diff options
Diffstat (limited to 'debuggerd')
| -rw-r--r-- | debuggerd/Android.mk | 91 | ||||
| -rw-r--r-- | debuggerd/arm/crashglue.S | 42 | ||||
| -rw-r--r-- | debuggerd/arm/machine.cpp | 136 | ||||
| -rw-r--r-- | debuggerd/arm64/crashglue.S | 79 | ||||
| -rw-r--r-- | debuggerd/arm64/machine.cpp | 112 | ||||
| -rw-r--r-- | debuggerd/backtrace.cpp | 22 | ||||
| -rw-r--r-- | debuggerd/backtrace.h | 3 | ||||
| -rw-r--r-- | debuggerd/crasher.c | 127 | ||||
| -rw-r--r-- | debuggerd/debuggerd.cpp | 228 | ||||
| -rw-r--r-- | debuggerd/machine.h | 4 | ||||
| -rw-r--r-- | debuggerd/mips/machine.cpp | 138 | ||||
| -rwxr-xr-x[-rw-r--r--] | debuggerd/tombstone.cpp | 428 | ||||
| -rw-r--r-- | debuggerd/tombstone.h | 6 | ||||
| -rw-r--r-- | debuggerd/utility.cpp | 155 | ||||
| -rw-r--r-- | debuggerd/utility.h | 69 | ||||
| -rw-r--r-- | debuggerd/vfp-crasher.c | 7 | ||||
| -rw-r--r-- | debuggerd/vfp.S | 43 | ||||
| -rw-r--r-- | debuggerd/x86/machine.cpp | 14 | ||||
| -rw-r--r-- | debuggerd/x86_64/crashglue.S | 15 | ||||
| -rwxr-xr-x | debuggerd/x86_64/machine.cpp | 51 |
20 files changed, 968 insertions, 802 deletions
diff --git a/debuggerd/Android.mk b/debuggerd/Android.mk index 422a86a..c33b263 100644 --- a/debuggerd/Android.mk +++ b/debuggerd/Android.mk @@ -1,70 +1,67 @@ -# Copyright 2005 The Android Open Source Project - -ifneq ($(filter arm mips x86,$(TARGET_ARCH)),) - LOCAL_PATH:= $(call my-dir) + include $(CLEAR_VARS) LOCAL_SRC_FILES:= \ - backtrace.cpp \ - debuggerd.cpp \ - getevent.cpp \ - tombstone.cpp \ - utility.cpp \ - $(TARGET_ARCH)/machine.cpp \ + backtrace.cpp \ + debuggerd.cpp \ + getevent.cpp \ + tombstone.cpp \ + utility.cpp \ -LOCAL_CONLYFLAGS := -std=gnu99 -LOCAL_CPPFLAGS := -std=gnu++11 -LOCAL_CFLAGS := \ - -Wall \ - -Wno-array-bounds \ - -Werror \ - -LOCAL_MODULE := debuggerd +LOCAL_SRC_FILES_arm := arm/machine.cpp +LOCAL_SRC_FILES_arm64 := arm64/machine.cpp +LOCAL_SRC_FILES_mips := mips/machine.cpp +LOCAL_SRC_FILES_mips64 := mips/machine.cpp +LOCAL_SRC_FILES_x86 := x86/machine.cpp +LOCAL_SRC_FILES_x86_64 := x86_64/machine.cpp -ifeq ($(ARCH_ARM_HAVE_VFP),true) -LOCAL_CFLAGS += -DWITH_VFP -endif # ARCH_ARM_HAVE_VFP -ifeq ($(ARCH_ARM_HAVE_VFP_D32),true) -LOCAL_CFLAGS += -DWITH_VFP_D32 -endif # ARCH_ARM_HAVE_VFP_D32 +LOCAL_CPPFLAGS := \ + -std=gnu++11 \ + -W -Wall -Wextra \ + -Wunused \ + -Werror \ LOCAL_SHARED_LIBRARIES := \ - libbacktrace \ - libc \ - libcutils \ - liblog \ - libselinux \ + libbacktrace \ + libcutils \ + liblog \ + libselinux \ include external/stlport/libstlport.mk +LOCAL_MODULE := debuggerd +LOCAL_MODULE_STEM_32 := debuggerd +LOCAL_MODULE_STEM_64 := debuggerd64 +LOCAL_MULTILIB := both +LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Android.mk + include $(BUILD_EXECUTABLE) + + include $(CLEAR_VARS) LOCAL_SRC_FILES := crasher.c -LOCAL_SRC_FILES += $(TARGET_ARCH)/crashglue.S -LOCAL_MODULE := crasher +LOCAL_SRC_FILES_arm := arm/crashglue.S +LOCAL_SRC_FILES_arm64 := arm64/crashglue.S +LOCAL_SRC_FILES_mips := mips/crashglue.S +LOCAL_SRC_FILES_mips64 := mips/crashglue.S +LOCAL_SRC_FILES_x86 := x86/crashglue.S +LOCAL_SRC_FILES_x86_64 := x86_64/crashglue.S LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES) LOCAL_MODULE_TAGS := optional -LOCAL_CFLAGS += -fstack-protector-all -Wno-unused-parameter -Wno-free-nonheap-object +LOCAL_CFLAGS += -fstack-protector-all -Werror -Wno-free-nonheap-object #LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_SHARED_LIBRARIES := libcutils liblog libc -include $(BUILD_EXECUTABLE) -ifeq ($(ARCH_ARM_HAVE_VFP),true) -include $(CLEAR_VARS) - -LOCAL_CFLAGS += -DWITH_VFP +# The arm emulator has VFP but not VFPv3-D32. ifeq ($(ARCH_ARM_HAVE_VFP_D32),true) -LOCAL_CFLAGS += -DWITH_VFP_D32 -endif # ARCH_ARM_HAVE_VFP_D32 +LOCAL_ASFLAGS_arm += -DHAS_VFP_D32 +endif -LOCAL_SRC_FILES := vfp-crasher.c vfp.S -LOCAL_MODULE := vfp-crasher -LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES) -LOCAL_MODULE_TAGS := optional -LOCAL_SHARED_LIBRARIES := libcutils liblog libc -include $(BUILD_EXECUTABLE) -endif # ARCH_ARM_HAVE_VFP == true +LOCAL_MODULE := crasher +LOCAL_MODULE_STEM_32 := crasher +LOCAL_MODULE_STEM_64 := crasher64 +LOCAL_MULTILIB := both -endif # arm or x86 in TARGET_ARCH +include $(BUILD_EXECUTABLE) diff --git a/debuggerd/arm/crashglue.S b/debuggerd/arm/crashglue.S index eb9d0e3..4fbfd6e 100644 --- a/debuggerd/arm/crashglue.S +++ b/debuggerd/arm/crashglue.S @@ -1,8 +1,5 @@ .globl crash1 .type crash1, %function -.globl crashnostack -.type crashnostack, %function - crash1: ldr r0, =0xa5a50000 ldr r1, =0xa5a50001 @@ -18,11 +15,48 @@ crash1: ldr r11, =0xa5a50011 ldr r12, =0xa5a50012 + + fconstd d0, #0 + fconstd d1, #1 + fconstd d2, #2 + fconstd d3, #3 + fconstd d4, #4 + fconstd d5, #5 + fconstd d6, #6 + fconstd d7, #7 + fconstd d8, #8 + fconstd d9, #9 + fconstd d10, #10 + fconstd d11, #11 + fconstd d12, #12 + fconstd d13, #13 + fconstd d14, #14 + fconstd d15, #15 +#if defined(HAS_VFP_D32) + fconstd d16, #16 + fconstd d17, #17 + fconstd d18, #18 + fconstd d19, #19 + fconstd d20, #20 + fconstd d21, #21 + fconstd d22, #22 + fconstd d23, #23 + fconstd d24, #24 + fconstd d25, #25 + fconstd d26, #26 + fconstd d27, #27 + fconstd d28, #28 + fconstd d29, #29 + fconstd d30, #30 + fconstd d31, #31 +#endif + mov lr, #0 ldr lr, [lr] b . - +.globl crashnostack +.type crashnostack, %function crashnostack: mov sp, #0 mov r0, #0 diff --git a/debuggerd/arm/machine.cpp b/debuggerd/arm/machine.cpp index 3fba6db..8270066 100644 --- a/debuggerd/arm/machine.cpp +++ b/debuggerd/arm/machine.cpp @@ -27,146 +27,68 @@ #include "../utility.h" #include "../machine.h" -// enable to dump memory pointed to by every register -#define DUMP_MEMORY_FOR_ALL_REGISTERS 1 - -#ifdef WITH_VFP -#ifdef WITH_VFP_D32 -#define NUM_VFP_REGS 32 -#else -#define NUM_VFP_REGS 16 -#endif -#endif - -static void dump_memory(log_t* log, pid_t tid, uintptr_t addr, int scope_flags) { - char code_buffer[64]; // actual 8+1+((8+1)*4) + 1 == 45 - char ascii_buffer[32]; // actual 16 + 1 == 17 - uintptr_t p, end; - - p = addr & ~3; - p -= 32; - if (p > addr) { - // catch underflow - p = 0; - } - // Dump more memory content for the crashing thread. - end = p + 256; - // catch overflow; 'end - p' has to be multiples of 16 - while (end < p) - end -= 16; - - // Dump the code around PC as: - // addr contents ascii - // 00008d34 ef000000 e8bd0090 e1b00000 512fff1e ............../Q - // 00008d44 ea00b1f9 e92d0090 e3a070fc ef000000 ......-..p...... - while (p < end) { - char* asc_out = ascii_buffer; - - sprintf(code_buffer, "%08x ", p); - - int i; - for (i = 0; i < 4; i++) { - // If we see (data == -1 && errno != 0), we know that the ptrace - // call failed, probably because we're dumping memory in an - // unmapped or inaccessible page. I don't know if there's - // value in making that explicit in the output -- it likely - // just complicates parsing and clarifies nothing for the - // enlightened reader. - long data = ptrace(PTRACE_PEEKTEXT, tid, reinterpret_cast<void*>(p), NULL); - sprintf(code_buffer + strlen(code_buffer), "%08lx ", data); - - // Enable the following code blob to dump ASCII values -#if 0 - int j; - for (j = 0; j < 4; j++) { - // Our isprint() allows high-ASCII characters that display - // differently (often badly) in different viewers, so we - // just use a simpler test. - char val = (data >> (j*8)) & 0xff; - if (val >= 0x20 && val < 0x7f) { - *asc_out++ = val; - } else { - *asc_out++ = '.'; - } - } -#endif - p += 4; - } - *asc_out = '\0'; - _LOG(log, scope_flags, " %s %s\n", code_buffer, ascii_buffer); - } -} - -// If configured to do so, dump memory around *all* registers -// for the crashing thread. -void dump_memory_and_code(log_t* log, pid_t tid, int scope_flags) { - struct pt_regs regs; +void dump_memory_and_code(log_t* log, pid_t tid) { + pt_regs regs; if (ptrace(PTRACE_GETREGS, tid, 0, ®s)) { return; } - if (IS_AT_FAULT(scope_flags) && DUMP_MEMORY_FOR_ALL_REGISTERS) { - static const char REG_NAMES[] = "r0r1r2r3r4r5r6r7r8r9slfpipsp"; + static const char REG_NAMES[] = "r0r1r2r3r4r5r6r7r8r9slfpipsp"; - for (int reg = 0; reg < 14; reg++) { - // this may not be a valid way to access, but it'll do for now - uintptr_t addr = regs.uregs[reg]; + for (int reg = 0; reg < 14; reg++) { + // this may not be a valid way to access, but it'll do for now + uintptr_t addr = regs.uregs[reg]; - // Don't bother if it looks like a small int or ~= null, or if - // it's in the kernel area. - if (addr < 4096 || addr >= 0xc0000000) { - continue; - } - - _LOG(log, scope_flags | SCOPE_SENSITIVE, "\nmemory near %.2s:\n", ®_NAMES[reg * 2]); - dump_memory(log, tid, addr, scope_flags | SCOPE_SENSITIVE); + // Don't bother if it looks like a small int or ~= null, or if + // it's in the kernel area. + if (addr < 4096 || addr >= 0xc0000000) { + continue; } + + _LOG(log, logtype::MEMORY, "\nmemory near %.2s:\n", ®_NAMES[reg * 2]); + dump_memory(log, tid, addr); } // explicitly allow upload of code dump logging - _LOG(log, scope_flags, "\ncode around pc:\n"); - dump_memory(log, tid, static_cast<uintptr_t>(regs.ARM_pc), scope_flags); + _LOG(log, logtype::MEMORY, "\ncode around pc:\n"); + dump_memory(log, tid, static_cast<uintptr_t>(regs.ARM_pc)); if (regs.ARM_pc != regs.ARM_lr) { - _LOG(log, scope_flags, "\ncode around lr:\n"); - dump_memory(log, tid, static_cast<uintptr_t>(regs.ARM_lr), scope_flags); + _LOG(log, logtype::MEMORY, "\ncode around lr:\n"); + dump_memory(log, tid, static_cast<uintptr_t>(regs.ARM_lr)); } } -void dump_registers(log_t* log, pid_t tid, int scope_flags) { - struct pt_regs r; +void dump_registers(log_t* log, pid_t tid) { + pt_regs r; if (ptrace(PTRACE_GETREGS, tid, 0, &r)) { - _LOG(log, scope_flags, "cannot get registers: %s\n", strerror(errno)); + _LOG(log, logtype::REGISTERS, "cannot get registers: %s\n", strerror(errno)); return; } - _LOG(log, scope_flags, " r0 %08x r1 %08x r2 %08x r3 %08x\n", + _LOG(log, logtype::REGISTERS, " r0 %08x r1 %08x r2 %08x r3 %08x\n", static_cast<uint32_t>(r.ARM_r0), static_cast<uint32_t>(r.ARM_r1), static_cast<uint32_t>(r.ARM_r2), static_cast<uint32_t>(r.ARM_r3)); - _LOG(log, scope_flags, " r4 %08x r5 %08x r6 %08x r7 %08x\n", + _LOG(log, logtype::REGISTERS, " r4 %08x r5 %08x r6 %08x r7 %08x\n", static_cast<uint32_t>(r.ARM_r4), static_cast<uint32_t>(r.ARM_r5), static_cast<uint32_t>(r.ARM_r6), static_cast<uint32_t>(r.ARM_r7)); - _LOG(log, scope_flags, " r8 %08x r9 %08x sl %08x fp %08x\n", + _LOG(log, logtype::REGISTERS, " r8 %08x r9 %08x sl %08x fp %08x\n", static_cast<uint32_t>(r.ARM_r8), static_cast<uint32_t>(r.ARM_r9), static_cast<uint32_t>(r.ARM_r10), static_cast<uint32_t>(r.ARM_fp)); - _LOG(log, scope_flags, " ip %08x sp %08x lr %08x pc %08x cpsr %08x\n", + _LOG(log, logtype::REGISTERS, " ip %08x sp %08x lr %08x pc %08x cpsr %08x\n", static_cast<uint32_t>(r.ARM_ip), static_cast<uint32_t>(r.ARM_sp), static_cast<uint32_t>(r.ARM_lr), static_cast<uint32_t>(r.ARM_pc), static_cast<uint32_t>(r.ARM_cpsr)); -#ifdef WITH_VFP - struct user_vfp vfp_regs; - int i; - + user_vfp vfp_regs; if (ptrace(PTRACE_GETVFPREGS, tid, 0, &vfp_regs)) { - _LOG(log, scope_flags, "cannot get registers: %s\n", strerror(errno)); + _LOG(log, logtype::REGISTERS, "cannot get registers: %s\n", strerror(errno)); return; } - for (i = 0; i < NUM_VFP_REGS; i += 2) { - _LOG(log, scope_flags, " d%-2d %016llx d%-2d %016llx\n", + for (size_t i = 0; i < 32; i += 2) { + _LOG(log, logtype::REGISTERS, " d%-2d %016llx d%-2d %016llx\n", i, vfp_regs.fpregs[i], i+1, vfp_regs.fpregs[i+1]); } - _LOG(log, scope_flags, " scr %08lx\n", vfp_regs.fpscr); -#endif + _LOG(log, logtype::REGISTERS, " scr %08lx\n", vfp_regs.fpscr); } diff --git a/debuggerd/arm64/crashglue.S b/debuggerd/arm64/crashglue.S new file mode 100644 index 0000000..e58b542 --- /dev/null +++ b/debuggerd/arm64/crashglue.S @@ -0,0 +1,79 @@ +.globl crash1 +.type crash1, %function +crash1: + ldr x0, =0xa5a50000 + ldr x1, =0xa5a50001 + ldr x2, =0xa5a50002 + ldr x3, =0xa5a50003 + ldr x4, =0xa5a50004 + ldr x5, =0xa5a50005 + ldr x6, =0xa5a50006 + ldr x7, =0xa5a50007 + ldr x8, =0xa5a50008 + ldr x9, =0xa5a50009 + ldr x10, =0xa5a50010 + ldr x11, =0xa5a50011 + ldr x12, =0xa5a50012 + ldr x13, =0xa5a50013 + ldr x14, =0xa5a50014 + ldr x15, =0xa5a50015 + ldr x16, =0xa5a50016 + ldr x17, =0xa5a50017 + ldr x18, =0xa5a50018 + ldr x19, =0xa5a50019 + ldr x20, =0xa5a50020 + ldr x21, =0xa5a50021 + ldr x22, =0xa5a50022 + ldr x23, =0xa5a50023 + ldr x24, =0xa5a50024 + ldr x25, =0xa5a50025 + ldr x26, =0xa5a50026 + ldr x27, =0xa5a50027 + ldr x28, =0xa5a50028 + ldr x29, =0xa5a50029 + + fmov d0, -1.0 // -1 is more convincing than 0. + fmov d1, 1.0 + fmov d2, 2.0 + fmov d3, 3.0 + fmov d4, 4.0 + fmov d5, 5.0 + fmov d6, 6.0 + fmov d7, 7.0 + fmov d8, 8.0 + fmov d9, 9.0 + fmov d10, 10.0 + fmov d11, 11.0 + fmov d12, 12.0 + fmov d13, 13.0 + fmov d14, 14.0 + fmov d15, 15.0 + fmov d16, 16.0 + fmov d17, 17.0 + fmov d18, 18.0 + fmov d19, 19.0 + fmov d20, 20.0 + fmov d21, 21.0 + fmov d22, 22.0 + fmov d23, 23.0 + fmov d24, 24.0 + fmov d25, 25.0 + fmov d26, 26.0 + fmov d27, 27.0 + fmov d28, 28.0 + fmov d29, 29.0 + fmov d30, 30.0 + fmov d31, 31.0 + + mov x30, xzr + ldr x30, [x30] + b . + + +.globl crashnostack +.type crashnostack, %function +crashnostack: + mov x0, xzr + add sp, x0, xzr + ldr x0, [x0] + b . diff --git a/debuggerd/arm64/machine.cpp b/debuggerd/arm64/machine.cpp new file mode 100644 index 0000000..ec664bd --- /dev/null +++ b/debuggerd/arm64/machine.cpp @@ -0,0 +1,112 @@ +/* + * + * Copyright 2014, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <stdio.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/ptrace.h> +#include <sys/user.h> +#include <sys/uio.h> +#include <linux/elf.h> + +#include "../utility.h" +#include "../machine.h" + +void dump_memory_and_code(log_t* log, pid_t tid) { + struct user_pt_regs regs; + struct iovec io; + io.iov_base = ®s; + io.iov_len = sizeof(regs); + + if (ptrace(PTRACE_GETREGSET, tid, (void*)NT_PRSTATUS, &io) == -1) { + _LOG(log, logtype::ERROR, "%s: ptrace failed to get registers: %s\n", + __func__, strerror(errno)); + return; + } + + for (int reg = 0; reg < 31; reg++) { + uintptr_t addr = regs.regs[reg]; + + /* + * Don't bother if it looks like a small int or ~= null, or if + * it's in the kernel area. + */ + if (addr < 4096 || addr >= (1UL<<63)) { + continue; + } + + _LOG(log, logtype::MEMORY, "\nmemory near x%d:\n", reg); + dump_memory(log, tid, addr); + } + + _LOG(log, logtype::MEMORY, "\ncode around pc:\n"); + dump_memory(log, tid, (uintptr_t)regs.pc); + + if (regs.pc != regs.sp) { + _LOG(log, logtype::MEMORY, "\ncode around sp:\n"); + dump_memory(log, tid, (uintptr_t)regs.sp); + } +} + +void dump_registers(log_t* log, pid_t tid) { + struct user_pt_regs r; + struct iovec io; + io.iov_base = &r; + io.iov_len = sizeof(r); + + if (ptrace(PTRACE_GETREGSET, tid, (void*) NT_PRSTATUS, (void*) &io) == -1) { + _LOG(log, logtype::ERROR, "ptrace error: %s\n", strerror(errno)); + return; + } + + for (int i = 0; i < 28; i += 4) { + _LOG(log, logtype::REGISTERS, + " x%-2d %016lx x%-2d %016lx x%-2d %016lx x%-2d %016lx\n", + i, (uint64_t)r.regs[i], + i+1, (uint64_t)r.regs[i+1], + i+2, (uint64_t)r.regs[i+2], + i+3, (uint64_t)r.regs[i+3]); + } + + _LOG(log, logtype::REGISTERS, " x28 %016lx x29 %016lx x30 %016lx\n", + (uint64_t)r.regs[28], (uint64_t)r.regs[29], (uint64_t)r.regs[30]); + + _LOG(log, logtype::REGISTERS, " sp %016lx pc %016lx\n", + (uint64_t)r.sp, (uint64_t)r.pc); + + + struct user_fpsimd_state f; + io.iov_base = &f; + io.iov_len = sizeof(f); + + if (ptrace(PTRACE_GETREGSET, tid, (void*) NT_PRFPREG, (void*) &io) == -1) { + _LOG(log, logtype::ERROR, "ptrace error: %s\n", strerror(errno)); + return; + } + + for (int i = 0; i < 32; i += 4) { + _LOG(log, logtype::REGISTERS, " v%-2d %016lx v%-2d %016lx v%-2d %016lx v%-2d %016lx\n", + i, (uint64_t)f.vregs[i], + i+1, (uint64_t)f.vregs[i+1], + i+2, (uint64_t)f.vregs[i+2], + i+3, (uint64_t)f.vregs[i+3]); + } +} diff --git a/debuggerd/backtrace.cpp b/debuggerd/backtrace.cpp index d388348..c4a2143 100644 --- a/debuggerd/backtrace.cpp +++ b/debuggerd/backtrace.cpp @@ -30,6 +30,7 @@ #include <UniquePtr.h> #include "backtrace.h" + #include "utility.h" static void dump_process_header(log_t* log, pid_t pid) { @@ -48,16 +49,17 @@ static void dump_process_header(log_t* log, pid_t pid) { struct tm tm; localtime_r(&t, &tm); char timestr[64]; + _LOG(log, logtype::BACKTRACE, "\n\nABI: '%s'\n", ABI_STRING); strftime(timestr, sizeof(timestr), "%F %T", &tm); - _LOG(log, SCOPE_AT_FAULT, "\n\n----- pid %d at %s -----\n", pid, timestr); + _LOG(log, logtype::BACKTRACE, "\n----- pid %d at %s -----\n", pid, timestr); if (procname) { - _LOG(log, SCOPE_AT_FAULT, "Cmd line: %s\n", procname); + _LOG(log, logtype::BACKTRACE, "Cmd line: %s\n", procname); } } static void dump_process_footer(log_t* log, pid_t pid) { - _LOG(log, SCOPE_AT_FAULT, "\n----- end %d -----\n", pid); + _LOG(log, logtype::BACKTRACE, "\n----- end %d -----\n", pid); } static void dump_thread( @@ -79,10 +81,10 @@ static void dump_thread( } } - _LOG(log, SCOPE_AT_FAULT, "\n\"%s\" sysTid=%d\n", threadname ? threadname : "<unknown>", tid); + _LOG(log, logtype::BACKTRACE, "\n\"%s\" sysTid=%d\n", threadname ? threadname : "<unknown>", tid); if (!attached && ptrace(PTRACE_ATTACH, tid, 0, 0) < 0) { - _LOG(log, SCOPE_AT_FAULT, "Could not attach to thread: %s\n", strerror(errno)); + _LOG(log, logtype::BACKTRACE, "Could not attach to thread: %s\n", strerror(errno)); return; } @@ -90,11 +92,11 @@ static void dump_thread( UniquePtr<Backtrace> backtrace(Backtrace::Create(tid, BACKTRACE_CURRENT_THREAD)); if (backtrace->Unwind(0)) { - dump_backtrace_to_log(backtrace.get(), log, SCOPE_AT_FAULT, " "); + dump_backtrace_to_log(backtrace.get(), log, " "); } if (!attached && ptrace(PTRACE_DETACH, tid, 0, 0) != 0) { - LOG("ptrace detach from %d failed: %s\n", tid, strerror(errno)); + _LOG(log, logtype::ERROR, "ptrace detach from %d failed: %s\n", tid, strerror(errno)); *detach_failed = true; } } @@ -104,7 +106,6 @@ void dump_backtrace(int fd, int amfd, pid_t pid, pid_t tid, bool* detach_failed, log_t log; log.tfd = fd; log.amfd = amfd; - log.quiet = true; dump_process_header(&log, pid); dump_thread(&log, tid, true, detach_failed, total_sleep_time_usec); @@ -133,9 +134,8 @@ void dump_backtrace(int fd, int amfd, pid_t pid, pid_t tid, bool* detach_failed, dump_process_footer(&log, pid); } -void dump_backtrace_to_log(Backtrace* backtrace, log_t* log, - int scope_flags, const char* prefix) { +void dump_backtrace_to_log(Backtrace* backtrace, log_t* log, const char* prefix) { for (size_t i = 0; i < backtrace->NumFrames(); i++) { - _LOG(log, scope_flags, "%s%s\n", prefix, backtrace->FormatFrameData(i).c_str()); + _LOG(log, logtype::BACKTRACE, "%s%s\n", prefix, backtrace->FormatFrameData(i).c_str()); } } diff --git a/debuggerd/backtrace.h b/debuggerd/backtrace.h index 2ec8afb..da14cd4 100644 --- a/debuggerd/backtrace.h +++ b/debuggerd/backtrace.h @@ -29,7 +29,6 @@ void dump_backtrace(int fd, int amfd, pid_t pid, pid_t tid, bool* detach_failed, int* total_sleep_time_usec); /* Dumps the backtrace in the backtrace data structure to the log. */ -void dump_backtrace_to_log(Backtrace* backtrace, log_t* log, - int scope_flags, const char* prefix); +void dump_backtrace_to_log(Backtrace* backtrace, log_t* log, const char* prefix); #endif // _DEBUGGERD_BACKTRACE_H diff --git a/debuggerd/crasher.c b/debuggerd/crasher.c index 5ecb1a5..9df3c64 100644 --- a/debuggerd/crasher.c +++ b/debuggerd/crasher.c @@ -1,21 +1,24 @@ - -//#include <cutils/misc.h> - -#include <unistd.h> +#include <assert.h> +#include <errno.h> +#include <pthread.h> +#include <sched.h> +#include <signal.h> #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <sched.h> -#include <errno.h> - -#include <signal.h> +#include <sys/cdefs.h> +#include <sys/mman.h> #include <sys/ptrace.h> -#include <sys/wait.h> #include <sys/socket.h> - -#include <pthread.h> +#include <sys/wait.h> +#include <unistd.h> #include <cutils/sockets.h> +#include <log/log.h> + +#ifndef __unused +#define __unused __attribute__((__unused__)) +#endif extern const char* __progname; @@ -23,26 +26,13 @@ void crash1(void); void crashnostack(void); static int do_action(const char* arg); -static void debuggerd_connect() -{ - char tmp[1]; - int s; - sprintf(tmp, "%d", gettid()); - s = socket_local_client("android:debuggerd", - ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); - if(s >= 0) { - read(s, tmp, 1); - close(s); - } -} - -static void maybeabort() { - if(time(0) != 42) { +static void maybe_abort() { + if (time(0) != 42) { abort(); } } -static int smash_stack(int i) { +static int smash_stack(int i __unused) { printf("crasher: deliberately corrupting stack...