(LogBufferElement* elem) {
381 // cap on how far back we will sort in-place, otherwise append
382 static uint32_t too_far_back = 5; // five seconds
383 // Insert elements in time sorted order if possible
384 // NB: if end is region locked, place element at end of list
385 LogBufferElementCollection::iterator it = mLogElements.end();
386 LogBufferElementCollection::iterator last = it;
387 if (__predict_true(it != mLogElements.begin())) --it;
388 if (__predict_false(it == mLogElements.begin()) ||
389 __predict_true((*it)->getRealTime() <= elem->getRealTime()) ||
390 __predict_false((((*it)->getRealTime().tv_sec - too_far_back) >
391 elem->getRealTime().tv_sec) &&
392 (elem->getLogId() != LOG_ID_KERNEL) &&
393 ((*it)->getLogId() != LOG_ID_KERNEL))) {
394 mLogElements.push_back(elem);
395 } else {
396 log_time end = log_time::EPOCH;
397 bool end_set = false;
398 bool end_always = false;
399
400 LogTimeEntry::rdlock();
401
402 LastLogTimes::iterator times = mTimes.begin();
403 while (times != mTimes.end()) {
404 LogTimeEntry* entry = (*times);
405 if (entry->owned_Locked()) {
406 if (!entry->mNonBlock) {
407 end_always = true;
408 break;
409 }
410 // it passing mEnd is blocked by the following checks.
411 if (!end_set || (end <= entry->mEnd)) {
412 end = entry->mEnd;
413 end_set = true;
414 }
415 }
416 times++;
417 }
418
419 if (end_always || (end_set && (end > (*it)->getRealTime()))) {
420 mLogElements.push_back(elem);
421 } else {
422 // should be short as timestamps are localized near end()
423 do {
424 last = it;
425 if (__predict_false(it == mLogElements.begin())) {
426 break;
427 }
428 --it;
429 } while (((*it)->getRealTime() > elem->getRealTime()) &&
430 (!end_set || (end <= (*it)->getRealTime())));
431 mLogElements.insert(last, elem);
432 }
433 LogTimeEntry::unlock();
434 }
435
436 stats.add(elem);
437 maybePrune(elem->getLogId());
438 }
439
440 // Prune at most 10% of the log entries or maxPrune, whichever is less.
441 //
442 // LogBuffer::wrlock() must be held when this function is called.
maybePrune(log_id_t id)443 void LogBuffer::maybePrune(log_id_t id) {
444 size_t sizes = stats.sizes(id);
445 unsigned long maxSize = log_buffer_size(id);
446 if (sizes > maxSize) {
447 size_t sizeOver = sizes - ((maxSize * 9) / 10);
448 size_t elements = stats.realElements(id);
449 size_t minElements = elements / 100;
450 if (minElements < minPrune) {
451 minElements = minPrune;
452 }
453 unsigned long pruneRows = elements * sizeOver / sizes;
454 if (pruneRows < minElements) {
455 pruneRows = minElements;
456 }
457 if (pruneRows > maxPrune) {
458 pruneRows = maxPrune;
459 }
460 prune(id, pruneRows);
461 }
462 }
463
erase(LogBufferElementCollection::iterator it,bool coalesce)464 LogBufferElementCollection::iterator LogBuffer::erase(
465 LogBufferElementCollection::iterator it, bool coalesce) {
466 LogBufferElement* element = *it;
467 log_id_t id = element->getLogId();
468
469 // Remove iterator references in the various lists that will become stale
470 // after the element is erased from the main logging list.
471
472 { // start of scope for found iterator
473 int key = ((id == LOG_ID_EVENTS) || (id == LOG_ID_SECURITY))
474 ? element->getTag()
475 : element->getUid();
476 LogBufferIteratorMap::iterator found = mLastWorst[id].find(key);
477 if ((found != mLastWorst[id].end()) && (it == found->second)) {
478 mLastWorst[id].erase(found);
479 }
480 }
481
482 { // start of scope for pid found iterator
483 // element->getUid() may not be AID_SYSTEM for next-best-watermark.
484 // will not assume id != LOG_ID_EVENTS or LOG_ID_SECURITY for KISS and
485 // long term code stability, find() check should be fast for those ids.
