summaryrefslogtreecommitdiffstats
path: root/debuggerd
diff options
context:
space:
mode:
Diffstat (limited to 'debuggerd')
-rw-r--r--debuggerd/Android.mk6
-rw-r--r--debuggerd/arm64/machine.cpp2
-rw-r--r--debuggerd/crasher.c88
-rw-r--r--debuggerd/debuggerd.cpp16
-rwxr-xr-xdebuggerd/tombstone.cpp63
-rw-r--r--debuggerd/tombstone.h6
-rw-r--r--debuggerd/utility.cpp3
7 files changed, 108 insertions, 76 deletions
diff --git a/debuggerd/Android.mk b/debuggerd/Android.mk
index f6d8f0c..8be3541 100644
--- a/debuggerd/Android.mk
+++ b/debuggerd/Android.mk
@@ -20,8 +20,7 @@ LOCAL_CPPFLAGS := -std=gnu++11
LOCAL_CFLAGS := \
-Wall \
-Wno-array-bounds \
- -Werror \
- -Wno-unused-parameter \
+ -Werror
ifeq ($(ARCH_ARM_HAVE_VFP),true)
LOCAL_CFLAGS_arm += -DWITH_VFP
@@ -55,7 +54,7 @@ LOCAL_SRC_FILES_x86 := x86/crashglue.S
LOCAL_SRC_FILES_x86_64 := x86_64/crashglue.S
LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
LOCAL_MODULE_TAGS := optional
-LOCAL_CFLAGS += -fstack-protector-all -Wno-unused-parameter -Wno-free-nonheap-object
+LOCAL_CFLAGS += -fstack-protector-all -Werror -Wno-free-nonheap-object
#LOCAL_FORCE_STATIC_EXECUTABLE := true
LOCAL_SHARED_LIBRARIES := libcutils liblog libc
@@ -76,6 +75,7 @@ ifeq ($(ARCH_ARM_HAVE_VFP_D32),true)
LOCAL_CFLAGS_arm += -DWITH_VFP_D32
endif # ARCH_ARM_HAVE_VFP_D32
endif # ARCH_ARM_HAVE_VFP == true
+LOCAL_CFLAGS += -Werror
LOCAL_SRC_FILES_arm64 := arm64/vfp.S
LOCAL_MODULE_TARGET_ARCH += arm64
diff --git a/debuggerd/arm64/machine.cpp b/debuggerd/arm64/machine.cpp
index 7159228..2413d5e 100644
--- a/debuggerd/arm64/machine.cpp
+++ b/debuggerd/arm64/machine.cpp
@@ -82,8 +82,6 @@ void dump_registers(log_t* log, pid_t tid, int scope_flags)
io.iov_base = &r;
io.iov_len = sizeof(r);
- bool only_in_tombstone = !IS_AT_FAULT(scope_flags);
-
if (ptrace(PTRACE_GETREGSET, tid, (void*) NT_PRSTATUS, (void*) &io) == -1) {
_LOG(log, scope_flags, "ptrace error: %s\n", strerror(errno));
return;
diff --git a/debuggerd/crasher.c b/debuggerd/crasher.c
index 5a2bc3c..01ce0be 100644
--- a/debuggerd/crasher.c
+++ b/debuggerd/crasher.c
@@ -1,21 +1,23 @@
-
-//#include <cutils/misc.h>
-
-#include <unistd.h>
+#include <assert.h>
+#include <errno.h>
+#include <pthread.h>
+#include <sched.h>
+#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <sched.h>
-#include <errno.h>
-
-#include <signal.h>
+#include <sys/cdefs.h>
#include <sys/ptrace.h>
-#include <sys/wait.h>
#include <sys/socket.h>
-
-#include <pthread.h>
+#include <sys/wait.h>
+#include <unistd.h>
#include <cutils/sockets.h>
+#include <log/log.h>
+
+#ifndef __unused
+#define __unused __attribute__((__unused__))
+#endif
extern const char* __progname;
@@ -23,13 +25,13 @@ void crash1(void);
void crashnostack(void);
static int do_action(const char* arg);
-static void maybeabort() {
- if(time(0) != 42) {
+static void maybe_abort() {
+ if (time(0) != 42) {
abort();
}
}
-static int smash_stack(int i) {
+static int smash_stack(int i __unused) {
printf("crasher: deliberately corrupting stack...\n");
// Unless there's a "big enough" buffer on the stack, gcc
// doesn't bother inserting checks.
