Commit graph

288 commits

Author SHA1 Message Date
Christopher Ferris
0c572d01af Fix race condition updating local map data.
If the underlying local map changes, it's possible for multiple
threads to try and modify the map data associated with the UnwindLocalMap
object. Add a lock when generating the local map to avoid this problem.

In addition, add a read lock whenever any caller gets the maps iterator.
Updated all iterator callers to make this lock.

Bug: 29387050
Bug: 31067025

(cherry picked from commit 3a14004c7f)

Change-Id: Id00116f156a24b36085c0d5dfc3dde4d2ac55194
2016-08-25 15:01:53 -07:00
Josh Gao
4a875ce6ff debuggerd: verify that traced threads belong to the right process.
Fix two races in debuggerd's PTRACE_ATTACH logic:
  1. The target thread in a crash dump request could exit between the
     /proc/<pid>/task/<tid> check and the PTRACE_ATTACH.
  2. Sibling threads could exit between listing /proc/<pid>/task and the
     PTRACE_ATTACH.

Bug: http://b/29555636
Change-Id: I4dfe1ea30e2c211d2389321bd66e3684dd757591
2016-07-13 16:49:02 -07:00
Christopher Ferris
fd1eee58f9 Merge "Set groups before dropping privileges." into nyc-dev 2016-05-05 21:49:43 +00:00
Christopher Ferris
dac26a76c3 Merge "Fix null pointer dereference." into nyc-dev 2016-05-05 21:19:52 +00:00
Christopher Ferris
039976e553 Fix null pointer dereference.
In the function dump_thread_info, if /proc/<PID>/comm is unreadable, then
threadname will be used in a strncmp causing a crash. The fix is to
avoid the check if threadname is null.

Bug: 28615417
Change-Id: I54eda86404c927dbf5a987f5dd2108487df9f16c
2016-05-05 11:21:11 -07:00
Christopher Ferris
edc2380109 Set groups before dropping privileges.
The code for dumping tombstones tries to read the log data. This was
silently failing after the change to drop root privileges. Fix this
by explicitly setting the groups allowed before dropping privileges.

Bug: 28590884
Change-Id: Iaccb1d2928268fc9fc855f6e3814c31ce019badf
2016-05-05 11:13:50 -07:00
Christopher Ferris
9818bd2bbe Fix problem with wait_for_gdb.
When someone enables wait_for_gdb, activity manager will kill the
stopped process before a developer can attach to the process. To
allow debugging in this case, change the code to only contact the
activity manager right before continuing the process that is
crashing.

Also, modify the conditions under which to do a gdb attach. The previous
code did a partial attach if perform_dump failed. The new version simply
allows an attach regardless of whether perform_dump passes or fails.

Bug: 28409358
Change-Id: I4fe8d390c212d47e007cbe6543c2d114c3c7aeff
2016-05-04 17:42:30 -07:00
Christopher Ferris
0fc89f34b9 Connect to activity manager as root.
Before dropping root privileges, connect to the activity manager.
Also, only connect to the activity manager if this is a crash.

Bug: 28210681
Change-Id: Ie266031910519fa2aa6835644a95c1fc56e24d8d
2016-04-20 11:30:33 -07:00
Josh Gao
70335deb59 debuggerd: set the name of the signal sender.
Bug: http://b/27925028
Change-Id: I6bff938e229d2368250d4b5c268fa24bd4badea0
(cherry picked from commit f3dde2f869)
2016-03-30 14:22:41 -07:00
Josh Gao
dfa163df50 debuggerd: add SIGSYS to the list of handled signals.
Processes using seccomp will get SIGSYS when attempting to use a
disallowed syscall. We're currently not handling SIGSYS in bionic's
signal handler, but this change will let us dump a backtrace pointing at
rt_tgsigqueueinfo in our signal handler if seccomp policies block it
during a real crash.