486 LogBufferPidIteratorMap::iterator found =
487 mLastWorstPidOfSystem[id].find(element->getPid());
488 if ((found != mLastWorstPidOfSystem[id].end()) &&
489 (it == found->second)) {
490 mLastWorstPidOfSystem[id].erase(found);
491 }
492 }
493
494 bool setLast[LOG_ID_MAX];
495 bool doSetLast = false;
496 log_id_for_each(i) {
497 doSetLast |= setLast[i] = mLastSet[i] && (it == mLast[i]);
498 }
499 #ifdef DEBUG_CHECK_FOR_STALE_ENTRIES
500 LogBufferElementCollection::iterator bad = it;
501 int key = ((id == LOG_ID_EVENTS) || (id == LOG_ID_SECURITY))
502 ? element->getTag()
503 : element->getUid();
504 #endif
505 it = mLogElements.erase(it);
506 if (doSetLast) {
507 log_id_for_each(i) {
508 if (setLast[i]) {
509 if (__predict_false(it == mLogElements.end())) { // impossible
510 mLastSet[i] = false;
511 mLast[i] = mLogElements.begin();
512 } else {
513 mLast[i] = it; // push down the road as next-best-watermark
514 }
515 }
516 }
517 }
518 #ifdef DEBUG_CHECK_FOR_STALE_ENTRIES
519 log_id_for_each(i) {
520 for (auto b : mLastWorst[i]) {
521 if (bad == b.second) {
522 android::prdebug("stale mLastWorst[%d] key=%d mykey=%d\n", i,
523 b.first, key);
524 }
525 }
526 for (auto b : mLastWorstPidOfSystem[i]) {
527 if (bad == b.second) {
528 android::prdebug("stale mLastWorstPidOfSystem[%d] pid=%d\n", i,
529 b.first);
530 }
531 }
532 if (mLastSet[i] && (bad == mLast[i])) {
533 android::prdebug("stale mLast[%d]\n", i);
534 mLastSet[i] = false;
535 mLast[i] = mLogElements.begin();
536 }
537 }
538 #endif
539 if (coalesce) {
540 stats.erase(element);
541 } else {
542 stats.subtract(element);
543 }
544 delete element;
545
546 return it;
547 }
548
549 // Define a temporary mechanism to report the last LogBufferElement pointer
550 // for the specified uid, pid and tid. Used below to help merge-sort when
551 // pruning for worst UID.
552 class LogBufferElementKey {
553 const union {
554 struct {
555 uint32_t uid;
556 uint16_t pid;
557 uint16_t tid;
558 } __packed;
559 uint64_t value;
560 } __packed;
561
562 public:
LogBufferElementKey(uid_t uid,pid_t pid,pid_t tid)563 LogBufferElementKey(uid_t uid, pid_t pid, pid_t tid)
564 : uid(uid), pid(pid), tid(tid) {
565 }
LogBufferElementKey(uint64_t key)566 explicit LogBufferElementKey(uint64_t key) : value(key) {
567 }
568
getKey()569 uint64_t getKey() {
570 return value;
571 }
572 };
573
574 class LogBufferElementLast {
575 typedef std::unordered_map<uint64_t, LogBufferElement*> LogBufferElementMap;
576 LogBufferElementMap map;
577
578 public:
coalesce(LogBufferElement * element,unsigned short dropped)579 bool coalesce(LogBufferElement* element, unsigned short dropped) {
580 LogBufferElementKey key(element->getUid(), element->getPid(),
581 element->getTid());
582 LogBufferElementMap::iterator it = map.find(key.getKey());
583 if (it != map.end()) {
584 LogBufferElement* found = it->second;
585 unsigned short moreDropped = found->getDropped();
586 if ((dropped + moreDropped) > USHRT_MAX) {
587 map.erase(it);
588 } else {
589 found->setDropped(dropped + moreDropped);
590 return true;
591 }
592 }
593 return false;
594 }
595
add(LogBufferElement * element)596 void add(LogBufferElement* element) {
597 LogBufferElementKey key(element->getUid(), element->getPid(),
598 element->getTid());
599 map[key.getKey()] = element;
600 }
601
clear()602 inline void clear() {
603 map.clear();
604 }
605
clear(LogBufferElement * element)606 void clear(LogBufferElement* element) {
607 log_time current =
608 element->getRealTime() - log_time(EXPIRE_RATELIMIT, 0);
609 for (LogBufferElementMap::iterator it = map.begin(); it != map.end();) {
610 LogBufferElement* mapElement = it->second;
611 if ((mapElement->getDropped() >= EXPIRE_THRESHOLD) &&
612 (current > mapElement->getRealTime())) {
613 it = map.erase(it);
614 } else {
615 ++it;
616 }
617 }
618 }
619 };
620
621 // Determine if watermark is within pruneMargin + 1s from the end of the list,
622 // the caller will use this result to set an internal busy flag indicating
623 // the prune operation could not be completed because a reader is blocking
624 // the request.