@@ -50,11 +52,6 @@ __attribute__((noinline)) static void overflow_stack(void* p) {
overflow_stack(&buf);
}
-static void test_call1()
-{
- *((int*) 32) = 1;
-}
-
static void *noisy(void *x)
{
char c = (uintptr_t) x;
@@ -119,35 +116,54 @@ static int do_action(const char* arg)
if (!strncmp(arg, "thread-", strlen("thread-"))) {
return do_action_on_thread(arg + strlen("thread-"));
- } else if (!strcmp(arg,"smash-stack")) {
+ } else if (!strcmp(arg, "smash-stack")) {
return smash_stack(42);
- } else if (!strcmp(arg,"stack-overflow")) {
+ } else if (!strcmp(arg, "stack-overflow")) {
overflow_stack(NULL);
- } else if (!strcmp(arg,"nostack")) {
+ } else if (!strcmp(arg, "nostack")) {
crashnostack();
- } else if (!strcmp(arg,"ctest")) {
+ } else if (!strcmp(arg, "ctest")) {
return ctest();
- } else if (!strcmp(arg,"exit")) {
+ } else if (!strcmp(arg, "exit")) {
exit(1);
- } else if (!strcmp(arg,"crash")) {
+ } else if (!strcmp(arg, "crash") || !strcmp(arg, "SIGSEGV")) {
return crash(42);
- } else if (!strcmp(arg,"abort")) {
- maybeabort();
+ } else if (!strcmp(arg, "abort")) {
+ maybe_abort();
+ } else if (!strcmp(arg, "assert")) {
+ __assert("some_file.c", 123, "false");
+ } else if (!strcmp(arg, "assert2")) {
+ __assert2("some_file.c", 123, "some_function", "false");
+ } else if (!strcmp(arg, "LOG_ALWAYS_FATAL")) {
+ LOG_ALWAYS_FATAL("hello %s", "world");
+ } else if (!strcmp(arg, "LOG_ALWAYS_FATAL_IF")) {
+ LOG_ALWAYS_FATAL_IF(true, "hello %s", "world");
+ } else if (!strcmp(arg, "SIGPIPE")) {
+ int pipe_fds[2];
+ pipe(pipe_fds);
+ close(pipe_fds[0]);
+ write(pipe_fds[1], "oops", 4);
+ return EXIT_SUCCESS;
} else if (!strcmp(arg, "heap-usage")) {
abuse_heap();
}
fprintf(stderr, "%s OP\n", __progname);
fprintf(stderr, "where OP is:\n");
- fprintf(stderr, " smash-stack overwrite a stack-guard canary\n");
- fprintf(stderr, " stack-overflow recurse until the stack overflows\n");
- fprintf(stderr, " heap-corruption cause a libc abort by corrupting the heap\n");
- fprintf(stderr, " heap-usage cause a libc abort by abusing a heap function\n");
- fprintf(stderr, " nostack crash with a NULL stack pointer\n");
- fprintf(stderr, " ctest (obsoleted by thread-crash?)\n");
- fprintf(stderr, " exit call exit(1)\n");
- fprintf(stderr, " crash cause a SIGSEGV\n");
- fprintf(stderr, " abort call abort()\n");
+ fprintf(stderr, " smash-stack overwrite a stack-guard canary\n");
+ fprintf(stderr, " stack-overflow recurse until the stack overflows\n");
+ fprintf(stderr, " heap-corruption cause a libc abort by corrupting the heap\n");
+ fprintf(stderr, " heap-usage cause a libc abort by abusing a heap function\n");
+ fprintf(stderr, " nostack crash with a NULL stack pointer\n");
+ fprintf(stderr, " ctest (obsoleted by thread-crash?)\n");
+ fprintf(stderr, " exit call exit(1)\n");
+ fprintf(stderr, " abort call abort()\n");
+ fprintf(stderr, " assert call assert() without a function\n");
+ fprintf(stderr, " assert2 call assert() with a function\n");
+ fprintf(stderr, " LOG_ALWAYS_FATAL call LOG_ALWAYS_FATAL\n");
+ fprintf(stderr, " LOG_ALWAYS_FATAL_IF call LOG_ALWAYS_FATAL\n");
+ fprintf(stderr, " SIGPIPE cause a SIGPIPE\n");
+ fprintf(stderr, " SIGSEGV cause a SIGSEGV (synonym: crash)\n");
fprintf(stderr, "prefix any of the above with 'thread-' to not run\n");
fprintf(stderr, "on the process' main thread.\n");
return EXIT_SUCCESS;
diff --git a/debuggerd/debuggerd.cpp b/debuggerd/debuggerd.cpp
index a2b164e..76bd7a3 100644
--- a/debuggerd/debuggerd.cpp
+++ b/debuggerd/debuggerd.cpp
@@ -51,6 +51,7 @@ struct debugger_request_t {
pid_t pid, tid;
uid_t uid, gid;
uintptr_t abort_msg_address;
+ int32_t original_si_code;
};
static int write_string(const char* file, const char* string) {
@@ -218,6 +219,7 @@ static int read_request(int fd, debugger_request_t* out_request) {
out_request->uid = cr.uid;
out_request->gid = cr.gid;
out_request->abort_msg_address = msg.abort_msg_address;
+ out_request->original_si_code = msg.original_si_code;
if (msg.action == DEBUGGER_ACTION_CRASH) {
// Ensure that the tid reported by the crashing process is valid.