Bug: http://b/27853687
Change-Id: I4e4aacc95eeef7249d895e19dc4ccd77a51c7a17
2016-03-25 14:34:22 -07:00
Josh Gao
6eb4eab106 debuggerd: waitpid for all children, and log the result.
Change-Id: Ic575e6db76ab153b4b238589a8cd299812d0e046
(cherry picked from commit 2808005521)
2016-03-23 14:28:01 -07:00
Josh Gao
a6219eae8d debuggerd: always send SIGCONT after detaching.
Bug: http://b/27330889
Change-Id: I104248af1cde03dbdbacc03c87fe7e2dffd6c037
(cherry picked from commit 24464185eb)
2016-03-23 14:27:57 -07:00
Josh Gao
e59c76ab62 debuggerd: don't apply timeout when wait_for_gdb is on.
Change-Id: Ic632dde4a0510c212a4b1c01890df9a41e9771c9
(cherry picked from commit 676a756b7b)
2016-03-17 15:33:24 -07:00
Josh Gao
965d6f4d17 debuggerd: don't send SIGSTOP to crashing processes.
This was actually nonfunctional until f5e8f0b, because it was using kill
after privileges were dropped. This doesn't seem necessary after the
changes to the sibling thread ptrace logic, though.

Bug: http://b/27427439
Change-Id: I6bffbc14e0cf5e377bbfa39c945518e0d436c223
(cherry picked from commit b17f228ff6)
2016-03-17 14:15:01 -07:00
Josh Gao
a951f4ca55 debuggerd: fix stupid typo.
Change-Id: Icd9a25a71e1e8580a200fe68bce0b17d09c51642
2016-03-17 13:23:41 -07:00
Josh Gao
036ff2ce83 debuggerd: monitor the worker process for failure.
Use sigtimedwait on SIGCHLD to watch our forked worker processes for
failure, so that we can guarantee that we always resume/kill the target
process if libunwind crashes.

Bug: http://b/27427439
Change-Id: I5a5da1f1abd7dc9d01223f5b3778e946e2d47d20
(cherry picked from commit 630bc80e18)
2016-03-17 13:11:08 -07:00
Josh Gao
e5dbdd09c7 debuggerd: fork the signal sender once.
Bug: http://b/27427439
Change-Id: I6294ff68a150bc9950a300264c31d2141307ac66
(cherry picked from commit f5e8f0b9cd)
2016-03-17 13:11:05 -07:00
Elliott Hughes
1a69e2811e Clean up CLOEXEC in debuggerd.
Change-Id: I1cd75f6a8f98e99f4a4fedfc706103ce34035765
(cherry picked from commit 17ba68d0cd)
2016-03-17 13:11:01 -07:00
Elliott Hughes
aa41756851 Remove dead code from debuggerd.
system/core/debuggerd/debuggerd.cpp:683:5: warning: Value stored to 'logsocket' is never read
    logsocket = -1;
    ^           ~~

Bug: http://b/27264392
Change-Id: I8eab8a02b67f219c32aea49e4d4957e5642df38f
(cherry picked from commit 6da1353863)
2016-03-17 13:10:58 -07:00
Josh Gao
bcb58e6d64 debuggerd: kill crashing processes with the signal they died with.
Bug: http://b/27675306
Change-Id: I951c5d7e54c35d88c65c5dc856e0b9d5a93d47b2
(cherry picked from commit 561497c0a8)
2016-03-16 16:16:41 -07:00
Josh Gao
48972c80d9 Merge "debuggerd: make sure that we kill the process after dumping." into nyc-dev 2016-03-10 22:32:34 +00:00
Christopher Ferris
c463ba45c4 Add error reporting mechanism for failing Unwind.
Remove the logging of an error if a thread disappears before the unwind
can begin. This can happen, so allow the caller to determine if this
is really a problem worth logging.