isBusy(log_time watermark)625 bool LogBuffer::isBusy(log_time watermark) {
626 LogBufferElementCollection::iterator ei = mLogElements.end();
627 --ei;
628 return watermark < ((*ei)->getRealTime() - pruneMargin - log_time(1, 0));
629 }
630
631 // If the selected reader is blocking our pruning progress, decide on
632 // what kind of mitigation is necessary to unblock the situation.
kickMe(LogTimeEntry * me,log_id_t id,unsigned long pruneRows)633 void LogBuffer::kickMe(LogTimeEntry* me, log_id_t id, unsigned long pruneRows) {
634 if (stats.sizes(id) > (2 * log_buffer_size(id))) { // +100%
635 // A misbehaving or slow reader has its connection
636 // dropped if we hit too much memory pressure.
637 me->release_Locked();
638 } else if (me->mTimeout.tv_sec || me->mTimeout.tv_nsec) {
639 // Allow a blocked WRAP timeout reader to
640 // trigger and start reporting the log data.
641 me->triggerReader_Locked();
642 } else {
643 // tell slow reader to skip entries to catch up
644 me->triggerSkip_Locked(id, pruneRows);
645 }
646 }
647
648 // prune "pruneRows" of type "id" from the buffer.
649 //
650 // This garbage collection task is used to expire log entries. It is called to
651 // remove all logs (clear), all UID logs (unprivileged clear), or every
652 // 256 or 10% of the total logs (whichever is less) to prune the logs.
653 //
654 // First there is a prep phase where we discover the reader region lock that
655 // acts as a backstop to any pruning activity to stop there and go no further.
656 //
657 // There are three major pruning loops that follow. All expire from the oldest
658 // entries. Since there are multiple log buffers, the Android logging facility
659 // will appear to drop entries 'in the middle' when looking at multiple log
660 // sources and buffers. This effect is slightly more prominent when we prune
661 // the worst offender by logging source. Thus the logs slowly loose content
662 // and value as you move back in time. This is preferred since chatty sources
663 // invariably move the logs value down faster as less chatty sources would be
664 // expired in the noise.
665 //
666 // The first loop performs blacklisting and worst offender pruning. Falling
667 // through when there are no notable worst offenders and have not hit the
668 // region lock preventing further worst offender pruning. This loop also looks
669 // after managing the chatty log entries and merging to help provide
670 // statistical basis for blame. The chatty entries are not a notification of
671 // how much logs you may have, but instead represent how much logs you would
672 // have had in a virtual log buffer that is extended to cover all the in-memory
673 // logs without loss. They last much longer than the represented pruned logs
674 // since they get multiplied by the gains in the non-chatty log sources.
675 //
676 // The second loop get complicated because an algorithm of watermarks and
677 // history is maintained to reduce the order and keep processing time
678 // down to a minimum at scale. These algorithms can be costly in the face
679 // of larger log buffers, or severly limited processing time granted to a
680 // background task at lowest priority.
681 //
682 // This second loop does straight-up expiration from the end of the logs
683 // (again, remember for the specified log buffer id) but does some whitelist
684 // preservation. Thus whitelist is a Hail Mary low priority, blacklists and
685 // spam filtration all take priority. This second loop also checks if a region
686 // lock is causing us to buffer too much in the logs to help the reader(s),
687 // and will tell the slowest reader thread to skip log entries, and if
688 // persistent and hits a further threshold, kill the reader thread.
689 //
690 // The third thread is optional, and only gets hit if there was a whitelist
691 // and more needs to be pruned against the backstop of the region lock.
692 //
693 // LogBuffer::wrlock() must be held when this function is called.
694 //
prune(log_id_t id,unsigned long pruneRows,uid_t caller_uid)695 bool LogBuffer::prune(log_id_t id, unsigned long pruneRows, uid_t caller_uid) {
696 LogTimeEntry* oldest = nullptr;
697 bool busy = false;
698 bool clearAll = pruneRows == ULONG_MAX;
699
700 LogTimeEntry::rdlock();
701
702 // Region locked?
