Commit graph

706 commits

Author SHA1 Message Date
Elliott Hughes
713ec25103 libdebuggerd: do a to-do.
Until 77fdb22cf6, logd started as
AID_ROOT and then dropped its privileges. Since then, there's been no
reason to use string comparisons rather than checking the uid.

Test: pkill -SEGV logd
Test: treehugger
Change-Id: Ia709f8f59cb0ab9abac7df84c96c701b5d0a83ea
2020-08-03 18:56:35 +00:00
Jeff Sharkey
7b21637782 Update language to comply with Android's inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for reference

Bug: 161896447
Change-Id: Iafcccbdbdf3ff1078e87000e2ce560ff09b43f68
2020-07-31 16:36:06 -06:00
Elliott Hughes
ba1bd64ca2 Merge "debuggerd: use One True timestamp function." 2020-07-24 15:47:03 +00:00
Elliott Hughes
a660cb3f13 debuggerd: use One True timestamp function.
An OEM asks for sub-second granularity, and that's most easily done if
we only have one timestamp generator. I'm not convinced sub-second
granularity is particularly useful myself, and I definitely don't think
that nanosecond resolution is meaningful but I do like this cleanup, and
if I'm going to use sub-second precision I may as well use the maximum
precision available to me.

Also reduce some duplication of code reading cmdline/comm.

Bug: https://issuetracker.google.com/161860597
Test: head /data/tombstones/*
Change-Id: I035ecfd4a3338ccd84dae0ef973a998a7c7c5056
2020-07-23 16:33:53 -07:00
Peter Collingbourne
fe8997aff8 Include memory tags in memory dump output.
Tags appear in the addresses printed in the memory dump, which seems
like a reasonable place to put them because tagged addresses will
also appear in other places in the tombstone, such as registers and
the fault address.

Bug: 135772972
Change-Id: I52da338347ff6b7503cf5ac80763c540695dc061
2020-07-21 19:05:16 -07:00
Peter Collingbourne
b1fcedb928 Adjust conditions for dumping the memory around a register.
Previously, we would do a simple bounds check before deciding
whether to dump the memory around a register. On 64-bit platforms,
the register's value was required to be less than (4 << 60). However,
after stripping tags on AArch64 as part of r.android.com/1365229, all
pointer values became less than (4 << 60), so the check became useless
for filtering out invalid pointers. As a result, we would attempt to
dump memory for all registers, which for a register not containing
a valid pointer would typically consist of 16 lines of dashes.

One possible fix may be to replace the constant (4 << 60) with the
process's actual address space limit (known as TASK_SIZE inside the
kernel; typically 39 bits on AArch64 and 48 bits on x86_64), but the
kernel provides no API for retrieving a process's TASK_SIZE value. We
could guess it by looking at for example the highest bit set in the
value of getauxval(AT_EXECFN), which points to an address on the stack
which typically is mapped at the end of the address space on program
startup, but at least on AArch64 it is possible to dynamically extend
TASK_SIZE at runtime by providing a hint to mmap(), so this is not
always sufficient.

Instead, it seems best to remove most of the early bounds check, and
simply issue ptrace() calls for each register value, bailing out of
the entire output if none of the calls ended up succeeding. This also
has the nice side effect of avoiding 16 lines of noise per register
whose value looks like a pointer but actually points to unmapped
memory. We still retain part of the bounds check in order to avoid
integer overflow during the dump (including overflows into the tag
part of the address on architectures that support tagging).

Bug: 154272452
Change-Id: I94e4b7124b7735b92fd83a49c80ebded3483cd4e
2020-07-21 16:59:24 -07:00
Peter Collingbourne
d00a577c97 Statically link libminijail to debuggerd_test.
We do not install a 32-bit version of libminijail to 64/32 devices,
which means that "atest -a debuggerd_test" always fails on 32-bit.
Fix it by statically linking libminijail.