\n"); // Unless there's a "big enough" buffer on the stack, gcc // doesn't bother inserting checks. @@ -63,20 +53,15 @@ __attribute__((noinline)) static void overflow_stack(void* p) { overflow_stack(&buf); } -static void test_call1() -{ - *((int*) 32) = 1; -} - static void *noisy(void *x) { - char c = (unsigned) x; + char c = (uintptr_t) x; for(;;) { usleep(250*1000); write(2, &c, 1); if(c == 'C') *((unsigned*) 0) = 42; } - return 0; + return NULL; } static int ctest() @@ -94,7 +79,7 @@ static int ctest() static void* thread_callback(void* raw_arg) { - return (void*) do_action((const char*) raw_arg); + return (void*) (uintptr_t) do_action((const char*) raw_arg); } static int do_action_on_thread(const char* arg) @@ -103,7 +88,7 @@ static int do_action_on_thread(const char* arg) pthread_create(&t, NULL, thread_callback, (void*) arg); void* result = NULL; pthread_join(t, &result); - return (int) result; + return (int) (uintptr_t) result; } __attribute__((noinline)) static int crash3(int a) { @@ -126,41 +111,77 @@ static void abuse_heap() { free((void*) buf); // GCC is smart enough to warn about this, but we're doing it deliberately. } +static void sigsegv_non_null() { + int* a = (int *)(&do_action); + *a = 42; +} + static int do_action(const char* arg) { fprintf(stderr,"crasher: init pid=%d tid=%d\n", getpid(), gettid()); if (!strncmp(arg, "thread-", strlen("thread-"))) { return do_action_on_thread(arg + strlen("thread-")); - } else if (!strcmp(arg,"smash-stack")) { + } else if (!strcmp(arg, "SIGSEGV-non-null")) { + sigsegv_non_null(); + } else if (!strcmp(arg, "smash-stack")) { return smash_stack(42); - } else if (!strcmp(arg,"stack-overflow")) { + } else if (!strcmp(arg, "stack-overflow")) { overflow_stack(NULL); - } else if (!strcmp(arg,"nostack")) { + } else if (!strcmp(arg, "nostack")) { crashnostack(); - } else if (!strcmp(arg,"ctest")) { + } else if (!strcmp(arg, "ctest")) { return ctest(); - } else if (!strcmp(arg,"exit")) { + } else if (!strcmp(arg, "exit")) { exit(1); - } else if (!strcmp(arg,"crash")) { + } else if (!strcmp(arg, "crash") || !strcmp(arg, "SIGSEGV")) { return crash(42); - } else if (!strcmp(arg,"abort")) { - maybeabort(); + } else if (!strcmp(arg, "abort")) { + maybe_abort(); + } else if (!strcmp(arg, "assert")) { + __assert("some_file.c", 123, "false"); + } else if (!strcmp(arg, "assert2")) { + __assert2("some_file.c", 123, "some_function", "false"); + } else if (!strcmp(arg, "LOG_ALWAYS_FATAL")) { + LOG_ALWAYS_FATAL("hello %s", "world"); + } else if (!strcmp(arg, "LOG_ALWAYS_FATAL_IF")) { + LOG_ALWAYS_FATAL_IF(true, "hello %s", "world"); + } else if (!strcmp(arg, "SIGPIPE")) { + int pipe_fds[2]; + pipe(pipe_fds); + close(pipe_fds[0]); + write(pipe_fds[1], "oops", 4); + return EXIT_SUCCESS; + } else if (!strcmp(arg, "SIGTRAP")) { + raise(SIGTRAP); + return EXIT_SUCCESS; } else if (!strcmp(arg, "heap-usage")) { abuse_heap(); + } else if (!strcmp(arg, "SIGSEGV-unmapped")) { + char* map = mmap(NULL, sizeof(int), PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0); + munmap(map, sizeof(int)); + map[0] = '8'; } fprintf(stderr, "%s OP\n", __progname); fprintf(stderr, "where OP is:\n"); - fprintf(stderr, " smash-stack overwrite a stack-guard canary\n"); - fprintf(stderr, " stack-overflow recurse until the stack overflows\n"); - fprintf(stderr, " heap-corruption cause a libc abort by corrupting the heap\n"); - fprintf(stderr, " heap-usage cause a libc abort by abusing a heap function\n"); - fprintf(stderr, " nostack crash with a NULL stack pointer\n"); - fprintf(stderr, " ctest (obsoleted by thread-crash?)\n"); - fprintf(stderr, " exit call exit(1)\n"); - fprintf(stderr, " crash cause a SIGSEGV\n"); - fprintf(stderr, " abort call abort()\n"); + fprintf(stderr, " smash-stack overwrite a stack-guard canary\n"); + fprintf(stderr, " stack-overflow recurse until the stack overflows\n"); + fprintf(stderr, " heap-corruption cause a libc abort by corrupting the heap\n"); + fprintf(stderr, " heap-usage cause a libc abort by abusing a heap function\n"); + fprintf(stderr, " nostack crash with a NULL stack pointer\n"); + fprintf(stderr, " ctest (obsoleted by thread-crash?)\n"); + fprintf(stderr, " exit call exit(1)\n"); + fprintf(stderr, " abort call abort()\n"); + fprintf(stderr, " assert call assert() without a function\n"); + fprintf(stderr, " assert2 call assert() with a function\n"); + fprintf(stderr, " LOG_ALWAYS_FATAL call LOG_ALWAYS_FATAL\n"); + fprintf(stderr, " LOG_ALWAYS_FATAL_IF call LOG_ALWAYS_FATAL\n"); + fprintf(stderr, " SIGPIPE cause a SIGPIPE\n"); + fprintf(stderr, " SIGSEGV cause a SIGSEGV at address 0x0 (synonym: crash)\n"); + fprintf(stderr, " SIGSEGV-non-null cause a SIGSEGV at a non-zero address\n"); + fprintf(stderr, " SIGSEGV-unmapped mmap/munmap a region of memory and then attempt to access it\n"); + fprintf(stderr, " SIGTRAP cause a SIGTRAP\n"); fprintf(stderr, "prefix any of the above with 'thread-' to not run\n"); fprintf(stderr, "on the process' main thread.\n"); return EXIT_SUCCESS; diff --git a/debuggerd/debuggerd.cpp b/debuggerd/debuggerd.cpp index de8ba9d..61805c9 100644 --- a/debuggerd/debuggerd.cpp +++ b/debuggerd/debuggerd.cpp @@ -30,7 +30,6 @@ #include <sys/stat.h> #include <sys/poll.h> -#include <log/logd.h> #include <log/logger.h> #include <cutils/sockets.h> @@ -46,105 +45,55 @@ #include "tombstone.h" #include "utility.h" -typedef struct { +struct debugger_request_t { debugger_action_t action; pid_t pid, tid; uid_t uid, gid; uintptr_t abort_msg_address; -} debugger_request_t; - -static int write_string(const char* file, const char* string) { - int len; - int fd; - ssize_t amt; - fd = open(file, O_RDWR); - len = strlen(string); - if (fd < 0) - return -errno; - amt = write(fd, string, len); - close(fd); - return amt >= 0 ? 0 : -errno; -} - -static void init_debug_led() { - // trout leds - write_string("/sys/class/leds/red/brightness", "0"); - write_string("/sys/class/leds/green/brightness", "0"); - write_string("/sys/class/leds/blue/brightness", "0"); - write_string("/sys/class/leds/red/device/blink", "0"); - // sardine leds - write_string("/sys/class/leds/left/cadence", "0,0"); -} + int32_t original_si_code; +}; -static void enable_debug_led() { - // trout leds - write_string("/sys/class/leds/red/brightness", "255"); - // sardine leds - write_string("/sys/class/leds/left/cadence", "1,0"); -} +static void wait_for_user_action(const debugger_request_t &request) { + // Find out the name of the process that crashed. + char path[64]; + snprintf(path, sizeof(path), "/proc/%d/exe", request.pid); -static void disable_debug_led() { - // trout leds - write_string("/sys/class/leds/red/brightness", "0"); - // sardine leds - write_string("/sys/class/leds/left/cadence", "0,0"); -} + char exe[PATH_MAX]; + int count; + if ((count = readlink(path, exe, sizeof(exe) - 1)) == -1) { + ALOGE("readlink('%s') failed: %s", path, strerror(errno)); + strlcpy(exe, "unknown", sizeof(exe)); + } else { + exe[count] = '\0'; + } -static void wait_for_user_action(pid_t pid) { - // First log a helpful message - LOG( "********************************************************\n" - "* Process %d has been suspended while crashing. To\n" - "* attach gdbserver for a gdb connection on port 5039\n" - "* and start gdbclient:\n" - "*\n" - "* gdbclient app_process :5039 %d\n" - "*\n" - "* Wait for gdb to start, then press HOME or VOLUME DOWN key\n" - "* to let the process continue crashing.\n" - "********************************************************\n", - pid, pid); - - // wait for HOME or VOLUME DOWN key + // Explain how to attach the debugger. + ALOGI("********************************************************\n" + "* Process %d has been suspended while crashing.\n" + "* To attach gdbserver for a gdb connection on port 5039\n" + "* and start gdbclient:\n" + "*\n" + "* gdbclient %s :5039 %d\n" + "*\n" + "* Wait for gdb to start, then press the VOLUME DOWN key\n" + "* to let the process continue crashing.\n" + "********************************************************\n", + request.pid, exe, request.tid); + + // Wait for VOLUME DOWN. if (init_getevent() == 0) { - int ms = 1200 / 10; - int dit = 1; - int dah = 3*dit; - int _ = -dit; - int ___ = 3*_; - int _______ = 7*_; - const int codes[] = { - dit,_,dit,_,dit,___,dah,_,dah,_,dah,___,dit,_,dit,_,dit,_______ - }; - size_t s = 0; - struct input_event e; - bool done = false; - init_debug_led(); - enable_debug_led(); - do { - int timeout = abs(codes[s]) * ms; - int res = get_event(&e, timeout); - if (res == 0) { - if (e.type == EV_KEY - && (e.code == KEY_HOME || e.code == KEY_VOLUMEDOWN) - && e.value == 0) { - done = true; - } - } else if (res == 1) { - if (++s >= sizeof(codes)/sizeof(*codes)) - s = 0; - if (codes[s] > 0) { - enable_debug_led(); - } else { - disable_debug_led(); + while (true) { + input_event e; + if (get_event(&e, -1) == 0) { + if (e.type == EV_KEY && e.code == KEY_VOLUMEDOWN && e.value == 0) { + break; } } - } while (!done); + } uninit_getevent(); } - // don't forget to turn debug led off - disable_debug_led(); - LOG("debuggerd resuming process %d", pid); + ALOGI("debuggerd resuming process %d", request.pid); } static int get_process_info(pid_t tid, pid_t* out_pid, uid_t* out_uid, uid_t* out_gid) { @@ -176,24 +125,24 @@ static int get_process_info(pid_t tid, pid_t* out_pid, uid_t* out_uid, uid_t* ou } static int read_request(int fd, debugger_request_t* out_request) { - struct ucred cr; - int len = sizeof(cr); + ucred cr; + socklen_t len = sizeof(cr); int status = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &len); if (status != 0) { - LOG("cannot get credentials\n"); + ALOGE("cannot get credentials\n"); return -1; } - XLOG("reading tid\n"); + ALOGV("reading tid\n"); fcntl(fd, F_SETFL, O_NONBLOCK); - struct pollfd pollfds[1]; + pollfd pollfds[1]; pollfds[0].fd = fd; pollfds[0].events = POLLIN; pollfds[0].revents = 0; status = TEMP_FAILURE_RETRY(poll(pollfds, 1, 3000)); if (status != 1) { - LOG("timed out reading tid (from pid=%d uid=%d)\n", cr.pid, cr.uid); + ALOGE("timed out reading tid (from pid=%d uid=%d)\n", cr.pid, cr.uid); return -1; } @@ -201,13 +150,11 @@ static int read_request(int fd, debugger_request_t* out_request) { memset(&msg, 0, sizeof(msg)); status = TEMP_FAILURE_RETRY(read(fd, &msg, sizeof(msg))); if (status < 0) { - LOG("read failure? %s (pid=%d uid=%d)\n", strerror(errno), cr.pid, cr.uid); + ALOGE("read failure? %s (pid=%d uid=%d)\n", strerror(errno), cr.pid, cr.uid); return -1; } - if (status == sizeof(debugger_msg_t)) { - XLOG("crash request of size %d abort_msg_address=%#08x\n", status, msg.abort_msg_address); - } else { - LOG("invalid crash request of size %d (from pid=%d uid=%d)\n", status, cr.pid, cr.uid); + if (status != sizeof(debugger_msg_t)) { + ALOGE("invalid crash request of size %d (from pid=%d uid=%d)\n", status, cr.pid, cr.uid); return -1; } @@ -217,6 +164,7 @@ static int read_request(int fd, debugger_request_t* out_request) { out_request->uid = cr.uid; out_request->gid = cr.gid; out_request->abort_msg_address = msg.abort_msg_address; + out_request->original_si_code = msg.original_si_code; if (msg.action == DEBUGGER_ACTION_CRASH) { // Ensure that the tid reported by the crashing process is valid. @@ -224,7 +172,7 @@ static int read_request(int fd, debugger_request_t* out_request) { struct stat s; snprintf(buf, sizeof buf, "/proc/%d/task/%d", out_request->pid, out_request->tid); if (stat(buf, &s)) { - LOG("tid %d does not exist in pid %d. ignoring debug request\n", + ALOGE("tid %d does not exist in pid %d. ignoring debug request\n", out_request->tid, out_request->pid); return -1; } @@ -235,7 +183,7 @@ static int read_request(int fd, debugger_request_t* out_request) { status = get_process_info(out_request->tid, &out_request->pid, &out_request->uid, &out_request->gid); if (status < 0) { - LOG("tid %d does not exist. ignoring explicit dump request\n", out_request->tid); + ALOGE("tid %d does not exist. ignoring explicit dump request\n", out_request->tid); return -1; } } else { @@ -256,13 +204,13 @@ static bool should_attach_gdb(debugger_request_t* request) { } static void handle_request(int fd) { - XLOG("handle_request(%d)\n", fd); + ALOGV("handle_request(%d)\n", fd); debugger_request_t request; memset(&request, 0, sizeof(request)); int status = read_request(fd, &request); if (!status) { - XLOG("BOOM: pid=%d uid=%d gid=%d tid=%d\n", + ALOGV("BOOM: pid=%d uid=%d gid=%d tid=%d\n", request.pid, request.uid, request.gid, request.tid); // At this point, the thread that made the request is blocked in @@ -276,12 +224,12 @@ static void handle_request(int fd) { // See details in bionic/libc/linker/debugger.c, in function // debugger_signal_handler(). if (ptrace(PTRACE_ATTACH, request.tid, 0, 0)) { - LOG("ptrace attach failed: %s\n", strerror(errno)); + ALOGE("ptrace attach failed: %s\n", strerror(errno)); } else { bool detach_failed = false; bool attach_gdb = should_attach_gdb(&request); if (TEMP_FAILURE_RETRY(write(fd, "\0", 1)) != 1) { - LOG("failed responding to client: %s\n", strerror(errno)); + ALOGE("failed responding to client: %s\n", strerror(errno)); } else { char* tombstone_path = NULL; @@ -300,34 +248,36 @@ static void handle_request(int fd) { switch (signal) { case SIGSTOP: if (request.action == DEBUGGER_ACTION_DUMP_TOMBSTONE) { - XLOG("stopped -- dumping to tombstone\n"); - tombstone_path = engrave_tombstone( - request.pid, request.tid, signal, request.abort_msg_address, true, true, - &detach_failed, &total_sleep_time_usec); + ALOGV("stopped -- dumping to tombstone\n"); + tombstone_path = engrave_tombstone(request.pid, request.tid, + signal, request.original_si_code, + request.abort_msg_address, true, + &detach_failed, &total_sleep_time_usec); } else if (request.action == DEBUGGER_ACTION_DUMP_BACKTRACE) { - XLOG("stopped -- dumping to fd\n"); + ALOGV("stopped -- dumping to fd\n"); dump_backtrace(fd, -1, request.pid, request.tid, &detach_failed, &total_sleep_time_usec); } else { - XLOG("stopped -- continuing\n"); + ALOGV("stopped -- continuing\n"); status = ptrace(PTRACE_CONT, request.tid, 0, 0); if (status) { - LOG("ptrace continue failed: %s\n", strerror(errno)); + ALOGE("ptrace continue failed: %s\n", strerror(errno)); } continue; // loop again } break; - case SIGILL: case SIGABRT: case SIGBUS: case SIGFPE: - case SIGSEGV: + case SIGILL: case SIGPIPE: + case SIGSEGV: #ifdef SIGSTKFLT case SIGSTKFLT: #endif - XLOG("stopped -- fatal signal\n"); + case SIGTRAP: + ALOGV("stopped -- fatal signal\n"); // Send a SIGSTOP to the process to make all of // the non-signaled threads stop moving. Without // this we get a lot of "ptrace detach failed: @@ -335,14 +285,14 @@ static void handle_request(int fd) { kill(request.pid, SIGSTOP); // don't dump sibling threads when attaching to GDB because it // makes the process less reliable, apparently... - tombstone_path = engrave_tombstone( - request.pid, request.tid, signal, request.abort_msg_address, !attach_gdb, - false, &detach_failed, &total_sleep_time_usec); + tombstone_path = engrave_tombstone(request.pid, request.tid, + signal, request.original_si_code, + request.abort_msg_address, !attach_gdb, + &detach_failed, &total_sleep_time_usec); break; default: - XLOG("stopped -- unexpected signal\n"); - LOG("process stopped due to unexpected signal %d\n", signal); + ALOGE("process stopped due to unexpected signal %d\n", signal); break; } break; @@ -358,14 +308,14 @@ static void handle_request(int fd) { free(tombstone_path); } - XLOG("detaching\n"); + ALOGV("detaching\n"); if (attach_gdb) { // stop the process so we can debug kill(request.pid, SIGSTOP); // detach so we can attach gdbserver if (ptrace(PTRACE_DETACH, request.tid, 0, 0)) { - LOG("ptrace detach from %d failed: %s\n", request.tid, strerror(errno)); + ALOGE("ptrace detach from %d failed: %s\n", request.tid, strerror(errno)); detach_failed = true; } @@ -373,11 +323,11 @@ static void handle_request(int fd) { // for user action for the crashing process. // in this case, we log a message and turn the debug LED on // waiting for a gdb connection (for instance) - wait_for_user_action(request.pid); + wait_for_user_action(request); } else { // just detach if (ptrace(PTRACE_DETACH, request.tid, 0, 0)) { - LOG("ptrace detach from %d failed: %s\n", request.tid, strerror(errno)); + ALOGE("ptrace detach from %d failed: %s\n", request.tid, strerror(errno)); detach_failed = true; } } @@ -389,7 +339,7 @@ static void handle_request(int fd) { // actual parent won't receive a death notification via wait(2). At this point // there's not much we can do about that. if (detach_failed) { - LOG("debuggerd committing suicide to free the zombie!\n"); + ALOGE("debuggerd committing suicide to free the zombie!\n"); kill(getpid(), SIGKILL); } } @@ -401,54 +351,50 @@ static void handle_request(int fd) { } static int do_server() { - int s; - struct sigaction act; - int logsocket = -1; - - // debuggerd crashes can't be reported to debuggerd. Reset all of the - // crash handlers. - signal(SIGILL, SIG_DFL); + // debuggerd crashes can't be reported to debuggerd. + // Reset all of the crash handlers. signal(SIGABRT, SIG_DFL); signal(SIGBUS, SIG_DFL); signal(SIGFPE, SIG_DFL); + signal(SIGILL, SIG_DFL); signal(SIGSEGV, SIG_DFL); #ifdef SIGSTKFLT signal(SIGSTKFLT, SIG_DFL); #endif + signal(SIGTRAP, SIG_DFL); // Ignore failed writes to closed sockets signal(SIGPIPE, SIG_IGN); - logsocket = socket_local_client("logd", ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_DGRAM); + int logsocket = socket_local_client("logd", ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_DGRAM); if (logsocket < 0) { logsocket = -1; } else { fcntl(logsocket, F_SETFD, FD_CLOEXEC); } + struct sigaction act; act.sa_handler = SIG_DFL; sigemptyset(&act.sa_mask); sigaddset(&act.sa_mask,SIGCHLD); act.sa_flags = SA_NOCLDWAIT; sigaction(SIGCHLD, &act, 0); - s = socket_local_server(DEBUGGER_SOCKET_NAME, ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); + int s = socket_local_server(DEBUGGER_SOCKET_NAME, ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); if (s < 0) return 1; fcntl(s, F_SETFD, FD_CLOEXEC); - LOG("debuggerd: " __DATE__ " " __TIME__ "\n"); + ALOGI("debuggerd: " __DATE__ " " __TIME__ "\n"); for (;;) { - struct sockaddr addr; - socklen_t alen; - int fd; + sockaddr addr; + socklen_t alen = sizeof(addr); - alen = sizeof(addr); - XLOG("waiting for connection\n"); - fd = accept(s, &addr, &alen); + ALOGV("waiting for connection\n"); + int fd = accept(s, &addr, &alen); if (fd < 0) { - XLOG("accept failed: %s\n", strerror(errno)); + ALOGV("accept failed: %s\n", strerror(errno)); continue; } diff --git a/debuggerd/machine.h b/debuggerd/machine.h index 2f1e201..fca9fbe 100644 --- a/debuggerd/machine.h +++ b/debuggerd/machine.h @@ -21,7 +21,7 @@ #include "utility.h" -void dump_memory_and_code(log_t* log, pid_t tid, int scope_flags); -void dump_registers(log_t* log, pid_t tid, int scope_flags); +void dump_memory_and_code(log_t* log, pid_t tid); +void dump_registers(log_t* log, pid_t tid); #endif // _DEBUGGERD_MACHINE_H diff --git a/debuggerd/mips/machine.cpp b/debuggerd/mips/machine.cpp index d1a7f2d..97834c7 100644 --- a/debuggerd/mips/machine.cpp +++ b/debuggerd/mips/machine.cpp @@ -22,141 +22,91 @@ #include <sys/types.h> #include <sys/ptrace.h> -#include <corkscrew/ptrace.h> - #include <sys/user.h> #include "../utility.h" #include "../machine.h" -// enable to dump memory pointed to by every register -#define DUMP_MEMORY_FOR_ALL_REGISTERS 1 - #define R(x) (static_cast<unsigned int>(x)) -static void dump_memory(log_t* log, pid_t tid, uintptr_t addr, int scope_flags) { - char code_buffer[64]; // actual 8+1+((8+1)*4) + 1 == 45 - char ascii_buffer[32]; // actual 16 + 1 == 17 - uintptr_t p, end; - - p = addr & ~3; - p -= 32; - if (p > addr) { - // catch underflow - p = 0; - } - end = p + 80; - // catch overflow; 'end - p' has to be multiples of 16 - while (end < p) - end -= 16; - - // Dump the code around PC as: - // addr contents ascii - // 00008d34 ef000000 e8bd0090 e1b00000 512fff1e ............../Q - // 00008d44 ea00b1f9 e92d0090 e3a070fc ef000000 ......-..p...... - while (p < end) { - char* asc_out = ascii_buffer; - - sprintf(code_buffer, "%08x ", p); - - int i; - for (i = 0; i < 4; i++) { - // If we see (data == -1 && errno != 0), we know that the ptrace - // call failed, probably because we're dumping memory in an - // unmapped or inaccessible page. I don't know if there's - // value in making that explicit in the output -- it likely - // just complicates parsing and clarifies nothing for the - // enlightened reader. - long data = ptrace(PTRACE_PEEKTEXT, tid, (void*)p, NULL); - sprintf(code_buffer + strlen(code_buffer), "%08lx ", data); - - int j; - for (j = 0; j < 4; j++) { - // Our isprint() allows high-ASCII characters that display - // differently (often badly) in different viewers, so we - // just use a simpler test. - char val = (data >> (j*8)) & 0xff; - if (val >= 0x20 && val < 0x7f) { - *asc_out++ = val; - } else { - *asc_out++ = '.'; - } - } - p += 4; - } - *asc_out = '\0'; - _LOG(log, scope_flags, " %s %s\n", code_buffer, ascii_buffer); - } -} +// The MIPS uapi ptrace.h has the wrong definition for pt_regs. PTRACE_GETREGS +// writes 64-bit quantities even though the public struct uses 32-bit ones. +struct pt_regs_mips_t { + uint64_t regs[32]; + uint64_t lo; + uint64_t hi; + uint64_t cp0_epc; + uint64_t cp0_badvaddr; + uint64_t cp0_status; + uint64_t cp0_cause; +}; // If configured to do so, dump memory around *all* registers // for the crashing thread. -void dump_memory_and_code(log_t* log, pid_t tid, int scope_flags) { +void dump_memory_and_code(log_t* log, pid_t tid) { pt_regs_mips_t r; if (ptrace(PTRACE_GETREGS, tid, 0, &r)) { return; } - if (IS_AT_FAULT(scope_flags) && DUMP_MEMORY_FOR_ALL_REGISTERS) { - static const char REG_NAMES[] = "$0atv0v1a0a1a2a3t0t1t2t3t4t5t6t7s0s1s2s3s4s5s6s7t8t9k0k1gpsps8ra"; + static const char REG_NAMES[] = "$0atv0v1a0a1a2a3t0t1t2t3t4t5t6t7s0s1s2s3s4s5s6s7t8t9k0k1gpsps8ra"; - for (int reg = 0; reg < 32; reg++) { - // skip uninteresting registers - if (reg == 0 // $0 - || reg == 26 // $k0 - || reg == 27 // $k1 - || reg == 31 // $ra (done below) - ) - continue; + for (int reg = 0; reg < 32; reg++) { + // skip uninteresting registers + if (reg == 0 // $0 + || reg == 26 // $k0 + || reg == 27 // $k1 + || reg == 31 // $ra (done below) + ) + continue; - uintptr_t addr = R(r.regs[reg]); + uintptr_t addr = R(r.regs[reg]); - // Don't bother if it looks like a small int or ~= null, or if - // it's in the kernel area. - if (addr < 4096 || addr >= 0x80000000) { - continue; - } - - _LOG(log, scope_flags | SCOPE_SENSITIVE, "\nmemory near %.2s:\n", ®_NAMES[reg * 2]); - dump_memory(log, tid, addr, scope_flags | SCOPE_SENSITIVE); + // Don't bother if it looks like a small int or ~= null, or if + // it's in the kernel area. + if (addr < 4096 || addr >= 0x80000000) { + continue; } + + _LOG(log, logtype::MEMORY, "\nmemory near %.2s:\n", ®_NAMES[reg * 2]); + dump_memory(log, tid, addr); } unsigned int pc = R(r.cp0_epc); unsigned int ra = R(r.regs[31]); - _LOG(log, scope_flags, "\ncode around pc:\n"); - dump_memory(log, tid, (uintptr_t)pc, scope_flags); + _LOG(log, logtype::MEMORY, "\ncode around pc:\n"); + dump_memory(log, tid, (uintptr_t)pc); if (pc != ra) { - _LOG(log, scope_flags, "\ncode around ra:\n"); - dump_memory(log, tid, (uintptr_t)ra, scope_flags); + _LOG(log, logtype::MEMORY, "\ncode