703 LastLogTimes::iterator times = mTimes.begin();
704 while (times != mTimes.end()) {
705 LogTimeEntry* entry = (*times);
706 if (entry->owned_Locked() && entry->isWatching(id) &&
707 (!oldest || (oldest->mStart > entry->mStart) ||
708 ((oldest->mStart == entry->mStart) &&
709 (entry->mTimeout.tv_sec || entry->mTimeout.tv_nsec)))) {
710 oldest = entry;
711 }
712 times++;
713 }
714 log_time watermark(log_time::tv_sec_max, log_time::tv_nsec_max);
715 if (oldest) watermark = oldest->mStart - pruneMargin;
716
717 LogBufferElementCollection::iterator it;
718
719 if (__predict_false(caller_uid != AID_ROOT)) { // unlikely
720 // Only here if clear all request from non system source, so chatty
721 // filter logistics is not required.
722 it = mLastSet[id] ? mLast[id] : mLogElements.begin();
723 while (it != mLogElements.end()) {
724 LogBufferElement* element = *it;
725
726 if ((element->getLogId() != id) ||
727 (element->getUid() != caller_uid)) {
728 ++it;
729 continue;
730 }
731
732 if (!mLastSet[id] || ((*mLast[id])->getLogId() != id)) {
733 mLast[id] = it;
734 mLastSet[id] = true;
735 }
736
737 if (oldest && (watermark <= element->getRealTime())) {
738 busy = isBusy(watermark);
739 if (busy) kickMe(oldest, id, pruneRows);
740 break;
741 }
742
743 it = erase(it);
744 if (--pruneRows == 0) {
745 break;
746 }
747 }
748 LogTimeEntry::unlock();
749 return busy;
750 }
751
752 // prune by worst offenders; by blacklist, UID, and by PID of system UID
753 bool hasBlacklist = (id != LOG_ID_SECURITY) && mPrune.naughty();
754 while (!clearAll && (pruneRows > 0)) {
755 // recalculate the worst offender on every batched pass
756 int worst = -1; // not valid for getUid() or getKey()
757 size_t worst_sizes = 0;
758 size_t second_worst_sizes = 0;
759 pid_t worstPid = 0; // POSIX guarantees PID != 0
760
761 if (worstUidEnabledForLogid(id) && mPrune.worstUidEnabled()) {
762 // Calculate threshold as 12.5% of available storage
763 size_t threshold = log_buffer_size(id) / 8;
764
765 if ((id == LOG_ID_EVENTS) || (id == LOG_ID_SECURITY)) {
766 stats.sortTags(AID_ROOT, (pid_t)0, 2, id)
767 .findWorst(worst, worst_sizes, second_worst_sizes,
768 threshold);
769 // per-pid filter for AID_SYSTEM sources is too complex
770 } else {
771 stats.sort(AID_ROOT, (pid_t)0, 2, id)
772 .findWorst(worst, worst_sizes, second_worst_sizes,
773 threshold);
774
775 if ((worst == AID_SYSTEM) && mPrune.worstPidOfSystemEnabled()) {
776 stats.sortPids(worst, (pid_t)0, 2, id)
777 .findWorst(worstPid, worst_sizes, second_worst_sizes);
778 }
779 }
780 }
781
782 // skip if we have neither worst nor naughty filters
783 if ((worst == -1) && !hasBlacklist) {
784 break;
785 }
786
787 bool kick = false;
788 bool leading = true;
789 it = mLastSet[id] ? mLast[id] : mLogElements.begin();
790 // Perform at least one mandatory garbage collection cycle in following
791 // - clear leading chatty tags
792 // - coalesce chatty tags
793 // - check age-out of preserved logs
794 bool gc = pruneRows <= 1;
795 if (!gc && (worst != -1)) {
796 { // begin scope for worst found iterator
797 LogBufferIteratorMap::iterator found =
798 mLastWorst[id].find(worst);
799 if ((found != mLastWorst[id].end()) &&
800 (found->second != mLogElements.end())) {
801 leading = false;
802 it = found->second;
803 }
804 }
805 if (worstPid) { // begin scope for pid worst found iterator
806 // FYI: worstPid only set if !LOG_ID_EVENTS and
807 // !LOG_ID_SECURITY, not going to make that assumption ...