Bug: 27449879

(cherry picked from commit 206a3b9798)

Change-Id: If9e7cfeb6eb7b122679a734c1a9eacee8354ef18
2016-03-10 14:14:43 -08:00
Josh Gao
c6348f4e7f debuggerd: make sure that we kill the process after dumping.
Bug: http://b/27367422
Change-Id: Icd704b1effd558904975cfc524714b51917a653f
(cherry picked from commit f0c8723bdd)
2016-03-09 16:23:44 -08:00
Christopher Ferris
840887053c Merge "Newer kernels added SEGV_BNDERR."
am: 14c06e0769

* commit '14c06e0769817d81f18fcdc41132747ffc158745':
  Newer kernels added SEGV_BNDERR.
2016-02-05 02:20:13 +00:00
Christopher Ferris
5d56e28537 Newer kernels added SEGV_BNDERR.
Bug: 23789423
Change-Id: I6fdce75715edfce179df8c0e6a7205f26341ebd0
2016-02-04 14:07:23 -08:00
Elliott Hughes
1ef5b78a2f Merge "Start debuggerd as soon as logd is up."
am: 1b729b3e04

* commit '1b729b3e04b210d096ee2d447945f6b2c53b6029':
  Start debuggerd as soon as logd is up.
2016-02-02 21:10:47 +00:00
Elliott Hughes
2f74a5dae5 Start debuggerd as soon as logd is up.
Makes debugging early boot crashes easier.

Bug: http://b/26918597
Change-Id: I5bb883f1350ea5f7a545cb0e9f1034ecfcf47cdb
2016-02-02 13:03:41 -08:00
Josh Gao
f983e6ce5a Merge "debuggerd: fix debug.debuggerd.wait_for_gdb."
am: a590596dca

* commit 'a590596dcac8cc6a2ffaab110bdd89fdb5f837d8':
  debuggerd: fix debug.debuggerd.wait_for_gdb.
2016-01-15 19:40:49 +00:00
Josh Gao
2318cc0155 Merge "debuggerd: fix several bugs caused by fork/setuid change."
am: 1bf7000033

* commit '1bf700003368e8b68b34a0f9968ae5afd25dd4f2':
  debuggerd: fix several bugs caused by fork/setuid change.
2016-01-15 19:40:41 +00:00
Josh Gao
c362c45949 debuggerd: fix debug.debuggerd.wait_for_gdb.
Bug: http://b/26513486
Change-Id: I01c28ce810a49f8a4e0e2a86c7d018d95f9617c8
2016-01-15 11:31:17 -08:00
Josh Gao
7c89f9e955 debuggerd: fix several bugs caused by fork/setuid change.
Previously, we weren't PTRACE_ATTACHing to all of the threads of a
process, and we were also trying to do it after forking and dropping
privileges. This patch ensures that all ptrace attaching/detaching
happens in one place, before forking/exiting respectively.

Bug: http://b/26443860
Bug: http://b/26436605
Bug: http://b/26436486
Change-Id: Id94e0c1d9d56c051d0dd281d895aaa3285079198
2016-01-14 15:06:37 -08:00
Colin Cross
ce93dd6fcc Merge "debuggerd_test: provide stub selinux/android.h"
am: 5e19382e1c

* commit '5e19382e1c585967ee07b14fbb36a8027c92c394':
  debuggerd_test: provide stub selinux/android.h
2016-01-08 20:54:20 +00:00
Colin Cross
5e19382e1c Merge "debuggerd_test: provide stub selinux/android.h" 2016-01-08 20:49:47 +00:00
Dan Willemsen
3be0a0df2c Merge "Turn off -Wdate-time for crasher"
am: 392867cff1

* commit '392867cff1584f2ee475aae4b8f89778085a7de0':
  Turn off -Wdate-time for crasher
2016-01-06 00:35:00 +00:00
Dan Willemsen
392867cff1 Merge "Turn off -Wdate-time for crasher" 2016-01-06 00:23:37 +00:00
Josh Gao
8a43d6ae06 Merge "debuggerd: fork and drop privileges when dumping."
am: b8e9ebf8b4

* commit 'b8e9ebf8b4b840e4421534ffccce84d7ef49dc0f':
  debuggerd: fork and drop privileges when dumping.
2016-01-06 00:05:32 +00:00
Josh Gao
e7a9e52740 debuggerd: fork and drop privileges when dumping.
Bug: http://b/25195825
Change-Id: I913d8425232e79df3f7a051a8cc63de9c60f4780
2016-01-05 15:59:01 -08:00
Colin Cross
061e4a7d59 debuggerd_test: provide stub selinux/android.h
debuggerd_test stubs out the selinux/android.h interface, but was
relying on copied selinux headers to declare the interface.  Create a
stub selinux/android.h header included by the test to declare the
interface.

