summaryrefslogtreecommitdiffstats
path: root/debuggerd
diff options
context:
space:
mode:
Diffstat (limited to 'debuggerd')
-rw-r--r--debuggerd/Android.mk13
-rw-r--r--debuggerd/arm/machine.c6
-rw-r--r--debuggerd/backtrace.c7
-rw-r--r--debuggerd/crasher.c74
-rw-r--r--debuggerd/tombstone.c74
5 files changed, 129 insertions, 45 deletions
diff --git a/debuggerd/Android.mk b/debuggerd/Android.mk
index 15083f4..3fca64f 100644
--- a/debuggerd/Android.mk
+++ b/debuggerd/Android.mk
@@ -23,13 +23,11 @@ ifeq ($(ARCH_ARM_HAVE_VFP_D32),true)
LOCAL_CFLAGS += -DWITH_VFP_D32
endif # ARCH_ARM_HAVE_VFP_D32
-LOCAL_SHARED_LIBRARIES := libcutils libc libcorkscrew
-
-ifeq ($(HAVE_SELINUX),true)
-LOCAL_SHARED_LIBRARIES += libselinux
-LOCAL_C_INCLUDES += external/libselinux/include
-LOCAL_CFLAGS += -DHAVE_SELINUX
-endif
+LOCAL_SHARED_LIBRARIES := \
+ libcutils \
+ libc \
+ libcorkscrew \
+ libselinux
include $(BUILD_EXECUTABLE)
@@ -39,6 +37,7 @@ LOCAL_SRC_FILES += $(TARGET_ARCH)/crashglue.S
LOCAL_MODULE := crasher
LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
LOCAL_MODULE_TAGS := optional
+LOCAL_CFLAGS += -fstack-protector-all
#LOCAL_FORCE_STATIC_EXECUTABLE := true
LOCAL_SHARED_LIBRARIES := libcutils libc
include $(BUILD_EXECUTABLE)
diff --git a/debuggerd/arm/machine.c b/debuggerd/arm/machine.c
index 1c2e13f..160db7b 100644
--- a/debuggerd/arm/machine.c
+++ b/debuggerd/arm/machine.c
@@ -53,7 +53,8 @@ static void dump_memory(log_t* log, pid_t tid, uintptr_t addr, bool at_fault) {
/* catch underflow */
p = 0;
}
- end = p + 80;
+ /* Dump more memory content for the crashing thread. */
+ end = p + 256;
/* catch overflow; 'end - p' has to be multiples of 16 */
while (end < p)
end -= 16;
@@ -81,6 +82,8 @@ static void dump_memory(log_t* log, pid_t tid, uintptr_t addr, bool at_fault) {
long data = ptrace(PTRACE_PEEKTEXT, tid, (void*)p, NULL);
sprintf(code_buffer + strlen(code_buffer), "%08lx ", data);
+ /* Enable the following code blob to dump ASCII values */
+#if 0
int j;
for (j = 0; j < 4; j++) {
/*
@@ -95,6 +98,7 @@ static void dump_memory(log_t* log, pid_t tid, uintptr_t addr, bool at_fault) {
*asc_out++ = '.';
}
}
+#endif
p += 4;
}
*asc_out = '\0';
diff --git a/debuggerd/backtrace.c b/debuggerd/backtrace.c
index 62f7f32..ba76e7d 100644
--- a/debuggerd/backtrace.c
+++ b/debuggerd/backtrace.c
@@ -125,10 +125,9 @@ void dump_backtrace(int fd, pid_t pid, pid_t tid, bool* detach_failed,
char task_path[64];
snprintf(task_path, sizeof(task_path), "/proc/%d/task", pid);
DIR* d = opendir(task_path);
- if (d) {
- struct dirent debuf;
- struct dirent *de;
- while (!readdir_r(d, &debuf, &de) && de) {
+ if (d != NULL) {
+ struct dirent* de = NULL;
+ while ((de = readdir(d)) != NULL) {
if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) {
continue;
}
diff --git a/debuggerd/crasher.c b/debuggerd/crasher.c
index 00652e9..630d980 100644
--- a/debuggerd/crasher.c
+++ b/debuggerd/crasher.c
@@ -20,6 +20,7 @@
void crash1(void);
void crashnostack(void);
void maybeabort(void);
+int do_action(const char* arg);
static void debuggerd_connect()
{
@@ -34,6 +35,18 @@ static void debuggerd_connect()
}
}
+int smash_stack(int i) {
+ printf("crasher: deliberately corrupting stack...\n");
+ // Unless there's a "big enough" buffer on the stack, gcc
+ // doesn't bother inserting checks.