Change-Id: I1e5610d1353b4f5b718c1259825421c0c07d7c24
2020-07-21 16:59:24 -07:00
Peter Collingbourne
10e428dd77 Fix dumping of heap memory.
After r.android.com/1288984 we started failing to dump memory contents
for heap addresses because the tag started causing any addresses to
fail this bounds check. Add an untag_address() call to the bounds check
so that the tag is ignored.

Bug: 154272452
Change-Id: I3a6d1a078b21871bd93164150a123549f83289f6
2020-07-17 17:35:49 -07:00
Peter Collingbourne
bbe6905d7e Add stack trace coverage to MTE tests.
It's impractical to test the contents of the stack trace, but we
should at least test that *a* stack trace is present, which would
have caught the bug fixed by r.android.com/1306754 .

Bug: 135772972
Change-Id: Ic5e0b997caa53c7eeec4e5185df5c043c9d4fe3d
2020-05-08 10:14:47 -07:00
Peter Collingbourne
f86225206d Add support for MTE error reports in tombstones.
Teach debuggerd to use the new scudo APIs proposed in
https://reviews.llvm.org/D77283 for extracing MTE error reports from crashed
processes, and include those reports in tombstones if possible.

Bug: 135772972
Change-Id: I082dfd0ac9d781cfed2b8c34cc73562614bb0dbb
2020-04-27 13:15:49 -07:00
Tom Cherry
c5c6d7d326 Don't include log/log_read.h in log/log.h
log/log.h primarily concerns itself with writing logs.  The few users
who read logs should directly include log/log_read.h.

Bug: 78370064
Test: build
Change-Id: Ie95c55ea2ffc76fc95768323d445ada6ad4f2520
2020-04-17 15:31:34 -07:00
Josh Gao
c40a7515eb debuggerd: don't leave a zombie child if crash_dump is killed.
If crash_dump dies before it gets a chance to write to the pipe we use
to let the debugged-process know that it successfully started, we
weren't cleaning up the child we fork to start it, leaving a zombie
child.

Bug: http://b/152119184
Test: debuggerd_test
Change-Id: Id01cc05f693995e9998941774f74ab8e3d8b4d8a
2020-04-10 10:09:39 -07:00
Peter Collingbourne
cd63cae6b2 Merge "Read fault address on arm64 using proposed kernel API." 2020-03-30 21:40:58 +00:00
Peter Collingbourne
5677803cb7 Merge "Create a debugger_process_info data structure with the process info pointers." 2020-03-30 21:36:41 +00:00
Peter Collingbourne
e2b76c5b00 Merge "Move crash_dump into the runtime APEX." 2020-03-30 19:03:41 +00:00
Peter Collingbourne
f03af8844a Read fault address on arm64 using proposed kernel API.
On aarch64, the top 8 bits of the address (i.e. the tag bits) of
the fault address in si_addr are always clear. This isn't ideal for
MTE which will require these bits in order to correctly diagnose
tag mismatches.

A proposed kernel patch [1] exposes the full fault address including
the tag bits as part of the ucontext. Change debuggerd to read this
fault address if available.

[1] https://patchwork.kernel.org/patch/11435077/

Bug: 135772972
Change-Id: Ia05be574113860f4e9ecc36a310c4b740e0c4afb
2020-03-27 20:00:06 -07:00
Mitch Phillips
b9c072c551 Move PC-only unwind frame generation to libunwindstack.
GWP-ASan uses frame-pointer based unwinding internally on
allocation/deallocation to collect stack traces that are used when
crashes are reported.

This should be generic, so pull it out into libunwindstack so it can be
used by MTE as well.

Bug: 152412331
Test: atest debuggerd_test
Change-Id: I27b32263aac63446f5fe398af108676b70cd3971
2020-03-26 13:39:05 -07:00
Peter Collingbourne
f3d542fe9f Create a debugger_process_info data structure with the process info pointers.
Similar to r.android.com/1247247 I'll be adding more of them for MTE.

Also, change the protocol between the crasher and crash_dump to make
it easier to add new fields and change the referenced data structures
without needing to worry about versioning. The version number for
static executables is now always 1 (where the protocol will never
change), while the version number for dynamic executables is always
4 (where the protocol can change, because the linker and crash_dump
are version locked).