@@ -302,9 +304,10 @@ static void handle_request(int fd) {
case SIGSTOP:
if (request.action == DEBUGGER_ACTION_DUMP_TOMBSTONE) {
XLOG("stopped -- dumping to tombstone\n");
- tombstone_path = engrave_tombstone(
- request.pid, request.tid, signal, request.abort_msg_address, true, true,
- &detach_failed, &total_sleep_time_usec);
+ tombstone_path = engrave_tombstone(request.pid, request.tid,
+ signal, request.original_si_code,
+ request.abort_msg_address, true, true,
+ &detach_failed, &total_sleep_time_usec);
} else if (request.action == DEBUGGER_ACTION_DUMP_BACKTRACE) {
XLOG("stopped -- dumping to fd\n");
dump_backtrace(fd, -1, request.pid, request.tid, &detach_failed,
@@ -336,9 +339,10 @@ static void handle_request(int fd) {
kill(request.pid, SIGSTOP);
// don't dump sibling threads when attaching to GDB because it
// makes the process less reliable, apparently...
- tombstone_path = engrave_tombstone(
- request.pid, request.tid, signal, request.abort_msg_address, !attach_gdb,
- false, &detach_failed, &total_sleep_time_usec);
+ tombstone_path = engrave_tombstone(request.pid, request.tid,
+ signal, request.original_si_code,
+ request.abort_msg_address, !attach_gdb, false,
+ &detach_failed, &total_sleep_time_usec);
break;
default:
diff --git a/debuggerd/tombstone.cpp b/debuggerd/tombstone.cpp
index 6a1b963..f95e572 100755
--- a/debuggerd/tombstone.cpp
+++ b/debuggerd/tombstone.cpp
@@ -55,7 +55,7 @@
// Must match the path defined in NativeCrashListener.java
#define NCRASH_SOCKET_PATH "/data/system/ndebugsocket"
-static bool signal_has_address(int sig) {
+static bool signal_has_si_addr(int sig) {
switch (sig) {
case SIGILL:
case SIGFPE:
@@ -75,7 +75,7 @@ static const char* get_signame(int sig) {
case SIGFPE: return "SIGFPE";
case SIGSEGV: return "SIGSEGV";
case SIGPIPE: return "SIGPIPE";
-#ifdef SIGSTKFLT
+#if defined(SIGSTKFLT)
case SIGSTKFLT: return "SIGSTKFLT";
#endif
case SIGSTOP: return "SIGSTOP";
@@ -97,13 +97,17 @@ static const char* get_sigcode(int signo, int code) {
case ILL_COPROC: return "ILL_COPROC";
case ILL_BADSTK: return "ILL_BADSTK";
}
+ static_assert(NSIGILL == ILL_BADSTK, "missing ILL_* si_code");
break;
case SIGBUS:
switch (code) {
case BUS_ADRALN: return "BUS_ADRALN";
case BUS_ADRERR: return "BUS_ADRERR";
case BUS_OBJERR: return "BUS_OBJERR";
+ case BUS_MCEERR_AR: return "BUS_MCEERR_AR";
+ case BUS_MCEERR_AO: return "BUS_MCEERR_AO";
}
+ static_assert(NSIGBUS == BUS_MCEERR_AO, "missing BUS_* si_code");
break;
case SIGFPE:
switch (code) {
@@ -116,36 +120,36 @@ static const char* get_sigcode(int signo, int code) {
case FPE_FLTINV: return "FPE_FLTINV";
case FPE_FLTSUB: return "FPE_FLTSUB";
}
+ static_assert(NSIGFPE == FPE_FLTSUB, "missing FPE_* si_code");
break;
case SIGSEGV:
switch (code) {
case SEGV_MAPERR: return "SEGV_MAPERR";