+ char buf[8];
+ // If we don't write something relatively unpredicatable
+ // into the buffer and then do something with it, gcc
+ // optimizes everything away and just returns a constant.
+ *(int*)(&buf[7]) = (uintptr_t) &buf[0];
+ return *(int*)(&buf[0]);
+}
+
void test_call1()
{
*((int*) 32) = 1;
@@ -74,24 +87,63 @@ int ctest()
return 0;
}
-int main(int argc, char **argv)
+static void* thread_callback(void* raw_arg)
+{
+ return (void*) do_action((const char*) raw_arg);
+}
+
+int do_action_on_thread(const char* arg)
{
+ pthread_t t;
+ pthread_create(&t, NULL, thread_callback, (void*) arg);
+ void* result = NULL;
+ pthread_join(t, &result);
+ return (int) result;
+}
+
+__attribute__((noinline)) int crash3(int a) {
+ *((int*) 0xdead) = a;
+ return a*4;
+}
+
+__attribute__((noinline)) int crash2(int a) {
+ a = crash3(a) + 2;
+ return a*3;
+}
+
+__attribute__((noinline)) int crash(int a) {
+ a = crash2(a) + 1;
+ return a*2;
+}
+
+int do_action(const char* arg)
+{
+ if(!strncmp(arg, "thread-", strlen("thread-"))) {
+ return do_action_on_thread(arg + strlen("thread-"));
+ }
+
+ if(!strcmp(arg,"smash-stack")) return smash_stack(42);
+ if(!strcmp(arg,"nostack")) crashnostack();
+ if(!strcmp(arg,"ctest")) return ctest();
+ if(!strcmp(arg,"exit")) exit(1);
+ if(!strcmp(arg,"crash")) return crash(42);
+ if(!strcmp(arg,"abort")) maybeabort();
+
pthread_t thr;
pthread_attr_t attr;
+ pthread_attr_init(&attr);
+ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
+ pthread_create(&thr, &attr, test_thread, 0);
+ while(1) sleep(1);
+}
- fprintf(stderr,"crasher: " __TIME__ "!@\n");
+int main(int argc, char **argv)
+{
+ fprintf(stderr,"crasher: built at " __TIME__ "!@\n");
fprintf(stderr,"crasher: init pid=%d tid=%d\n", getpid(), gettid());
if(argc > 1) {
- if(!strcmp(argv[1],"nostack")) crashnostack();
- if(!strcmp(argv[1],"ctest")) return ctest();
- if(!strcmp(argv[1],"exit")) exit(1);
- if(!strcmp(argv[1],"abort")) maybeabort();
-
- pthread_attr_init(&attr);
- pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
- pthread_create(&thr, &attr, test_thread, 0);
- while(1) sleep(1);
+ return do_action(argv[1]);
} else {
crash1();
// *((int*) 0) = 42;
diff --git a/debuggerd/tombstone.c b/debuggerd/tombstone.c
index 012337b..e8b3e24 100644
--- a/debuggerd/tombstone.c
+++ b/debuggerd/tombstone.c
@@ -35,9 +35,7 @@
#include <corkscrew/demangle.h>
#include <corkscrew/backtrace.h>
-#ifdef HAVE_SELINUX
#include <selinux/android.h>
-#endif
#include "machine.h"
#include "tombstone.h"
@@ -86,6 +84,7 @@ static const char *get_signame(int sig)
static const char *get_sigcode(int signo, int code)
{
+ // Try the signal-specific codes...
switch (signo) {
case SIGILL:
switch (code) {
@@ -124,10 +123,43 @@ static const char *get_sigcode(int signo, int code)
case SEGV_ACCERR: return "SEGV_ACCERR";
}
break;
+ case SIGTRAP:
+ switch (code) {
+ case TRAP_BRKPT: return "TRAP_BRKPT";
+ case TRAP_TRACE: return "TRAP_TRACE";
+ }
+ break;
+ }
+ // Then the other codes...