808 LogBufferPidIteratorMap::iterator found =
809 mLastWorstPidOfSystem[id].find(worstPid);
810 if ((found != mLastWorstPidOfSystem[id].end()) &&
811 (found->second != mLogElements.end())) {
812 leading = false;
813 it = found->second;
814 }
815 }
816 }
817 static const timespec too_old = { EXPIRE_HOUR_THRESHOLD * 60 * 60, 0 };
818 LogBufferElementCollection::iterator lastt;
819 lastt = mLogElements.end();
820 --lastt;
821 LogBufferElementLast last;
822 while (it != mLogElements.end()) {
823 LogBufferElement* element = *it;
824
825 if (oldest && (watermark <= element->getRealTime())) {
826 busy = isBusy(watermark);
827 // Do not let chatty eliding trigger any reader mitigation
828 break;
829 }
830
831 if (element->getLogId() != id) {
832 ++it;
833 continue;
834 }
835 // below this point element->getLogId() == id
836
837 if (leading && (!mLastSet[id] || ((*mLast[id])->getLogId() != id))) {
838 mLast[id] = it;
839 mLastSet[id] = true;
840 }
841
842 unsigned short dropped = element->getDropped();
843
844 // remove any leading drops
845 if (leading && dropped) {
846 it = erase(it);
847 continue;
848 }
849
850 if (dropped && last.coalesce(element, dropped)) {
851 it = erase(it, true);
852 continue;
853 }
854
855 int key = ((id == LOG_ID_EVENTS) || (id == LOG_ID_SECURITY))
856 ? element->getTag()
857 : element->getUid();
858
859 if (hasBlacklist && mPrune.naughty(element)) {
860 last.clear(element);
861 it = erase(it);
862 if (dropped) {
863 continue;
864 }
865
866 pruneRows--;
867 if (pruneRows == 0) {
868 break;
869 }
870
871 if (key == worst) {
872 kick = true;
873 if (worst_sizes < second_worst_sizes) {
874 break;
875 }
876 worst_sizes -= element->getMsgLen();
877 }
878 continue;
879 }
880
881 if ((element->getRealTime() < ((*lastt)->getRealTime() - too_old)) ||
882 (element->getRealTime() > (*lastt)->getRealTime())) {
883 break;
884 }
885
886 if (dropped) {
887 last.add(element);
888 if (worstPid &&
889 ((!gc && (element->getPid() == worstPid)) ||
890 (mLastWorstPidOfSystem[id].find(element->getPid()) ==
891 mLastWorstPidOfSystem[id].end()))) {
892 // element->getUid() may not be AID_SYSTEM, next best
893 // watermark if current one empty. id is not LOG_ID_EVENTS
894 // or LOG_ID_SECURITY because of worstPid check.
895 mLastWorstPidOfSystem[id][element->getPid()] = it;
896 }
897 if ((!gc && !worstPid && (key == worst)) ||
898 (mLastWorst[id].find(key) == mLastWorst[id].end())) {
899 mLastWorst[id][key] = it;
900 }
901 ++it;
902 continue;
903 }
904
905 if ((key != worst) ||
906 (worstPid && (element->getPid() != worstPid))) {
907 leading = false;
908 last.clear(element);
909 ++it;
910 continue;
911 }
912 // key == worst below here
913 // If worstPid set, then element->getPid() == worstPid below here
914
915 pruneRows--;
916 if (pruneRows == 0) {
917 break;
918 }
919
920 kick = true;
921
922 unsigned short len = element->getMsgLen();
923
924 // do not create any leading drops
925 if (leading) {
926 it = erase(it);
927 } else {
928 stats.drop(element);
929 element->setDropped(1);
930 if (last.coalesce(element, 1)) {
931 it = erase(it, true);
932 } else {
933 last.add(element);
934 if (worstPid &&
935 (!gc || (mLastWorstPidOfSystem[id].find(worstPid) ==
936 mLastWorstPidOfSystem[id].end()))) {
937 // element->getUid() may not be AID_SYSTEM, next best
938 // watermark if current one empty. id is not
939 // LOG_ID_EVENTS or LOG_ID_SECURITY because of worstPid.
