If the underlying local map changes, it's possible for multiple
threads to try and modify the map data associated with the UnwindLocalMap
object. Add a lock when generating the local map to avoid this problem.
In addition, add a read lock whenever any caller gets the maps iterator.
Updated all iterator callers to make this lock.
Bug: 29387050
Bug: 31067025
(cherry picked from commit 3a14004c7f)
Change-Id: Id00116f156a24b36085c0d5dfc3dde4d2ac55194
Fix two races in debuggerd's PTRACE_ATTACH logic:
1. The target thread in a crash dump request could exit between the
/proc/<pid>/task/<tid> check and the PTRACE_ATTACH.
2. Sibling threads could exit between listing /proc/<pid>/task and the
PTRACE_ATTACH.
Bug: http://b/29555636
Change-Id: I4dfe1ea30e2c211d2389321bd66e3684dd757591
In the function dump_thread_info, if /proc/<PID>/comm is unreadable, then
threadname will be used in a strncmp causing a crash. The fix is to
avoid the check if threadname is null.
Bug: 28615417
Change-Id: I54eda86404c927dbf5a987f5dd2108487df9f16c
The code for dumping tombstones tries to read the log data. This was
silently failing after the change to drop root privileges. Fix this
by explicitly setting the groups allowed before dropping privileges.
Bug: 28590884
Change-Id: Iaccb1d2928268fc9fc855f6e3814c31ce019badf
When someone enables wait_for_gdb, activity manager will kill the
stopped process before a developer can attach to the process. To
allow debugging in this case, change the code to only contact the
activity manager right before continuing the process that is
crashing.
Also, modify the conditions under which to do a gdb attach. The previous
code did a partial attach if perform_dump failed. The new version simply
allows an attach regardless of whether perform_dump passes or fails.
Bug: 28409358
Change-Id: I4fe8d390c212d47e007cbe6543c2d114c3c7aeff
Before dropping root privileges, connect to the activity manager.
Also, only connect to the activity manager if this is a crash.
Bug: 28210681
Change-Id: Ie266031910519fa2aa6835644a95c1fc56e24d8d
Processes using seccomp will get SIGSYS when attempting to use a
disallowed syscall. We're currently not handling SIGSYS in bionic's
signal handler, but this change will let us dump a backtrace pointing at
rt_tgsigqueueinfo in our signal handler if seccomp policies block it
during a real crash.
Bug: http://b/27853687
Change-Id: I4e4aacc95eeef7249d895e19dc4ccd77a51c7a17
This was actually nonfunctional until f5e8f0b, because it was using kill
after privileges were dropped. This doesn't seem necessary after the
changes to the sibling thread ptrace logic, though.
Bug: http://b/27427439
Change-Id: I6bffbc14e0cf5e377bbfa39c945518e0d436c223
(cherry picked from commit b17f228ff6)
Use sigtimedwait on SIGCHLD to watch our forked worker processes for
failure, so that we can guarantee that we always resume/kill the target
process if libunwind crashes.
Bug: http://b/27427439
Change-Id: I5a5da1f1abd7dc9d01223f5b3778e946e2d47d20
(cherry picked from commit 630bc80e18)
system/core/debuggerd/debuggerd.cpp:683:5: warning: Value stored to 'logsocket' is never read
logsocket = -1;
^ ~~
Bug: http://b/27264392
Change-Id: I8eab8a02b67f219c32aea49e4d4957e5642df38f
(cherry picked from commit 6da1353863)
Remove the logging of an error if a thread disappears before the unwind
can begin. This can happen, so allow the caller to determine if this
is really a problem worth logging.
Bug: 27449879
(cherry picked from commit 206a3b9798)
Change-Id: If9e7cfeb6eb7b122679a734c1a9eacee8354ef18
Previously, we weren't PTRACE_ATTACHing to all of the threads of a
process, and we were also trying to do it after forking and dropping
privileges. This patch ensures that all ptrace attaching/detaching
happens in one place, before forking/exiting respectively.
Bug: http://b/26443860
Bug: http://b/26436605
Bug: http://b/26436486
Change-Id: Id94e0c1d9d56c051d0dd281d895aaa3285079198
debuggerd_test stubs out the selinux/android.h interface, but was
relying on copied selinux headers to declare the interface. Create a
stub selinux/android.h header included by the test to declare the
interface.
Change-Id: I6a2d402dda1797deb2515f10b663b1a84d498eac
Use ScopedFd and unique_ptr to manage resources, so that we can early
exit instead of having 9 levels of indentation.
Change-Id: Ia5fed76c7d959f1f198ea540c56c508f7e1585c4
Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
This is an optional diagnostic tool where it's useful to know if you are
running the version that you just built. Allow the use of __TIME__
without a warning or error.
Bug: 24204119
Change-Id: I78063c2694b80ccaf5891d1cd649ea17eda978cb