+ switch (code) {
+ case SI_USER: return "SI_USER";
+#if defined(SI_KERNEL)
+ case SI_KERNEL: return "SI_KERNEL";
+#endif
+ case SI_QUEUE: return "SI_QUEUE";
+ case SI_TIMER: return "SI_TIMER";
+ case SI_MESGQ: return "SI_MESGQ";
+ case SI_ASYNCIO: return "SI_ASYNCIO";
+#if defined(SI_SIGIO)
+ case SI_SIGIO: return "SI_SIGIO";
+#endif
+#if defined(SI_TKILL)
+ case SI_TKILL: return "SI_TKILL";
+#endif
}
+ // Then give up...
return "?";
}
+static void dump_revision_info(log_t* log)
+{
+ char revision[PROPERTY_VALUE_MAX];
+
+ property_get("ro.revision", revision, "unknown");
+
+ _LOG(log, false, "Revision: '%s'\n", revision);
+}
+
static void dump_build_info(log_t* log)
{
char fingerprint[PROPERTY_VALUE_MAX];
@@ -318,6 +350,18 @@ static void dump_backtrace_and_stack(const ptrace_context_t* context, log_t* log
}
}
+static void dump_map(log_t* log, map_info_t* m, const char* what) {
+ if (m != NULL) {
+ _LOG(log, false, " %08x-%08x %c%c%c %s\n", m->start, m->end,
+ m->is_readable ? 'r' : '-',
+ m->is_writable ? 'w' : '-',
+ m->is_executable ? 'x' : '-',
+ m->name);
+ } else {
+ _LOG(log, false, " (no %s)\n", what);
+ }
+}
+
static void dump_nearby_maps(const ptrace_context_t* context, log_t* log, pid_t tid) {
siginfo_t si;
memset(&si, 0, sizeof(si));
@@ -364,21 +408,9 @@ static void dump_nearby_maps(const ptrace_context_t* context, log_t* log, pid_t
* Show "next" then "match" then "prev" so that the addresses appear in
* ascending order (like /proc/pid/maps).
*/
- if (next != NULL) {
- _LOG(log, false, " %08x-%08x %s\n", next->start, next->end, next->name);
- } else {
- _LOG(log, false, " (no map below)\n");
- }
- if (map != NULL) {
- _LOG(log, false, " %08x-%08x %s\n", map->start, map->end, map->name);
- } else {
- _LOG(log, false, " (no map for address)\n");
- }
- if (prev != NULL) {
- _LOG(log, false, " %08x-%08x %s\n", prev->start, prev->end, prev->name);
- } else {
- _LOG(log, false, " (no map above)\n");
- }
+ dump_map(log, next, "map below");
+ dump_map(log, map, "map for address");
+ dump_map(log, prev, "map above");
}
static void dump_thread(const ptrace_context_t* context, log_t* log, pid_t tid, bool at_fault,
@@ -407,9 +439,8 @@ static bool dump_sibling_thread_report(const ptrace_context_t* context,
}
bool detach_failed = false;
- struct dirent debuf;
- struct dirent *de;
- while (!readdir_r(d, &debuf, &de) && de) {
+ struct dirent* de;
+ while ((de = readdir(d)) != NULL) {
/* Ignore "." and ".." */
if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, "..")) {
continue;
@@ -599,6 +630,7 @@ static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal,
_LOG(log, false,
"*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***\n");
dump_build_info(log);
+ dump_revision_info(log);
dump_thread_info(log, pid, tid, true);
if(signal) {
dump_fault_addr(log, tid, signal);
@@ -686,12 +718,10 @@ char* engrave_tombstone(pid_t pid, pid_t tid, int signal,
mkdir(TOMBSTONE_DIR, 0755);
chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM);
-#ifdef HAVE_SELINUX
if (selinux_android_restorecon(TOMBSTONE_DIR) == -1) {
*detach_failed = false;
return NULL;
}
-#endif
int fd;
char* path = find_and_open_tombstone(&fd);
generated by cgit v1.1 at 2025-08-17 13:16:10 +0000