940 mLastWorstPidOfSystem[id][worstPid] = it;
941 }
942 if ((!gc && !worstPid) ||
943 (mLastWorst[id].find(worst) == mLastWorst[id].end())) {
944 mLastWorst[id][worst] = it;
945 }
946 ++it;
947 }
948 }
949 if (worst_sizes < second_worst_sizes) {
950 break;
951 }
952 worst_sizes -= len;
953 }
954 last.clear();
955
956 if (!kick || !mPrune.worstUidEnabled()) {
957 break; // the following loop will ask bad clients to skip/drop
958 }
959 }
960
961 bool whitelist = false;
962 bool hasWhitelist = (id != LOG_ID_SECURITY) && mPrune.nice() && !clearAll;
963 it = mLastSet[id] ? mLast[id] : mLogElements.begin();
964 while ((pruneRows > 0) && (it != mLogElements.end())) {
965 LogBufferElement* element = *it;
966
967 if (element->getLogId() != id) {
968 it++;
969 continue;
970 }
971
972 if (!mLastSet[id] || ((*mLast[id])->getLogId() != id)) {
973 mLast[id] = it;
974 mLastSet[id] = true;
975 }
976
977 if (oldest && (watermark <= element->getRealTime())) {
978 busy = isBusy(watermark);
979 if (!whitelist && busy) kickMe(oldest, id, pruneRows);
980 break;
981 }
982
983 if (hasWhitelist && !element->getDropped() && mPrune.nice(element)) {
984 // WhiteListed
985 whitelist = true;
986 it++;
987 continue;
988 }
989
990 it = erase(it);
991 pruneRows--;
992 }
993
994 // Do not save the whitelist if we are reader range limited
995 if (whitelist && (pruneRows > 0)) {
996 it = mLastSet[id] ? mLast[id] : mLogElements.begin();
997 while ((it != mLogElements.end()) && (pruneRows > 0)) {
998 LogBufferElement* element = *it;
999
1000 if (element->getLogId() != id) {
1001 ++it;
1002 continue;
1003 }
1004
1005 if (!mLastSet[id] || ((*mLast[id])->getLogId() != id)) {
1006 mLast[id] = it;
1007 mLastSet[id] = true;
1008 }
1009
1010 if (oldest && (watermark <= element->getRealTime())) {
1011 busy = isBusy(watermark);
1012 if (busy) kickMe(oldest, id, pruneRows);
1013 break;
1014 }
1015
1016 it = erase(it);
1017 pruneRows--;
1018 }
1019 }
1020
1021 LogTimeEntry::unlock();
1022
1023 return (pruneRows > 0) && busy;
1024 }
1025
1026 // clear all rows of type "id" from the buffer.
clear(log_id_t id,uid_t uid)1027 bool LogBuffer::clear(log_id_t id, uid_t uid) {
1028 bool busy = true;
1029 // If it takes more than 4 tries (seconds) to clear, then kill reader(s)
1030 for (int retry = 4;;) {
1031 if (retry == 1) { // last pass
1032 // Check if it is still busy after the sleep, we say prune
1033 // one entry, not another clear run, so we are looking for
1034 // the quick side effect of the return value to tell us if
1035 // we have a _blocked_ reader.
1036 wrlock();
1037 busy = prune(id, 1, uid);
1038 unlock();
1039 // It is still busy, blocked reader(s), lets kill them all!
1040 // otherwise, lets be a good citizen and preserve the slow
1041 // readers and let the clear run (below) deal with determining
1042 // if we are still blocked and return an error code to caller.
1043 if (busy) {
1044 LogTimeEntry::wrlock();
1045 LastLogTimes::iterator times = mTimes.begin();
1046 while (times != mTimes.end()) {
1047 LogTimeEntry* entry = (*times);
1048 // Killer punch
1049 if (entry->owned_Locked() && entry->isWatching(id)) {
1050 entry->release_Locked();
1051 }
1052 times++;
1053 }
1054 LogTimeEntry::unlock();
1055 }
1056 }
1057 wrlock();
1058 busy = prune(id, ULONG_MAX, uid);
1059 unlock();
1060 if (!busy || !--retry) {
1061 break;
1062 }
1063 sleep(1); // Let reader(s) catch up after notification
1064 }
1065 return busy;
1066 }
1067
1068 // get the used space associated with "id".
getSizeUsed(log_id_t id)1069 unsigned long LogBuffer::getSizeUsed(log_id_t id) {
1070 rdlock();
1071 size_t retval = stats.sizes(id);
1072 unlock();
1073 return retval;
1074 }
1075
1076 // set the total space allocated to "id"
setSize(log_id_t id,unsigned long size)1077 int LogBuffer::setSize(log_id_t id, unsigned long size) {
1078 // Reasonable limits ...