case SEGV_ACCERR: return "SEGV_ACCERR";
}
+ static_assert(NSIGSEGV == SEGV_ACCERR, "missing SEGV_* si_code");
break;
case SIGTRAP:
switch (code) {
case TRAP_BRKPT: return "TRAP_BRKPT";
case TRAP_TRACE: return "TRAP_TRACE";
+ case TRAP_BRANCH: return "TRAP_BRANCH";
+ case TRAP_HWBKPT: return "TRAP_HWBKPT";
}
+ static_assert(NSIGTRAP == TRAP_HWBKPT, "missing TRAP_* si_code");
break;
}
// Then the other codes...
switch (code) {
case SI_USER: return "SI_USER";
-#if defined(SI_KERNEL)
case SI_KERNEL: return "SI_KERNEL";
-#endif
case SI_QUEUE: return "SI_QUEUE";
case SI_TIMER: return "SI_TIMER";
case SI_MESGQ: return "SI_MESGQ";
case SI_ASYNCIO: return "SI_ASYNCIO";
-#if defined(SI_SIGIO)
case SI_SIGIO: return "SI_SIGIO";
-#endif
-#if defined(SI_TKILL)
case SI_TKILL: return "SI_TKILL";
-#endif
+ case SI_DETHREAD: return "SI_DETHREAD";
}
// Then give up...
return "?";
@@ -167,20 +171,26 @@ static void dump_build_info(log_t* log) {
_LOG(log, SCOPE_AT_FAULT, "Build fingerprint: '%s'\n", fingerprint);
}
-static void dump_fault_addr(log_t* log, pid_t tid, int sig) {
+static void dump_signal_info(log_t* log, pid_t tid, int signal, int si_code) {
siginfo_t si;
-
memset(&si, 0, sizeof(si));
- if (ptrace(PTRACE_GETSIGINFO, tid, 0, &si)){
+ if (ptrace(PTRACE_GETSIGINFO, tid, 0, &si) == -1) {
_LOG(log, SCOPE_AT_FAULT, "cannot get siginfo: %s\n", strerror(errno));
- } else if (signal_has_address(sig)) {
- _LOG(log, SCOPE_AT_FAULT, "signal %d (%s), code %d (%s), fault addr %" PRIPTR "\n",
- sig, get_signame(sig), si.si_code, get_sigcode(sig, si.si_code),
- reinterpret_cast<uintptr_t>(si.si_addr));
+ return;
+ }
+
+ // bionic has to re-raise some signals, which overwrites the si_code with SI_TKILL.
+ si.si_code = si_code;
+
+ char addr_desc[32]; // ", fault addr 0x1234"
+ if (signal_has_si_addr(signal)) {
+ snprintf(addr_desc, sizeof(addr_desc), "%p", si.si_addr);
} else {
- _LOG(log, SCOPE_AT_FAULT, "signal %d (%s), code %d (%s), fault addr --------\n",
- sig, get_signame(sig), si.si_code, get_sigcode(sig, si.si_code));
+ snprintf(addr_desc, sizeof(addr_desc), "--------");
}
+
+ _LOG(log, SCOPE_AT_FAULT, "signal %d (%s), code %d (%s), fault addr %s\n",
+ signal, get_signame(signal), si.si_code, get_sigcode(signal, si.si_code), addr_desc);
}
static void dump_thread_info(log_t* log, pid_t pid, pid_t tid, int scope_flags) {
@@ -345,7 +355,7 @@ static void dump_nearby_maps(BacktraceMap* map, log_t* log, pid_t tid, int scope
_LOG(log, scope_flags, "cannot get siginfo for %d: %s\n", tid, strerror(errno));
return;
}
- if (!signal_has_address(si.si_signo)) {
+ if (!signal_has_si_addr(si.si_signo)) {
return;
}
@@ -584,8 +594,9 @@ static void dump_abort_message(Backtrace* backtrace, log_t* log, uintptr_t addre
}
// Dumps all information about the specified pid to the tombstone.