Bug: 135772972
Change-Id: Ib4696d0544d7c87cb429aaaa15f18c3640059e16
2020-03-24 17:23:15 -07:00
Tom Cherry
7581e86a72 Merge "Remove ANDROID_LOG_RDONLY, etc" 2020-03-24 21:00:57 +00:00
Tom Cherry
907b2d0349 Remove ANDROID_LOG_RDONLY, etc
These macros haven't been meaningful in years.

Test: logging unit tests
Change-Id: I796ec6d9b450f8a84bc85c3f15ddd988724c5e08
2020-03-23 13:43:27 -07:00
Martin Stjernholm
6d4e47a165 Merge "Remove use of static libdexfile to avoid linking in ART internal code." 2020-03-23 20:15:14 +00:00
Peter Collingbourne
5ac3927878 Make GetPcAdjustment a free function.
We're now using it in contexts that don't have all of the registers available,
such as GWP-ASan and soon MTE, so it doesn't make sense to have it be a
member function of Regs.

Bug: 135772972
Change-Id: I18b104ea0adb78588d7e475d0624cefc701ba52c
2020-03-19 17:51:20 -07:00
Martin Stjernholm
a2cc893044 Remove use of static libdexfile to avoid linking in ART internal code.
- Create a static library libunwindstack_no_dex without DEX support.
- Use it in libdebuggerd_handler_fallback, whose only use is in the
  linker, which shouldn't need that support.
- Use it in init_first_stage, which doesn't need DEX support either.
- Also need a libbacktrace_no_dex since it's in the dependency chain
  from init_first_stage to libunwindstack_no_dex.

Also restrict the *_no_dex libs and libdebuggerd_handler_fallback as
much as possible to avoid inadvertent use of these reduced
functionality libs.

Test: m init_first_stage on Cuttlefish
  where BOARD_BUILD_SYSTEM_ROOT_IMAGE=false
Test: m system_image com.android.runtime
Test: Build & boot
Test: atest linker-unit-tests libunwindstack_unit_test debuggerd_test
Bug: 142944931
Bug: 151466650
Change-Id: Iaacb29bfe602f3ca12a00a712e2a64c45ff0118b
2020-03-19 22:23:54 +00:00
Peter Collingbourne
b72e74810c Move crash_dump into the runtime APEX.
A future change will introduce a version lock between linker and
crash_dump. Move crash_dump into the runtime APEX alongside linker in order to
ensure that they will be the same version even if the runtime APEX is updated.

Bug: 135772972
Change-Id: Ic2eae31b6927eb0e8a62315ac141f50933c00bcc
Merged-In: Ic2eae31b6927eb0e8a62315ac141f50933c00bcc
2020-03-18 10:38:04 -07:00
Elliott Hughes
151e74894f Merge "debuggerd: add an opt-out for OEMs that would rather collect core dumps." 2020-03-06 17:17:51 +00:00
Peter Collingbourne
843f7e645d Create a ProcessInfo structure with the process-wide information from the crasher.
We're now passing around a couple of addresses for GWP-ASan in addition
to abort_msg_address and fdsan_table_address, and I'm going to need to add
more of them for MTE. Move them into a data structure in order to simplify
various function signatures.

Bug: 135772972
Change-Id: Ie01e1bd93a9ab64f21865f56574696825a6a125f
2020-02-28 19:12:19 -08:00
Elliott Hughes
530ab81e42 debuggerd: add an opt-out for OEMs that would rather collect core dumps.
On userdebug/eng devices, check a system property to see whether we
should create tombstones or not. OEMs that would rather have core dumps
can set this property and configure /proc/sys/kernel/core_pattern
appropriately.