1079 if (!__android_logger_valid_buffer_size(size)) {
1080 return -1;
1081 }
1082 wrlock();
1083 log_buffer_size(id) = size;
1084 unlock();
1085 return 0;
1086 }
1087
1088 // get the total space allocated to "id"
getSize(log_id_t id)1089 unsigned long LogBuffer::getSize(log_id_t id) {
1090 rdlock();
1091 size_t retval = log_buffer_size(id);
1092 unlock();
1093 return retval;
1094 }
1095
flushTo(SocketClient * reader,const log_time & start,pid_t * lastTid,bool privileged,bool security,int (* filter)(const LogBufferElement * element,void * arg),void * arg)1096 log_time LogBuffer::flushTo(SocketClient* reader, const log_time& start,
1097 pid_t* lastTid, bool privileged, bool security,
1098 int (*filter)(const LogBufferElement* element,
1099 void* arg),
1100 void* arg) {
1101 LogBufferElementCollection::iterator it;
1102 uid_t uid = reader->getUid();
1103
1104 rdlock();
1105
1106 if (start == log_time::EPOCH) {
1107 // client wants to start from the beginning
1108 it = mLogElements.begin();
1109 } else {
1110 // 3 second limit to continue search for out-of-order entries.
1111 log_time min = start - pruneMargin;
1112
1113 // Cap to 300 iterations we look back for out-of-order entries.
1114 size_t count = 300;
1115
1116 // Client wants to start from some specified time. Chances are
1117 // we are better off starting from the end of the time sorted list.
1118 LogBufferElementCollection::iterator last;
1119 for (last = it = mLogElements.end(); it != mLogElements.begin();
1120 /* do nothing */) {
1121 --it;
1122 LogBufferElement* element = *it;
1123 if (element->getRealTime() > start) {
1124 last = it;
1125 } else if (element->getRealTime() == start) {
1126 last = ++it;
1127 break;
1128 } else if (!--count || (element->getRealTime() < min)) {
1129 break;
1130 }
1131 }
1132 it = last;
1133 }
1134
1135 log_time curr = start;
1136
1137 LogBufferElement* lastElement = nullptr; // iterator corruption paranoia
1138 static const size_t maxSkip = 4194304; // maximum entries to skip
1139 size_t skip = maxSkip;
1140 for (; it != mLogElements.end(); ++it) {
1141 LogBufferElement* element = *it;
1142
1143 if (!--skip) {
1144 android::prdebug("reader.per: too many elements skipped");
1145 break;
1146 }
1147 if (element == lastElement) {
1148 android::prdebug("reader.per: identical elements");
1149 break;
1150 }
1151 lastElement = element;
1152
1153 if (!privileged && (element->getUid() != uid)) {
1154 continue;
1155 }
1156
1157 if (!security && (element->getLogId() == LOG_ID_SECURITY)) {
1158 continue;
1159 }
1160
1161 // NB: calling out to another object with wrlock() held (safe)
1162 if (filter) {
1163 int ret = (*filter)(element, arg);
1164 if (ret == false) {
1165 continue;
1166 }
1167 if (ret != true) {
1168 break;
1169 }
1170 }
1171
1172 bool sameTid = false;
1173 if (lastTid) {
1174 sameTid = lastTid[element->getLogId()] == element->getTid();
1175 // Dropped (chatty) immediately following a valid log from the
1176 // same source in the same log buffer indicates we have a
1177 // multiple identical squash. chatty that differs source
1178 // is due to spam filter. chatty to chatty of different
1179 // source is also due to spam filter.
1180 lastTid[element->getLogId()] =
1181 (element->getDropped() && !sameTid) ? 0 : element->getTid();
1182 }
1183
1184 unlock();
1185
1186 // range locking in LastLogTimes looks after us
1187 curr = element->flushTo(reader, this, privileged, sameTid);
1188
1189 if (curr == element->FLUSH_ERROR) {
1190 return curr;
1191 }
1192
1193 skip = maxSkip;
1194 rdlock();
1195 }
1196 unlock();
1197
1198 return curr;
1199 }
1200
formatStatistics(uid_t uid,pid_t pid,unsigned int logMask)1201 std::string LogBuffer::formatStatistics(uid_t uid, pid_t pid,
1202 unsigned int logMask) {
1203 wrlock();
1204
1205 std::string ret = stats.format(uid, pid, logMask);
1206
1207 unlock();
1208
1209 return ret;
1210 }
1211