Change-Id: I6a2d402dda1797deb2515f10b663b1a84d498eac
2015-12-21 16:29:02 -08:00
Erik Kline
cbc6f68e32 Merge "Switch from using sockaddr to sockaddr_storage." am: 46b0b1c694
am: 4c1b3840f0

* commit '4c1b3840f092e63b0b8db8998b3bbc3465ff7c91':
  Switch from using sockaddr to sockaddr_storage.
2015-12-08 01:48:58 +00:00
Erik Kline
46b0b1c694 Merge "Switch from using sockaddr to sockaddr_storage." 2015-12-08 01:41:38 +00:00
Elliott Hughes
3608ee5e90 Merge "Track rename of base/ to android-base/." am: 912ed3d8ca
am: e2a9563be1

* commit 'e2a9563be1d540a1fb91489986bf6a72d54b59c8':
  Track rename of base/ to android-base/.
2015-12-07 23:36:59 +00:00
Erik Kline
7e16cc15b5 Switch from using sockaddr to sockaddr_storage.
This is to ensure sufficient space is always available.

Change-Id: Ifa87b93ecdc90dcacbfb24446c872344da6703d3
2015-12-07 16:07:46 +09:00
Elliott Hughes
4f71319df0 Track rename of base/ to android-base/.
Change-Id: Idf9444fece4aa89c93e15640de59a91f6e758ccf
2015-12-04 22:00:26 -08:00
Josh Gao
729ed79c51 Merge "debuggerd: remove some levels of indentation." am: cdff80c446
am: e2773a3f8e

* commit 'e2773a3f8eb1c770c1214fb43089f35cf4ca47c7':
  debuggerd: remove some levels of indentation.
2015-11-18 17:19:33 +00:00
Josh Gao
8ab7fd4017 debuggerd: remove some levels of indentation.
Use ScopedFd and unique_ptr to manage resources, so that we can early
exit instead of having 9 levels of indentation.

Change-Id: Ia5fed76c7d959f1f198ea540c56c508f7e1585c4
2015-11-17 14:44:50 -08:00
Josh Gao
93621bbf19 Merge "debuggerd: add .clang-format." am: c5a85f71ab
am: b4362070fc

* commit 'b4362070fc4c9b8178d75aaa6ab7932db5b845e1':
  debuggerd: add .clang-format.
2015-11-17 22:32:17 +00:00
Josh Gao
d918eedf29 debuggerd: add .clang-format.
Change-Id: I3584c170aadc3707638e407c7a8ca502f3670058
2015-11-16 17:26:22 -08:00
Nick Kralevich
7dafe5b818 Merge "Enable hidepid=2 on /proc" am: 2d8f1d4c47
am: ea8452cc72

* commit 'ea8452cc720cfcf2d8d1f469bbaafec968202e99':
  Enable hidepid=2 on /proc
2015-11-09 20:35:18 +00:00
Nick Kralevich
c39ba5ae32 Enable hidepid=2 on /proc
Add the following mount options to the /proc filesystem:

  hidepid=2,gid=3009

This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).

Please see
  https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.

hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.

Add AID_READPROC to processes which need to access /proc entries for
other UIDs.

Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
2015-11-09 09:08:46 -08:00
Dan Willemsen
9bef9660fd Turn off -Wdate-time for crasher
This is an optional diagnostic tool where it's useful to know if you are
running the version that you just built. Allow the use of __TIME__
without a warning or error.

Bug: 24204119
Change-Id: I78063c2694b80ccaf5891d1cd649ea17eda978cb
2015-11-02 15:41:59 -08:00