Bug: https://issuetracker.google.com/149663286
Test: set the property, cause a crash
Change-Id: If894b4582a1820b64bdae819cec593b7710cb6e3
2020-02-25 09:28:24 -08:00
Elliott Hughes
f77f6f003c Remove various bits of dead code and unused workarounds.
Test: treehugger
Change-Id: I68fcd5da304d04ff4da3c3f3712fb79ce6b5791e
Merged-In: I68fcd5da304d04ff4da3c3f3712fb79ce6b5791e
2020-02-22 16:53:24 +00:00
Mitch Phillips
e0b4bb1b2e [GWP-ASan] Add GWP-ASan information to tombstones.
GWP-ASan can provide information about a crash that it caused. Grab the
GWP-ASan regions from the globals shared by the linker for crash-handler
purpopses, pull the information from GWP-ASan, and display it.

This adds two regions:
 1. Causality tracking by GWP-ASan. We now print a cause header about
 the crash, like `Cause: [GWP-ASan]: Use After Free on a 1-byte
 allocation at 0x7365bb3ff8`
 2. Allocation and deallocation stack traces.

Bug: 135634846
Test: atest debuggerd_test

Change-Id: Id28d5400c9a9a053fcde83a4788f971e677d4643
2020-02-18 16:49:50 -08:00
Ray Essick
bd3ba782f2 build crash_dump.policy files using Android.bp
use Android.bp instead of Android.mk to build and install the
crash_dump.policy files. This also allows mainline modules to pull
the files into their apex (dependency wasn't handled for Android.mk)

Bug: 147914640
Test: build, examine generated filesystem
Change-Id: Iae92d4f9d683ccfddf1716e7eb2877b7bff0c737
2020-02-03 08:57:46 -08:00
Elliott Hughes
f8c0350eaa Merge "debuggerd: remove the raw stack dump." 2020-01-23 16:07:42 +00:00
Elliott Hughes
627928e059 debuggerd: remove the raw stack dump.
This takes a lot of space, isn't convincingly useful, and makes it
likely that the far more valuable stuff that comes after it gets
truncated. So let's just drop it.

Bug: http://b/139860930
Test: manual crasher, presubmit
Change-Id: Ie417ffc07e3cb17e95fdb3d183f8c87de0f34b89
2020-01-22 14:13:46 -08:00
Josh Gao
55c7ed4e2e debuggerd_handler: increase thread stack size.
1 page isn't enough to log on AArch64, and clean pages are free, so
increase the stack size to 8 pages.

Bug: http://b/144887737
Test: treehugger
Change-Id: I731b3bc27ab37f4b830a9478a04cd34d4f7648d3
2020-01-17 17:25:30 -08:00
Steven Moreland
e40e4270e8 remove deprecated bp 'subdirs'
noticed some, so thought I would remove them everywhere here

Bug: N/A
Test: N/A
Change-Id: I2978673b158d6c253914ea22f7f0129e446a5f91
2020-01-14 12:18:40 -08:00
Josh Gao
a48b41bcb8 debuggerd: switch to using platform headers for DEBUGGER_SIGNAL.
Test: treehugger
Change-Id: Ie9736c4a077dba1029d2352bd94d47ce07323aec
2019-12-17 16:36:05 -08:00
Treehugger Robot
82a31b8749 Merge "Add variadic logging to libdebuggerd internal." 2019-11-19 19:04:55 +00:00
Mitch Phillips
aadebd8982 Add variadic logging to libdebuggerd internal.
GWP-ASan's crash information retrieval services requires a Printf()
function (declared by the system/implementing allocator). In this
instance, because _LOG is called with additional arguments (the log_t),
this function must be wrapped to conform to printf_t defined by
GWP-ASan.

We can easily wrap the variadic version.

Bug: 135634846
Test: atest debuggerd_test
Change-Id: I17209cd2b7455ce889e2f8194969f606cac329eb
2019-11-19 09:49:05 -08:00
Treehugger Robot
ba5351692e Merge "Include PSTATE in tombstones on arm64." 2019-11-19 14:07:37 +00:00
Peter Collingbourne
bb2f941f57 Include PSTATE in tombstones on arm64.
A thread's PSTATE can sometimes be critical for understanding a crash,
especially with MTE and other new features that store per-thread state
in PSTATE.