around ra:\n"); + dump_memory(log, tid, (uintptr_t)ra); } } -void dump_registers(log_t* log, pid_t tid, int scope_flags) { +void dump_registers(log_t* log, pid_t tid) { pt_regs_mips_t r; if(ptrace(PTRACE_GETREGS, tid, 0, &r)) { - _LOG(log, scope_flags, "cannot get registers: %s\n", strerror(errno)); + _LOG(log, logtype::ERROR, "cannot get registers: %s\n", strerror(errno)); return; } - _LOG(log, scope_flags, " zr %08x at %08x v0 %08x v1 %08x\n", + _LOG(log, logtype::REGISTERS, " zr %08x at %08x v0 %08x v1 %08x\n", R(r.regs[0]), R(r.regs[1]), R(r.regs[2]), R(r.regs[3])); - _LOG(log, scope_flags, " a0 %08x a1 %08x a2 %08x a3 %08x\n", + _LOG(log, logtype::REGISTERS, " a0 %08x a1 %08x a2 %08x a3 %08x\n", R(r.regs[4]), R(r.regs[5]), R(r.regs[6]), R(r.regs[7])); - _LOG(log, scope_flags, " t0 %08x t1 %08x t2 %08x t3 %08x\n", + _LOG(log, logtype::REGISTERS, " t0 %08x t1 %08x t2 %08x t3 %08x\n", R(r.regs[8]), R(r.regs[9]), R(r.regs[10]), R(r.regs[11])); - _LOG(log, scope_flags, " t4 %08x t5 %08x t6 %08x t7 %08x\n", + _LOG(log, logtype::REGISTERS, " t4 %08x t5 %08x t6 %08x t7 %08x\n", R(r.regs[12]), R(r.regs[13]), R(r.regs[14]), R(r.regs[15])); - _LOG(log, scope_flags, " s0 %08x s1 %08x s2 %08x s3 %08x\n", + _LOG(log, logtype::REGISTERS, " s0 %08x s1 %08x s2 %08x s3 %08x\n", R(r.regs[16]), R(r.regs[17]), R(r.regs[18]), R(r.regs[19])); - _LOG(log, scope_flags, " s4 %08x s5 %08x s6 %08x s7 %08x\n", + _LOG(log, logtype::REGISTERS, " s4 %08x s5 %08x s6 %08x s7 %08x\n", R(r.regs[20]), R(r.regs[21]), R(r.regs[22]), R(r.regs[23])); - _LOG(log, scope_flags, " t8 %08x t9 %08x k0 %08x k1 %08x\n", + _LOG(log, logtype::REGISTERS, " t8 %08x t9 %08x k0 %08x k1 %08x\n", R(r.regs[24]), R(r.regs[25]), R(r.regs[26]), R(r.regs[27])); - _LOG(log, scope_flags, " gp %08x sp %08x s8 %08x ra %08x\n", + _LOG(log, logtype::REGISTERS, " gp %08x sp %08x s8 %08x ra %08x\n", R(r.regs[28]), R(r.regs[29]), R(r.regs[30]), R(r.regs[31])); - _LOG(log, scope_flags, " hi %08x lo %08x bva %08x epc %08x\n", + _LOG(log, logtype::REGISTERS, " hi %08x lo %08x bva %08x epc %08x\n", R(r.hi), R(r.lo), R(r.cp0_badvaddr), R(r.cp0_epc)); } diff --git a/debuggerd/tombstone.cpp b/debuggerd/tombstone.cpp index c9a2376..f41166b 100644..100755 --- a/debuggerd/tombstone.cpp +++ b/debuggerd/tombstone.cpp @@ -14,31 +14,33 @@ * limitations under the License. */ +#define LOG_TAG "DEBUG" + +#include <dirent.h> +#include <errno.h> +#include <fcntl.h> +#include <inttypes.h> +#include <signal.h> #include <stddef.h> +#include <stdio.h> #include <stdlib.h> -#include <signal.h> #include <string.h> -#include <stdio.h> -#include <fcntl.h> -#include <errno.h> -#include <dirent.h> #include <time.h> #include <sys/ptrace.h> +#include <sys/socket.h> #include <sys/stat.h> -#include <inttypes.h> +#include <sys/un.h> #include <private/android_filesystem_config.h> +#include <cutils/properties.h> #include <log/log.h> #include <log/logger.h> -#include <cutils/properties.h> +#include <log/logprint.h> #include <backtrace/Backtrace.h> #include <backtrace/BacktraceMap.h> -#include <sys/socket.h> -#include <linux/un.h> - #include <selinux/android.h> #include <UniquePtr.h> @@ -51,22 +53,17 @@ #define MAX_TOMBSTONES 10 #define TOMBSTONE_DIR "/data/tombstones" +#define TOMBSTONE_TEMPLATE (TOMBSTONE_DIR"/tombstone_%02d") // Must match the path defined in NativeCrashListener.java #define NCRASH_SOCKET_PATH "/data/system/ndebugsocket" -#define typecheck(x,y) { \ - typeof(x) __dummy1; \ - typeof(y) __dummy2; \ - (void)(&__dummy1 == &__dummy2); } - - -static bool signal_has_address(int sig) { +static bool signal_has_si_addr(int sig) { switch (sig) { - case SIGILL: + case SIGBUS: case SIGFPE: + case SIGILL: case SIGSEGV: - case SIGBUS: return true; default: return false; @@ -75,16 +72,17 @@ static bool signal_has_address(int sig) { static const char* get_signame(int sig) { switch(sig) { - case SIGILL: return "SIGILL"; case SIGABRT: return "SIGABRT"; case SIGBUS: return "SIGBUS"; case SIGFPE: return "SIGFPE"; - case SIGSEGV: return "SIGSEGV"; + case SIGILL: return "SIGILL"; case SIGPIPE: return "SIGPIPE"; -#ifdef SIGSTKFLT + case SIGSEGV: return "SIGSEGV"; +#if defined(SIGSTKFLT) case SIGSTKFLT: return "SIGSTKFLT"; #endif case SIGSTOP: return "SIGSTOP"; + case SIGTRAP: return "SIGTRAP"; default: return "?"; } } @@ -103,13 +101,17 @@ static const char* get_sigcode(int signo, int code) { case ILL_COPROC: return "ILL_COPROC"; case ILL_BADSTK: return "ILL_BADSTK"; } + static_assert(NSIGILL == ILL_BADSTK, "missing ILL_* si_code"); break; case SIGBUS: switch (code) { case BUS_ADRALN: return "BUS_ADRALN"; case BUS_ADRERR: return "BUS_ADRERR"; case BUS_OBJERR: return "BUS_OBJERR"; + case BUS_MCEERR_AR: return "BUS_MCEERR_AR"; + case BUS_MCEERR_AO: return "BUS_MCEERR_AO"; } + static_assert(NSIGBUS == BUS_MCEERR_AO, "missing BUS_* si_code"); break; case SIGFPE: switch (code) { @@ -122,74 +124,76 @@ static const char* get_sigcode(int signo, int code) { case FPE_FLTINV: return "FPE_FLTINV"; case FPE_FLTSUB: return "FPE_FLTSUB"; } + static_assert(NSIGFPE == FPE_FLTSUB, "missing FPE_* si_code"); break; case SIGSEGV: switch (code) { case SEGV_MAPERR: return "SEGV_MAPERR"; case SEGV_ACCERR: return "SEGV_ACCERR"; } + static_assert(NSIGSEGV == SEGV_ACCERR, "missing SEGV_* si_code"); break; case SIGTRAP: switch (code) { case TRAP_BRKPT: return "TRAP_BRKPT"; case TRAP_TRACE: return "TRAP_TRACE"; + case TRAP_BRANCH: return "TRAP_BRANCH"; + case TRAP_HWBKPT: return "TRAP_HWBKPT"; } + static_assert(NSIGTRAP == TRAP_HWBKPT, "missing TRAP_* si_code"); break; } // Then the other codes... switch (code) { case SI_USER: return "SI_USER"; -#if defined(SI_KERNEL) case SI_KERNEL: return "SI_KERNEL"; -#endif case SI_QUEUE: return "SI_QUEUE"; case SI_TIMER: return "SI_TIMER"; case SI_MESGQ: return "SI_MESGQ"; case SI_ASYNCIO: return "SI_ASYNCIO"; -#if defined(SI_SIGIO) case SI_SIGIO: return "SI_SIGIO"; -#endif -#if defined(SI_TKILL) case SI_TKILL: return "SI_TKILL"; -#endif + case SI_DETHREAD: return "SI_DETHREAD"; } // Then give up... return "?"; } -static void dump_revision_info(log_t* log) { - char revision[PROPERTY_VALUE_MAX]; - - property_get("ro.revision", revision, "unknown"); - - _LOG(log, SCOPE_AT_FAULT, "Revision: '%s'\n", revision); -} - -static void dump_build_info(log_t* log) { +static void dump_header_info(log_t* log) { char fingerprint[PROPERTY_VALUE_MAX]; + char revision[PROPERTY_VALUE_MAX]; property_get("ro.build.fingerprint", fingerprint, "unknown"); + property_get("ro.revision", revision, "unknown"); - _LOG(log, SCOPE_AT_FAULT, "Build fingerprint: '%s'\n", fingerprint); + _LOG(log, logtype::HEADER, "Build fingerprint: '%s'\n", fingerprint); + _LOG(log, logtype::HEADER, "Revision: '%s'\n", revision); + _LOG(log, logtype::HEADER, "ABI: '%s'\n", ABI_STRING); } -static void dump_fault_addr(log_t* log, pid_t tid, int sig) { +static void dump_signal_info(log_t* log, pid_t tid, int signal, int si_code) { siginfo_t si; - memset(&si, 0, sizeof(si)); - if (ptrace(PTRACE_GETSIGINFO, tid, 0, &si)){ - _LOG(log, SCOPE_AT_FAULT, "cannot get siginfo: %s\n", strerror(errno)); - } else if (signal_has_address(sig)) { - _LOG(log, SCOPE_AT_FAULT, "signal %d (%s), code %d (%s), fault addr %0*" PRIxPTR "\n", - sig, get_signame(sig), si.si_code, get_sigcode(sig, si.si_code), - sizeof(uintptr_t)*2, reinterpret_cast<uintptr_t>(si.si_addr)); + if (ptrace(PTRACE_GETSIGINFO, tid, 0, &si) == -1) { + _LOG(log, logtype::HEADER, "cannot get siginfo: %s\n", strerror(errno)); + return; + } + + // bionic has to re-raise some signals, which overwrites the si_code with SI_TKILL. + si.si_code = si_code; + + char addr_desc[32]; // ", fault addr 0x1234" + if (signal_has_si_addr(signal)) { + snprintf(addr_desc, sizeof(addr_desc), "%p", si.si_addr); } else { - _LOG(log, SCOPE_AT_FAULT, "signal %d (%s), code %d (%s), fault addr --------\n", - sig, get_signame(sig), si.si_code, get_sigcode(sig, si.si_code)); + snprintf(addr_desc, sizeof(addr_desc), "--------"); } + + _LOG(log, logtype::HEADER, "signal %d (%s), code %d (%s), fault addr %s\n", + signal, get_signame(signal), si.si_code, get_sigcode(signal, si.si_code), addr_desc); } -static void dump_thread_info(log_t* log, pid_t pid, pid_t tid, int scope_flags) { +static void dump_thread_info(log_t* log, pid_t pid, pid_t tid) { char path[64]; char threadnamebuf[1024]; char* threadname = NULL; @@ -207,27 +211,23 @@ static void dump_thread_info(log_t* log, pid_t pid, pid_t tid, int scope_flags) } } - if (IS_AT_FAULT(scope_flags)) { - char procnamebuf[1024]; - char* procname = NULL; - - snprintf(path, sizeof(path), "/proc/%d/cmdline", pid); - if ((fp = fopen(path, "r"))) { - procname = fgets(procnamebuf, sizeof(procnamebuf), fp); - fclose(fp); - } + char procnamebuf[1024]; + char* procname = NULL; - _LOG(log, SCOPE_AT_FAULT, "pid: %d, tid: %d, name: %s >>> %s <<<\n", pid, tid, - threadname ? threadname : "UNKNOWN", procname ? procname : "UNKNOWN"); - } else { - _LOG(log, 0, "pid: %d, tid: %d, name: %s\n", pid, tid, threadname ? threadname : "UNKNOWN"); + snprintf(path, sizeof(path), "/proc/%d/cmdline", pid); + if ((fp = fopen(path, "r"))) { + procname = fgets(procnamebuf, sizeof(procnamebuf), fp); + fclose(fp); } + + _LOG(log, logtype::HEADER, "pid: %d, tid: %d, name: %s >>> %s <<<\n", pid, tid, + threadname ? threadname : "UNKNOWN", procname ? procname : "UNKNOWN"); } static void dump_stack_segment( - Backtrace* backtrace, log_t* log, int scope_flags, uintptr_t* sp, size_t words, int label) { + Backtrace* backtrace, log_t* log, uintptr_t* sp, size_t words, int label) { for (size_t i = 0; i < words; i++) { - uint32_t stack_content; + word_t stack_content; if (!backtrace->ReadWord(*sp, &stack_content)) { break; } @@ -244,36 +244,36 @@ static void dump_stack_segment( if (!func_name.empty()) { if (!i && label >= 0) { if (offset) { - _LOG(log, scope_flags, " #%02d %08x %08x %s (%s+%u)\n", + _LOG(log, logtype::STACK, " #%02d %" PRIPTR " %" PRIPTR " %s (%s+%" PRIuPTR ")\n", label, *sp, stack_content, map_name, func_name.c_str(), offset); } else { - _LOG(log, scope_flags, " #%02d %08x %08x %s (%s)\n", + _LOG(log, logtype::STACK, " #%02d %" PRIPTR " %" PRIPTR " %s (%s)\n", label, *sp, stack_content, map_name, func_name.c_str()); } } else { if (offset) { - _LOG(log, scope_flags, " %08x %08x %s (%s+%u)\n", + _LOG(log, logtype::STACK, " %" PRIPTR " %" PRIPTR " %s (%s+%" PRIuPTR ")\n", *sp, stack_content, map_name, func_name.c_str(), offset); } else { - _LOG(log, scope_flags, " %08x %08x %s (%s)\n", + _LOG(log, logtype::STACK, " %" PRIPTR " %" PRIPTR " %s (%s)\n", *sp, stack_content, map_name, func_name.c_str()); } } } else { if (!i && label >= 0) { - _LOG(log, scope_flags, " #%02d %08x %08x %s\n", + _LOG(log, logtype::STACK, " #%02d %" PRIPTR " %" PRIPTR " %s\n", label, *sp, stack_content, map_name); } else { - _LOG(log, scope_flags, " %08x %08x %s\n", + _LOG(log, logtype::STACK, " %" PRIPTR " %" PRIPTR " %s\n", *sp, stack_content, map_name); } } - *sp += sizeof(uint32_t); + *sp += sizeof(word_t); } } -static void dump_stack(Backtrace* backtrace, log_t* log, int scope_flags) { +static void dump_stack(Backtrace* backtrace, log_t* log) { size_t first = 0, last; for (size_t i = 0; i < backtrace->NumFrames(); i++) { const backtrace_frame_data_t* frame = backtrace->GetFrame(i); @@ -289,127 +289,111 @@ static void dump_stack(Backtrace* backtrace, log_t* log, int scope_flags) { } first--; - scope_flags |= SCOPE_SENSITIVE; - // Dump a few words before the first frame. - uintptr_t sp = backtrace->GetFrame(first)->sp - STACK_WORDS * sizeof(uint32_t); - dump_stack_segment(backtrace, log, scope_flags, &sp, STACK_WORDS, -1); + word_t sp = backtrace->GetFrame(first)->sp - STACK_WORDS * sizeof(word_t); + dump_stack_segment(backtrace, log, &sp, STACK_WORDS, -1); // Dump a few words from all successive frames. // Only log the first 3 frames, put the rest in the tombstone. for (size_t i = first; i <= last; i++) { const backtrace_frame_data_t* frame = backtrace->GetFrame(i); if (sp != frame->sp) { - _LOG(log, scope_flags, " ........ ........\n"); + _LOG(log, logtype::STACK, " ........ ........\n"); sp = frame->sp; } - if (i - first == 3) { - scope_flags &= (~SCOPE_AT_FAULT); - } if (i == last) { - dump_stack_segment(backtrace, log, scope_flags, &sp, STACK_WORDS, i); + dump_stack_segment(backtrace, log, &sp, STACK_WORDS, i); if (sp < frame->sp + frame->stack_size) { - _LOG(log, scope_flags, " ........ ........\n"); + _LOG(log, logtype::STACK, " ........ ........\n"); } } else { - size_t words = frame->stack_size / sizeof(uint32_t); + size_t words = frame->stack_size / sizeof(word_t); if (words == 0) { words = 1; } else if (words > STACK_WORDS) { words = STACK_WORDS; } - dump_stack_segment(backtrace, log, scope_flags, &sp, words, i); + dump_stack_segment(backtrace, log, &sp, words, i); } } } -static void dump_backtrace_and_stack(Backtrace* backtrace, log_t* log, int scope_flags) { +static void dump_backtrace_and_stack(Backtrace* backtrace, log_t* log) { if (backtrace->NumFrames()) { - _LOG(log, scope_flags, "\nbacktrace:\n"); - dump_backtrace_to_log(backtrace, log, scope_flags, " "); + _LOG(log, logtype::BACKTRACE, "\nbacktrace:\n"); + dump_backtrace_to_log(backtrace, log, " "); - _LOG(log, scope_flags, "\nstack:\n"); - dump_stack(backtrace, log, scope_flags); + _LOG(log, logtype::STACK, "\nstack:\n"); + dump_stack(backtrace, log); } } -static void dump_map(log_t* log, const backtrace_map_t* map, const char* what, int scope_flags) { - if (map != NULL) { - _LOG(log, scope_flags, " %08x-%08x %c%c%c %s\n", map->start, map->end, +static void dump_map(log_t* log, const backtrace_map_t* map, bool fault_addr) { + _LOG(log, logtype::MAPS, "%s%" PRIPTR "-%" PRIPTR " %c%c%c %7" PRIdPTR " %s\n", + (fault_addr? "--->" : " "), map->start, map->end - 1, (map->flags & PROT_READ) ? 'r' : '-', (map->flags & PROT_WRITE) ? 'w' : '-', - (map->flags & PROT_EXEC) ? 'x' : '-', map->name.c_str()); - } else { - _LOG(log, scope_flags, " (no %s)\n", what); - } + (map->flags & PROT_EXEC) ? 'x' : '-', + (map->end - map->start), map->name.c_str()); } -static void dump_nearby_maps(BacktraceMap* map, log_t* log, pid_t tid, int scope_flags) { - scope_flags |= SCOPE_SENSITIVE; +static void dump_nearby_maps(BacktraceMap* map, log_t* log, pid_t tid) { siginfo_t si; memset(&si, 0, sizeof(si)); if (ptrace(PTRACE_GETSIGINFO, tid, 0, &si)) { - _LOG(log, scope_flags, "cannot get siginfo for %d: %s\n", tid, strerror(errno)); - return; - } - if (!signal_has_address(si.si_signo)) { + _LOG(log, logtype::MAPS, "cannot get siginfo for %d: %s\n", tid, strerror(errno)); return; } + bool is_running = (si.si_code == SI_USER); uintptr_t addr = reinterpret_cast<uintptr_t>(si.si_addr); addr &= ~0xfff; // round to 4K page boundary - if (addr == 0) { // null-pointer deref + if (!is_running && addr == 0) { // null-pointer deref return; } - _LOG(log, scope_flags, "\nmemory map around fault addr %" PRIxPTR ":\n", - reinterpret_cast<uintptr_t>(si.si_addr)); + _LOG(log, logtype::MAPS, "\nmemory map: %s\n", is_running? "" : "(fault address prefixed with --->)"); - // Search for a match, or for a hole where the match would be. The list - // is backward from the file content, so it starts at high addresses. - const backtrace_map_t* cur_map = NULL; - const backtrace_map_t* next_map = NULL; - const backtrace_map_t* prev_map = NULL; + if(!is_running && (addr < map->begin()->start)) { + _LOG(log, logtype::MAPS, "--->Fault address falls at %" PRIPTR " before any mapped regions\n", addr); + } + + BacktraceMap::const_iterator prev = map->begin(); for (BacktraceMap::const_iterator it = map->begin(); it != map->end(); ++it) { - if (addr >= it->start && addr < it->end) { - cur_map = &*it; - if (it != map->begin()) { - prev_map = &*(it-1); - } - if (++it != map->end()) { - next_map = &*it; - } - break; + if (addr >= (*prev).end && addr < (*it).start) { + _LOG(log, logtype::MAPS, "--->Fault address falls at %" PRIPTR " between mapped regions\n", addr); } + prev = it; + bool in_map = !is_running && (addr >= (*it).start) && (addr < (*it).end); + dump_map(log, &*it, in_map); + } + if (!is_running && (addr >= (*prev).end)) { + _LOG(log, logtype::MAPS, "--->Fault address falls at %" PRIPTR " after any mapped regions\n", addr); } - - // Show the map address in ascending order (like /proc/pid/maps). - dump_map(log, prev_map, "map below", scope_flags); - dump_map(log, cur_map, "map for address", scope_flags); - dump_map(log, next_map, "map above", scope_flags); } static void dump_thread( - Backtrace* backtrace, log_t* log, int scope_flags, int* total_sleep_time_usec) { + Backtrace* backtrace, log_t* log, int* total_sleep_time_usec) { + wait_for_stop(backtrace->Tid(), total_sleep_time_usec); - dump_registers(log, backtrace->Tid(), scope_flags); - dump_backtrace_and_stack(backtrace, log, scope_flags); - if (IS_AT_FAULT(scope_flags)) { - dump_memory_and_code(log, backtrace->Tid(), scope_flags); - dump_nearby_maps(backtrace->GetMap(), log, backtrace->Tid(), scope_flags); - } + dump_registers(log, backtrace->Tid()); + dump_backtrace_and_stack(backtrace, log); + + dump_memory_and_code(log, backtrace->Tid()); + dump_nearby_maps(backtrace->GetMap(), log, backtrace->Tid()); } // Return true if some thread is not detached cleanly static bool dump_sibling_thread_report( log_t* log, pid_t pid, pid_t tid, int* total_sleep_time_usec, BacktraceMap* map) { char task_path[64]; + snprintf(task_path, sizeof(task_path), "/proc/%d/task", pid); DIR* d = opendir(task_path); // Bail early if the task directory cannot be opened if (d == NULL) { - XLOG("Cannot open /proc/%d/task\n", pid); + ALOGE("Cannot open /proc/%d/task\n", pid); return false; } @@ -430,19 +414,23 @@ static bool dump_sibling_thread_report( // Skip this thread if cannot ptrace it if (ptrace(PTRACE_ATTACH, new_tid, 0, 0) < 0) { + _LOG(log, logtype::ERROR, "ptrace attach to %d failed: %s\n", new_tid, strerror(errno)); continue; } - _LOG(log, 0, "--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---\n"); - dump_thread_info(log, pid, new_tid, 0); + log->current_tid = new_tid; + _LOG(log, logtype::THREAD, "--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---\n"); + dump_thread_info(log, pid, new_tid); UniquePtr<Backtrace> backtrace(Backtrace::Create(pid, new_tid, map)); if (backtrace->Unwind(0)) { - dump_thread(backtrace.get(), log, 0, total_sleep_time_usec); + dump_thread(backtrace.get(), log, total_sleep_time_usec); } + log->current_tid = log->crashed_tid; + if (ptrace(PTRACE_DETACH, new_tid, 0, 0) != 0) { - LOG("ptrace detach from %d failed: %s\n", new_tid, strerror(errno)); + _LOG(log, logtype::ERROR, "ptrace detach from %d failed: %s\n", new_tid, strerror(errno)); detach_failed = true; } } @@ -454,17 +442,19 @@ static bool dump_sibling_thread_report( // Reads the contents of the specified log device, filters out the entries // that don't match the specified pid, and writes them to the tombstone file. // -// If "tail" is set, we only print the last few lines. -static void dump_log_file(log_t* log, pid_t pid, const char* filename, - unsigned int tail) { +// If "tail" is non-zero, log the last "tail" number of lines. +static EventTagMap* g_eventTagMap = NULL; + +static void dump_log_file( + log_t* log, pid_t pid, const char* filename, unsigned int tail) { bool first = true; - struct logger_list *logger_list; + struct logger_list* logger_list; logger_list = android_logger_list_open( - android_name_to_log_id(filename), O_RDONLY | O_NONBLOCK, tail, pid); + android_name_to_log_id(filename), O_RDONLY | O_NONBLOCK, tail, pid); if (!logger_list) { - XLOG("Unable to open %s: %s\n", filename, strerror(errno)); + ALOGE("Unable to open %s: %s\n", filename, strerror(errno)); return; } @@ -472,6 +462,7 @@ static void dump_log_file(log_t* log, pid_t pid, const char* filename, while (true) { ssize_t actual = android_logger_list_read(logger_list, &log_entry); + struct logger_entry* entry; if (actual < 0) { if (actual == -EINTR) { @@ -481,29 +472,25 @@ static void dump_log_file(log_t* log, pid_t pid, const char* filename, // non-blocking EOF; we're done break; } else { - _LOG(log, 0, "Error while reading log: %s\n", + _LOG(log, logtype::ERROR, "Error while reading log: %s\n", strerror(-actual)); break; } } else if (actual == 0) { - _LOG(log, 0, "Got zero bytes while reading log: %s\n", + _LOG(log, logtype::ERROR, "Got zero bytes while reading log: %s\n", strerror(errno)); break; } - // NOTE: if you XLOG something here, this will spin forever, + // NOTE: if you ALOGV something here, this will spin forever, // because you will be writing as fast as you're reading. Any // high-frequency debug diagnostics should just be written to // the tombstone file. - struct logger_entry* entry = &log_entry.entry_v1; - if (entry->pid != static_cast<int32_t>(pid)) { - // wrong pid, ignore - continue; - } + entry = &log_entry.entry_v1; if (first) { - _LOG(log, 0, "--------- %slog %s\n", + _LOG(log, logtype::LOGS, "--------- %slog %s\n", tail ? "tail end of " : "", filename); first = false; } @@ -517,7 +504,28 @@ static void dump_log_file(log_t* log, pid_t pid, const char* filename, if (!hdr_size) { hdr_size = sizeof(log_entry.entry_v1); } - char* msg = (char *)log_entry.buf + hdr_size; + char* msg = reinterpret_cast<char*>(log_entry.buf) + hdr_size; + + char timeBuf[32]; + time_t sec = static_cast<time_t>(entry->sec); + struct tm tmBuf; + struct tm* ptm; + ptm = localtime_r(&sec, &tmBuf); + strftime(timeBuf, sizeof(timeBuf), "%m-%d %H:%M:%S", ptm); + + if (log_entry.id() == LOG_ID_EVENTS) { + if (!g_eventTagMap) { + g_eventTagMap = android_openEventTagMap(EVENT_TAG_MAP_FILE); + } + AndroidLogEntry e; + char buf[512]; + android_log_processBinaryLogBuffer(entry, &e, g_eventTagMap, buf, sizeof(buf)); + _LOG(log, logtype::LOGS, "%s.