-static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal, uintptr_t abort_msg_address,
- bool dump_sibling_threads, int* total_sleep_time_usec) {
+static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal, int si_code,
+ uintptr_t abort_msg_address, bool dump_sibling_threads,
+ int* total_sleep_time_usec) {
// don't copy log messages to tombstone unless this is a dev device
char value[PROPERTY_VALUE_MAX];
property_get("ro.debuggable", value, "0");
@@ -607,7 +618,7 @@ static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal, uintptr_t a
dump_revision_info(log);
dump_thread_info(log, pid, tid, SCOPE_AT_FAULT);
if (signal) {
- dump_fault_addr(log, tid, signal);
+ dump_signal_info(log, tid, signal, si_code);
}
UniquePtr<BacktraceMap> map(BacktraceMap::Create(pid));
@@ -721,9 +732,9 @@ static int activity_manager_connect() {
return amfd;
}
-char* engrave_tombstone(
- pid_t pid, pid_t tid, int signal, uintptr_t abort_msg_address, bool dump_sibling_threads,
- bool quiet, bool* detach_failed, int* total_sleep_time_usec) {
+char* engrave_tombstone(pid_t pid, pid_t tid, int signal, int original_si_code,
+ uintptr_t abort_msg_address, bool dump_sibling_threads, bool quiet,
+ bool* detach_failed, int* total_sleep_time_usec) {
if ((mkdir(TOMBSTONE_DIR, 0755) == -1) && (errno != EEXIST)) {
LOG("failed to create %s: %s\n", TOMBSTONE_DIR, strerror(errno));
}
@@ -748,8 +759,8 @@ char* engrave_tombstone(
log.tfd = fd;
log.amfd = activity_manager_connect();
log.quiet = quiet;
- *detach_failed = dump_crash(
- &log, pid, tid, signal, abort_msg_address, dump_sibling_threads, total_sleep_time_usec);
+ *detach_failed = dump_crash(&log, pid, tid, signal, original_si_code, abort_msg_address,
+ dump_sibling_threads, total_sleep_time_usec);
close(log.amfd);
close(fd);
diff --git a/debuggerd/tombstone.h b/debuggerd/tombstone.h
index e9878bf..3574e84 100644
--- a/debuggerd/tombstone.h
+++ b/debuggerd/tombstone.h
@@ -23,7 +23,9 @@
/* Creates a tombstone file and writes the crash dump to it.
* Returns the path of the tombstone, which must be freed using free(). */
-char* engrave_tombstone(pid_t pid, pid_t tid, int signal, uintptr_t abort_msg_address,
- bool dump_sibling_threads, bool quiet, bool* detach_failed, int* total_sleep_time_usec);
+char* engrave_tombstone(pid_t pid, pid_t tid, int signal, int original_si_code,
+ uintptr_t abort_msg_address,
+ bool dump_sibling_threads, bool quiet,
+ bool* detach_failed, int* total_sleep_time_usec);
#endif // _DEBUGGERD_TOMBSTONE_H
diff --git a/debuggerd/utility.cpp b/debuggerd/utility.cpp
index 9b20914..d4c252f 100644
--- a/debuggerd/utility.cpp
+++ b/debuggerd/utility.cpp
@@ -24,6 +24,7 @@
#include <sys/wait.h>
#include <backtrace/Backtrace.h>
+#include <log/log.h>
#include <log/logd.h>
const int sleep_time_usec = 50000; // 0.05 seconds
@@ -64,7 +65,7 @@ void _LOG(log_t* log, int scopeFlags, const char* fmt, ...) {
}
if (want_log_write) {
- __android_log_write(ANDROID_LOG_INFO, "DEBUG", buf);
+ __android_log_buf_write(LOG_ID_CRASH, ANDROID_LOG_INFO, "DEBUG", buf);
if (want_amfd_write) {
int written = write_to_am(log->amfd, buf, len);
if (written <= 0) {
generated by cgit v1.1 at 2025-08-17 13:38:18 +0000