Bug: 135772972
Change-Id: I1bee25bffe7eea395f04b6449dc9227298cf866e
2019-11-18 17:57:37 -08:00
Tom Cherry
441054aa1e Remove old logger_entry_v* formats
logger_entry and logger_entry_v2 were used for the kernel logger,
which we have long since deprecated.  logger_entry_v3 is the same as
logger_entry_v4 without a uid field, so it is trivially removable,
especially since we're now always providing uids in log messages.

liblog and logd already get updated in sync with each other, so we
have no reason for backwards compatibility with their format.

Test: build, unit tests
Change-Id: I27c90609f28c8d826e5614fdb3fe59bde22b5042
2019-10-24 10:53:14 -07:00
Treehugger Robot
ecc9b1bd7f Merge "debuggerd_client_test: massively increase timeouts." 2019-10-17 21:33:46 +00:00
Josh Gao
f10d4a15d2 debuggerd_client_test: massively increase timeouts.
debuggerd_client.race seems to have suddenly started to flake, for no
apparent reason. This doesn't seem to reproduce locally, so increase
the timeouts to rule out our test VMs being slow.

Bug: http://b/142571257
Test: treehugger
Change-Id: Ic54a78b8da36cb1163cec7e7976c73c3da628a30
2019-10-17 12:09:49 -07:00
Nick Desaulniers
67d52aa0f6 [debuggerd] fix -Wreorder-init-list
C++20 wants members to be ordered unlike C99.

Bug: 139945549
Test: mm
Change-Id: I3cbca589511c1e0bbc10c691949e18de77e16031
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
2019-10-10 14:54:35 -07:00
Elliott Hughes
ec220cd877 debuggerd: increase the default limit on tombstones to 32.
We're missing useful crashes, especially on hwasan builds.

Bug: http://b/140580637
Test: run crasher
Change-Id: Ib5d8d3bd3fc4d7fec77d0b10302e5595f97a3515
2019-09-26 14:36:01 -07:00
Christopher Ferris
11555f0961 Increase timeouts.
There is still some flakiness, so increase the timeout values.
Also remove the TEMP_FAILURE_RETRY macro usage in TIMEOUT calls.
That macro disables the ability of the alarm code to interrupt
the system call.

Bug: 141045754

Test: Unit tests pass.
Change-Id: Ia3c95dccc3076a3fd5ef6432097a57e4ccee4df3
2019-09-20 15:07:03 -07:00
Christopher Ferris
172b0a0834 Add TEMP_FAILURE_RETRY where appropriate.
Bug: 141045754

Test: Ran unit tests in a loop on walleye and cuttlefish.
Change-Id: I87b912e76889ed207ab17b862e4786ee44a382ba
2019-09-18 19:05:25 -07:00
Christopher Ferris
ab60668ef4 Allow getrlimit/ugetrlimit syscalls in tests.
The fdsan code uses getrlimit/ugetrlimit so need to allow that when
running the debuggerd unit tests.

Bug: 141045754

Test: Ran the offending tests hundreds of times without failure.
Change-Id: Iece94f03e7895d61ca8a8f3ab17dce7e54ddf9cd
2019-09-17 15:31:47 -07:00
Josh Gao
6cad139bcc Mark some tests as requiring root.
Bug: http://b/140123924
Test: mma
Change-Id: I3ad277179018631c50d9295cdb173dd9dfa7ac59
2019-08-27 16:09:32 -07:00
Josh Gao
8ad965ae5e tombstoned: start immediately after /data is mounted.
Catch as many early-boot crashes as we can by starting tombstoned
immediately after /data is mounted.

Bug: http://b/139864948
Test: adb shell su 0 dmesg | grep "starting service"
Change-Id: I7f8821102191a445e87020f3efa59a2e0620d9db
2019-08-22 15:19:44 -07:00
Treehugger Robot
44e343837f Merge "Add wchan data to ANR dump" 2019-07-20 16:40:54 +00:00