%03d %5d %5d %c %-8s: %s\n", + timeBuf, entry->nsec / 1000000, entry->pid, entry->tid, + 'I', e.tag, e.message); + continue; + } + unsigned char prio = msg[0]; char* tag = msg + 1; msg = tag + strlen(tag) + 1; @@ -525,18 +533,11 @@ static void dump_log_file(log_t* log, pid_t pid, const char* filename, // consume any trailing newlines char* nl = msg + strlen(msg) - 1; while (nl >= msg && *nl == '\n') { - *nl-- = '\0'; + *nl-- = '\0'; } char prioChar = (prio < strlen(kPrioChars) ? kPrioChars[prio] : '?'); - char timeBuf[32]; - time_t sec = static_cast<time_t>(entry->sec); - struct tm tmBuf; - struct tm* ptm; - ptm = localtime_r(&sec, &tmBuf); - strftime(timeBuf, sizeof(timeBuf), "%m-%d %H:%M:%S", ptm); - // Look for line breaks ('\n') and display each text line // on a separate line, prefixed with the header, like logcat does. do { @@ -546,10 +547,9 @@ static void dump_log_file(log_t* log, pid_t pid, const char* filename, ++nl; } - _LOG(log, 0, "%s.%03d %5d %5d %c %-8s: %s\n", + _LOG(log, logtype::LOGS, "%s.%03d %5d %5d %c %-8s: %s\n", timeBuf, entry->nsec / 1000000, entry->pid, entry->tid, prioChar, tag, msg); - } while ((msg = nl)); } @@ -558,7 +558,7 @@ static void dump_log_file(log_t* log, pid_t pid, const char* filename, // Dumps the logs generated by the specified pid to the tombstone, from both // "system" and "main" log devices. Ideally we'd interleave the output. -static void dump_logs(log_t* log, pid_t pid, unsigned tail) { +static void dump_logs(log_t* log, pid_t pid, unsigned int tail) { dump_log_file(log, pid, "system", tail); dump_log_file(log, pid, "main", tail); } @@ -574,33 +574,25 @@ static void dump_abort_message(Backtrace* backtrace, log_t* log, uintptr_t addre memset(msg, 0, sizeof(msg)); char* p = &msg[0]; while (p < &msg[sizeof(msg)]) { - uint32_t data; + word_t data; + size_t len = sizeof(word_t); if (!backtrace->ReadWord(address, &data)) { break; } - address += sizeof(uint32_t); + address += sizeof(word_t); - if ((*p++ = (data >> 0) & 0xff) == 0) { - break; - } - if ((*p++ = (data >> 8) & 0xff) == 0) { - break; - } - if ((*p++ = (data >> 16) & 0xff) == 0) { - break; - } - if ((*p++ = (data >> 24) & 0xff) == 0) { - break; - } + while (len > 0 && (*p++ = (data >> (sizeof(word_t) - len) * 8) & 0xff) != 0) + len--; } msg[sizeof(msg) - 1] = '\0'; - _LOG(log, SCOPE_AT_FAULT, "Abort message: '%s'\n", msg); + _LOG(log, logtype::HEADER, "Abort message: '%s'\n", msg); } // Dumps all information about the specified pid to the tombstone. -static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal, uintptr_t abort_msg_address, - bool dump_sibling_threads, int* total_sleep_time_usec) { +static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal, int si_code, + uintptr_t abort_msg_address, bool dump_sibling_threads, + int* total_sleep_time_usec) { // don't copy log messages to tombstone unless this is a dev device char value[PROPERTY_VALUE_MAX]; property_get("ro.debuggable", value, "0"); @@ -616,20 +608,20 @@ static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal, uintptr_t a TEMP_FAILURE_RETRY( write(log->amfd, &datum, 4) ); } - _LOG(log, SCOPE_AT_FAULT, + _LOG(log, logtype::HEADER, "*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***\n"); - dump_build_info(log); - dump_revision_info(log); - dump_thread_info(log, pid, tid, SCOPE_AT_FAULT); + dump_header_info(log); + dump_thread_info(log, pid, tid); + if (signal) { - dump_fault_addr(log, tid, signal); + dump_signal_info(log, tid, signal, si_code); } UniquePtr<BacktraceMap> map(BacktraceMap::Create(pid)); UniquePtr<Backtrace> backtrace(Backtrace::Create(pid, tid, map.get())); if (backtrace->Unwind(0)) { dump_abort_message(backtrace.get(), log, abort_msg_address); - dump_thread(backtrace.get(), log, SCOPE_AT_FAULT, total_sleep_time_usec); + dump_thread(backtrace.get(), log, total_sleep_time_usec); } if (want_logs) { @@ -663,24 +655,19 @@ static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal, uintptr_t a // // Returns the path of the tombstone file, allocated using malloc(). Caller must free() it. static char* find_and_open_tombstone(int* fd) { - unsigned long mtime = ULONG_MAX; - struct stat sb; - - // XXX: Our stat.st_mtime isn't time_t. If it changes, as it probably ought - // to, our logic breaks. This check will generate a warning if that happens. - typecheck(mtime, sb.st_mtime); - - // In a single wolf-like pass, find an available slot and, in case none + // In a single pass, find an available slot and, in case none // exist, find and record the least-recently-modified file. char path[128]; - int oldest = 0; + int oldest = -1; + struct stat oldest_sb; for (int i = 0; i < MAX_TOMBSTONES; i++) { - snprintf(path, sizeof(path), TOMBSTONE_DIR"/tombstone_%02d", i); + snprintf(path, sizeof(path), TOMBSTONE_TEMPLATE, i); + struct stat sb; if (!stat(path, &sb)) { - if (sb.st_mtime < mtime) { + if (oldest < 0 || sb.st_mtime < oldest_sb.st_mtime) { oldest = i; - mtime = sb.st_mtime; + oldest_sb.st_mtime = sb.st_mtime; } continue; } @@ -695,11 +682,16 @@ static char* find_and_open_tombstone(int* fd) { return strdup(path); } + if (oldest < 0) { + ALOGE("Failed to find a valid tombstone, default to using tombstone 0.\n"); + oldest = 0; + } + // we didn't find an available file, so we clobber the oldest one - snprintf(path, sizeof(path), TOMBSTONE_DIR"/tombstone_%02d", oldest); + snprintf(path, sizeof(path), TOMBSTONE_TEMPLATE, oldest); *fd = open(path, O_CREAT | O_TRUNC | O_WRONLY, 0600); if (*fd < 0) { - LOG("failed to open tombstone file '%s': %s\n", path, strerror(errno)); + ALOGE("failed to open tombstone file '%s': %s\n", path, strerror(errno)); return NULL; } fchown(*fd, AID_SYSTEM, AID_SYSTEM); @@ -736,35 +728,45 @@ static int activity_manager_connect() { return amfd; } -char* engrave_tombstone( - pid_t pid, pid_t tid, int signal, uintptr_t abort_msg_address, bool dump_sibling_threads, - bool quiet, bool* detach_failed, int* total_sleep_time_usec) { - mkdir(TOMBSTONE_DIR, 0755); - chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM); +char* engrave_tombstone(pid_t pid, pid_t tid, int signal, int original_si_code, + uintptr_t abort_msg_address, bool dump_sibling_threads, + bool* detach_failed, int* total_sleep_time_usec) { + + log_t log; + log.current_tid = tid; + log.crashed_tid = tid; + + if ((mkdir(TOMBSTONE_DIR, 0755) == -1) && (errno != EEXIST)) { + _LOG(&log, logtype::ERROR, "failed to create %s: %s\n", TOMBSTONE_DIR, strerror(errno)); + } + + if (chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM) == -1) { + _LOG(&log, logtype::ERROR, "failed to change ownership of %s: %s\n", TOMBSTONE_DIR, strerror(errno)); + } int fd = -1; char* path = NULL; - if (selinux_android_restorecon(TOMBSTONE_DIR) == 0) { + if (selinux_android_restorecon(TOMBSTONE_DIR, 0) == 0) { path = find_and_open_tombstone(&fd); } else { - LOG("Failed to restore security context, not writing tombstone.\n"); + _LOG(&log, logtype::ERROR, "Failed to restore security context, not writing tombstone.\n"); } - if (fd < 0 && quiet) { - LOG("Skipping tombstone write, nothing to do.\n"); + if (fd < 0) { + _LOG(&log, logtype::ERROR, "Skipping tombstone write, nothing to do.\n"); *detach_failed = false; return NULL; } - log_t log; log.tfd = fd; // Preserve amfd since it can be modified through the calls below without // being closed. int amfd = activity_manager_connect(); log.amfd = amfd; - log.quiet = quiet; - *detach_failed = dump_crash( - &log, pid, tid, signal, abort_msg_address, dump_sibling_threads, total_sleep_time_usec); + *detach_failed = dump_crash(&log, pid, tid, signal, original_si_code, abort_msg_address, + dump_sibling_threads, total_sleep_time_usec); + + ALOGI("\nTombstone written to: %s\n", path); // Either of these file descriptors can be -1, any error is ignored. close(amfd); diff --git a/debuggerd/tombstone.h b/debuggerd/tombstone.h index e9878bf..7e2b2fe 100644 --- a/debuggerd/tombstone.h +++ b/debuggerd/tombstone.h @@ -23,7 +23,9 @@ /* Creates a tombstone file and writes the crash dump to it. * Returns the path of the tombstone, which must be freed using free(). */ -char* engrave_tombstone(pid_t pid, pid_t tid, int signal, uintptr_t abort_msg_address, - bool dump_sibling_threads, bool quiet, bool* detach_failed, int* total_sleep_time_usec); +char* engrave_tombstone(pid_t pid, pid_t tid, int signal, int original_si_code, + uintptr_t abort_msg_address, + bool dump_sibling_threads, bool* detach_failed, + int* total_sleep_time_usec); #endif // _DEBUGGERD_TOMBSTONE_H diff --git a/debuggerd/utility.cpp b/debuggerd/utility.cpp index 35f061e..a163344 100644 --- a/debuggerd/utility.cpp +++ b/debuggerd/utility.cpp @@ -14,19 +14,19 @@ * limitations under the License. */ -#include <stddef.h> -#include <stdio.h> -#include <string.h> +#define LOG_TAG "DEBUG" + +#include "utility.h" + #include <errno.h> -#include <unistd.h> #include <signal.h> -#include <log/logd.h> +#include <string.h> +#include <unistd.h> #include <sys/ptrace.h> #include <sys/wait.h> -#include <arpa/inet.h> -#include <assert.h> -#include "utility.h" +#include <backtrace/Backtrace.h> +#include <log/log.h> const int sleep_time_usec = 50000; // 0.05 seconds const int max_total_sleep_usec = 10000000; // 10 seconds @@ -34,10 +34,10 @@ const int max_total_sleep_usec = 10000000; // 10 seconds static int write_to_am(int fd, const char* buf, int len) { int to_write = len; while (to_write > 0) { - int written = TEMP_FAILURE_RETRY( write(fd, buf + len - to_write, to_write) ); + int written = TEMP_FAILURE_RETRY(write(fd, buf + len - to_write, to_write)); if (written < 0) { // hard failure - LOG("AM write failure (%d / %s)\n", errno, strerror(errno)); + ALOGE("AM write failure (%d / %s)\n", errno, strerror(errno)); return -1; } to_write -= written; @@ -45,35 +45,41 @@ static int write_to_am(int fd, const char* buf, int len) { return len; } -void _LOG(log_t* log, int scopeFlags, const char* fmt, ...) { - char buf[512]; - bool want_tfd_write; - bool want_log_write; - bool want_amfd_write; - int len = 0; +// Whitelist output desired in the logcat output. +bool is_allowed_in_logcat(enum logtype ltype) { + if ((ltype == ERROR) + || (ltype == HEADER) + || (ltype == REGISTERS) + || (ltype == BACKTRACE)) { + return true; + } + return false; +} +void _LOG(log_t* log, enum logtype ltype, const char* fmt, ...) { + bool write_to_tombstone = (log->tfd != -1); + bool write_to_logcat = is_allowed_in_logcat(ltype) + && (log->crashed_tid == log->current_tid); + bool write_to_activitymanager = (log->amfd != -1); + + char buf[512]; va_list ap; va_start(ap, fmt); + vsnprintf(buf, sizeof(buf), fmt, ap); + va_end(ap); - // where is the information going to go? - want_tfd_write = log && log->tfd >= 0; - want_log_write = IS_AT_FAULT(scopeFlags) && (!log || !log->quiet); - want_amfd_write = IS_AT_FAULT(scopeFlags) && !IS_SENSITIVE(scopeFlags) && log && log->amfd >= 0; - - // if we're going to need the literal string, generate it once here - if (want_tfd_write || want_amfd_write) { - vsnprintf(buf, sizeof(buf), fmt, ap); - len = strlen(buf); + size_t len = strlen(buf); + if (len <= 0) { + return; } - if (want_tfd_write) { - write(log->tfd, buf, len); + if (write_to_tombstone) { + TEMP_FAILURE_RETRY(write(log->tfd, buf, len)); } - if (want_log_write) { - // whatever goes to logcat also goes to the Activity Manager - __android_log_vprint(ANDROID_LOG_INFO, "DEBUG", fmt, ap); - if (want_amfd_write && len > 0) { + if (write_to_logcat) { + __android_log_buf_write(LOG_ID_CRASH, ANDROID_LOG_INFO, LOG_TAG, buf); + if (write_to_activitymanager) { int written = write_to_am(log->amfd, buf, len); if (written <= 0) { // timeout or other failure on write; stop informing the activity manager @@ -81,7 +87,6 @@ void _LOG(log_t* log, int scopeFlags, const char* fmt, ...) { } } } - va_end(ap); } int wait_for_signal(pid_t tid, int* total_sleep_time_usec) { @@ -91,25 +96,25 @@ int wait_for_signal(pid_t tid, int* total_sleep_time_usec) { if (n < 0) { if (errno == EAGAIN) continue; - LOG("waitpid failed: %s\n", strerror(errno)); + ALOGE("waitpid failed: %s\n", strerror(errno)); return -1; } else if (n > 0) { - XLOG("waitpid: n=%d status=%08x\n", n, status); + ALOGV("waitpid: n=%d status=%08x\n", n, status); if (WIFSTOPPED(status)) { return WSTOPSIG(status); } else { - LOG("unexpected waitpid response: n=%d, status=%08x\n", n, status); + ALOGE("unexpected waitpid response: n=%d, status=%08x\n", n, status); return -1; } } if (*total_sleep_time_usec > max_total_sleep_usec) { - LOG("timed out waiting for tid=%d to die\n", tid); + ALOGE("timed out waiting for tid=%d to die\n", tid); return -1; } // not ready yet - XLOG("not ready yet\n"); + ALOGV("not ready yet\n"); usleep(sleep_time_usec); *total_sleep_time_usec += sleep_time_usec; } @@ -119,7 +124,7 @@ void wait_for_stop(pid_t tid, int* total_sleep_time_usec) { siginfo_t si; while (TEMP_FAILURE_RETRY(ptrace(PTRACE_GETSIGINFO, tid, 0, &si)) < 0 && errno == ESRCH) { if (*total_sleep_time_usec > max_total_sleep_usec) { - LOG("timed out waiting for tid=%d to stop\n", tid); + ALOGE("timed out waiting for tid=%d to stop\n", tid); break; } @@ -127,3 +132,77 @@ void wait_for_stop(pid_t tid, int* total_sleep_time_usec) { *total_sleep_time_usec += sleep_time_usec; } } + +#if defined (__mips__) +#define DUMP_MEMORY_AS_ASCII 1 +#else +#define DUMP_MEMORY_AS_ASCII 0 +#endif + +void dump_memory(log_t* log, pid_t tid, uintptr_t addr) { + char code_buffer[64]; + char ascii_buffer[32]; + uintptr_t p, end; + + p = addr & ~(sizeof(long) - 1); + /* Dump 32 bytes before addr */ + p -= 32; + if (p > addr) { + /* catch underflow */ + p = 0; + } + /* Dump 256 bytes */ + end = p + 256; + /* catch overflow; 'end - p' has to be multiples of 16 */ + while (end < p) { + end -= 16; + } + + /* Dump the code around PC as: + * addr contents ascii + * 0000000000008d34 ef000000e8bd0090 e1b00000512fff1e ............../Q + * 0000000000008d44 ea00b1f9e92d0090 e3a070fcef000000 ......-..p...... + * On 32-bit machines, there are still 16 bytes per line but addresses and + * words are of course presented differently. + */ + while (p < end) { + char* asc_out = ascii_buffer; + + int len = snprintf(code_buffer, sizeof(code_buffer), "%" PRIPTR " ", p); + + for (size_t i = 0; i < 16/sizeof(long); i++) { + long data = ptrace(PTRACE_PEEKTEXT, tid, (void*)p, NULL); + if (data == -1 && errno != 0) { + // ptrace failed, probably because we're dumping memory in an + // unmapped or inaccessible page. +#ifdef __LP64__ + len += sprintf(code_buffer + len, "---------------- "); +#else + len += sprintf(code_buffer + len, "-------- "); +#endif + } else { + len += sprintf(code_buffer + len, "%" PRIPTR " ", + static_cast<uintptr_t>(data)); + } + +#if DUMP_MEMORY_AS_ASCII + for (size_t j = 0; j < sizeof(long); j++) { + /* + * Our isprint() allows high-ASCII characters that display + * differently (often badly) in different viewers, so we + * just use a simpler test. + */ + char val = (data >> (j*8)) & 0xff; + if (val >= 0x20 && val < 0x7f) { + *asc_out++ = val; + } else { + *asc_out++ = '.'; + } + } +#endif + p += sizeof(long); + } + *asc_out = '\0'; + _LOG(log, logtype::MEMORY, " %s %s\n", code_buffer, ascii_buffer); + } +} diff --git a/debuggerd/utility.h b/debuggerd/utility.h index 1f006ed..f2e2d29 100644 --- a/debuggerd/utility.h +++ b/debuggerd/utility.h @@ -18,49 +18,56 @@ #ifndef _DEBUGGERD_UTILITY_H #define _DEBUGGERD_UTILITY_H -#include <stddef.h> #include <stdbool.h> +#include <sys/types.h> + +// Figure out the abi based on defined macros. +#if defined(__arm__) +#define ABI_STRING "arm" +#elif defined(__aarch64__) +#define ABI_STRING "arm64" +#elif defined(__mips__) +#define ABI_STRING "mips" +#elif defined(__i386__) +#define ABI_STRING "x86" +#elif defined(__x86_64__) +#define ABI_STRING "x86_64" +#else +#error "Unsupported ABI" +#endif + typedef struct { /* tombstone file descriptor */ int tfd; /* Activity Manager socket file descriptor */ int amfd; - /* if true, does not log anything to the Android logcat or Activity Manager */ - bool quiet; + // The tid of the thread that crashed. + pid_t crashed_tid; + // The tid of the thread we are currently working with. + pid_t current_tid; } log_t; -/* Log information onto the tombstone. scopeFlags is a bitmask of the flags defined - * here. */ -void _LOG(log_t* log, int scopeFlags, const char *fmt, ...) - __attribute__ ((format(printf, 3, 4))); - -/* The message pertains specifically to the faulting thread / process */ -#define SCOPE_AT_FAULT (1 << 0) -/* The message contains sensitive information such as RAM contents */ -#define SCOPE_SENSITIVE (1 << 1) - -#define IS_AT_FAULT(x) (((x) & SCOPE_AT_FAULT) != 0) -#define IS_SENSITIVE(x) (((x) & SCOPE_SENSITIVE) != 0) - -/* Further helpful macros */ -#define LOG(fmt...) _LOG(NULL, SCOPE_AT_FAULT, fmt) +// List of types of logs to simplify the logging decision in _LOG +enum logtype { + ERROR, + HEADER, + THREAD, + REGISTERS, + BACKTRACE, + MAPS, + MEMORY, + STACK, + LOGS +}; -/* Set to 1 for normal debug traces */ -#if 0 -#define XLOG(fmt...) _LOG(NULL, SCOPE_AT_FAULT, fmt) -#else -#define XLOG(fmt...) do {} while(0) -#endif - -/* Set to 1 for chatty debug traces. Includes all resolved dynamic symbols */ -#if 0 -#define XLOG2(fmt...) _LOG(NULL, SCOPE_AT_FAULT, fmt) -#else -#define XLOG2(fmt...) do {} while(0) -#endif +/* Log information onto the tombstone. */ +void _LOG(log_t* log, logtype ltype, const char *fmt, ...) + __attribute__ ((format(printf, 3, 4))); int wait_for_signal(pid_t tid, int* total_sleep_time_usec); void wait_for_stop(pid_t tid, int* total_sleep_time_usec); +void dump_memory(log_t* log, pid_t tid, uintptr_t addr); + #endif // _DEBUGGERD_UTILITY_H diff --git a/debuggerd/vfp-crasher.c b/debuggerd/vfp-crasher.c deleted file mode 100644 index 7a19cdd..0000000 --- a/debuggerd/vfp-crasher.c +++ /dev/null @@ -1,7 +0,0 @@ -int main() -{ - extern void crash(void); - - crash(); - return 0; -} diff --git a/debuggerd/vfp.S b/debuggerd/vfp.S deleted file mode 100644 index 9744f6f..0000000 --- a/debuggerd/vfp.S +++ /dev/null @@ -1,43 +0,0 @@ - .text - .align 2 - .global crash - .type crash, %function -crash: - fconstd d0, #0 - fconstd d1, #1 - fconstd d2, #2 - fconstd d3, #3 - fconstd d4, #4 - fconstd d5, #5 - fconstd d6, #6 - fconstd d7, #7 - fconstd d8, #8 - fconstd d9, #9 - fconstd d10, #10 - fconstd d11, #11 - fconstd d12, #12 - fconstd d13, #13 - fconstd d14, #14 - fconstd d15, #15 -#ifdef WITH_VFP_D32 - fconstd d16, #16 - fconstd d17, #17 - fconstd d18, #18 - fconstd d19, #19 - fconstd d20, #20 - fconstd d21, #21 - fconstd d22, #22 - fconstd d23, #23 - fconstd d24, #24 - fconstd d25, #25 - fconstd d26, #26 - fconstd d27, #27 - fconstd d28, #28 - fconstd d29, #29 - fconstd d30, #30 - fconstd d31, #31 -#endif - mov r0, #0 - str r0, [r0] - bx lr - diff --git a/debuggerd/x86/machine.cpp b/debuggerd/x86/machine.cpp index 141f19a..57330c1 100644 --- a/debuggerd/x86/machine.cpp +++ b/debuggerd/x86/machine.cpp @@ -25,21 +25,21 @@ #include "../utility.h" #include "../machine.h" -void dump_memory_and_code(log_t* log, pid_t tid, int scope_flags) { +void dump_memory_and_code(log_t*, pid_t) { } -void dump_registers(log_t* log, pid_t tid, int scope_flags) { +void dump_registers(log_t* log, pid_t tid) { struct pt_regs r; if (ptrace(PTRACE_GETREGS, tid, 0, &r) == -1) { - _LOG(log, scope_flags, "cannot get registers: %s\n", strerror(errno)); + _LOG(log, logtype::ERROR, "cannot get registers: %s\n", strerror(errno)); return; } - _LOG(log, scope_flags, " eax %08lx ebx %08lx ecx %08lx edx %08lx\n", + _LOG(log, logtype::REGISTERS, " eax %08lx ebx %08lx ecx %08lx edx %08lx\n", r.eax, r.ebx, r.ecx, r.edx); - _LOG(log, scope_flags, " esi %08lx edi %08lx\n", + _LOG(log, logtype::REGISTERS, " esi %08lx edi %08lx\n", r.esi, r.edi); - _LOG(log, scope_flags, " xcs %08x xds %08x xes %08x xfs %08x xss %08x\n", + _LOG(log, logtype::REGISTERS, " xcs %08x xds %08x xes %08x xfs %08x xss %08x\n", r.xcs, r.xds, r.xes, r.xfs, r.xss); - _LOG(log, scope_flags, " eip %08lx ebp %08lx esp %08lx flags %08lx\n", + _LOG(log, logtype::REGISTERS, " eip %08lx ebp %08lx esp %08lx flags %08lx\n", r.eip, r.ebp, r.esp, r.eflags); } diff --git a/debuggerd/x86_64/crashglue.S b/debuggerd/x86_64/crashglue.S new file mode 100644 index 0000000..4d2a5c0 --- /dev/null +++ b/debuggerd/x86_64/crashglue.S @@ -0,0 +1,15 @@ +.globl crash1 +.globl crashnostack + +crash1: + movl $0xa5a50000, %eax + movl $0xa5a50001, %ebx + movl $0xa5a50002, %ecx + + movl $0, %edx + jmp *%rdx + + +crashnostack: + movl $0, %ebp + jmp *%rbp diff --git a/debuggerd/x86_64/machine.cpp b/debuggerd/x86_64/machine.cpp new file mode 100755 index 0000000..af4f35a --- /dev/null +++ b/debuggerd/x86_64/machine.cpp @@ -0,0 +1,51 @@ +/* +** Copyright 2013, The Android Open Source Project +** +** Licensed under the Apache License, Version 2.0 (the "License"); +** you may not use this file except in compliance with the License. +** You may obtain a copy of the License at +** +** http://www.apache.org/licenses/LICENSE-2.0 +** +** Unless required by applicable law or agreed to in writing, software +** distributed under the License is distributed on an "AS IS" BASIS, +** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +** See the License for the specific language governing permissions and +** limitations under the License. +*/ + +#include <stddef.h> +#include <stdbool.h> +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/ptrace.h> +#include <sys/user.h> + +#include "../utility.h" +#include "../machine.h" + +void dump_memory_and_code(log_t*, pid_t) { +} + +void dump_registers(log_t* log, pid_t tid) { + struct user_regs_struct r; + if (ptrace(PTRACE_GETREGS, tid, 0, &r) == -1) { + _LOG(log, logtype::ERROR, "cannot get registers: %s\n", strerror(errno)); + return; + } + _LOG(log, logtype::REGISTERS, " rax %016lx rbx %016lx rcx %016lx rdx %016lx\n", + r.rax, r.rbx, r.rcx, r.rdx); + _LOG(log, logtype::REGISTERS, " rsi %016lx rdi %016lx\n", + r.rsi, r.rdi); + _LOG(log, logtype::REGISTERS, " r8 %016lx r9 %016lx r10 %016lx r11 %016lx\n", + r.r8, r.r9, r.r10, r.r11); + _LOG(log, logtype::REGISTERS, " r12 %016lx r13 %016lx r14 %016lx r15 %016lx\n", + r.r12, r.r13, r.r14, r.r15); + _LOG(log, logtype::REGISTERS, " cs %016lx ss %016lx\n", + r.cs, r.ss); + _LOG(log, logtype::REGISTERS, " rip %016lx rbp %016lx rsp %016lx eflags %016lx\n", + r.rip, r.rbp, r.rsp, r.eflags); +} |