GWP-ASan changed one of the APIs upstream to now take the fault address
as well. This is to support the recoverable mode.
Add the fault address as well.
Test: gwp_asan_unittest
Bug: N/A
Change-Id: I8a4edd3fad159d91cc036050d330bbb8f9c8d435
This is a no-op but will be used in upcoming scudo changes that allow to
change the buffer size at process startup time, and as such we will no
longer be able to call __scudo_get_ring_buffer_size in debuggerd.
Bug: 263287052
Change-Id: I350421d1fcdf22ce3b8b73780b88c1e10fa8a074
The current logging...
```
F libc : Fatal signal 31 (SIGSYS), code 1 (SYS_SECCOMP) in tid 6640 (logcat), pid 6640 (logcat)
```
...isn't super useful if crash_dump then fails, because you have no idea
what syscall caused the problem.
We already include the fault address in this line for relevant cases,
so include the syscall number in this case.
Bug: http://b/262391724
Test: treehugger
Change-Id: I45ad7d99c9904bab32b65efeb19be232e59ab3a4
* Intentional crash test code with null/free/escape warnings.
Test: make tidy-system-core-debuggerd_subset
Change-Id: Ib1255c17a374729c82aa246c6a59156dbc4e1b77
The long term plan is to completely remove tombstoned from microdroid (b/243494912), however it might take time some time to implement it.
In the meantime, we've recently removed cgroups support from the microdroid kernel. This means that starting a tombstoned results in a bunch of non-fatal errors in the logs that are related to the fact that tombstoned service specifies task_profiles.
To get rid of these error messages we temporary add a microdroid variant of the tombstoned (tombstoned.microdroid) that doesn't specify task_profiles.
Bug: 239367015
Test: microdroid presubmit
Change-Id: Ia7d37ede2276790008702e48fdfaf37f4c1fd251
Fixes
```
out/soong/installs-aosp_riscv64.mk:56833: error: overriding commands for target `out/target/product/generic_riscv64/system/etc/seccomp_policy/crash_dump.riscv64.policy', previously defined at out/soong/installs-aosp_riscv64.mk:56829
```
Test: m
Change-Id: I78a1c6b10dac2da704515f33b492ff37cc086dd6
The use of __builtin_abort in CrasherTest::Trap breaks with
-ftrap-function=abort, because then the argument of Trap is no longer in
the first argument register at the time of crash.
This flag is added when *any* sanitizer is enabled on the target, even harmless
ones like memtag-heap. See sanitize.go:769.
Fix CrasherTest::Trap to be a little more reliable.
Test: debuggerd_test with SANITIZE_TARGET=memtag_heap
Change-Id: I150f1c0355bd6f2bfabfa5a7bba125acdde1120e
Signed-off-by: Liu Cunyuan <liucunyuan.lcy@linux.alibaba.com>
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Change-Id: Ie22c2895fc30fab68eddc18713c80e403f44b203
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Change-Id: Ie58bd7cf5dde792d8fba78602b5f53471752ab24
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Change-Id: I521c6da61cf2f6f67a73febf368068c430d94cdb
This uses an std::string, which causes a heap allocation, which is not
async-safe.
Test: atest --no-bazel-mode permissive_mte_test
Change-Id: I4bd53d42d9a6a659abe62a964f14c81d9ec059d0
Unify all our "noinline" variants to the current most common one, not
least because the new [[noinline]] syntax is fussier about where it goes.
Test: treehugger
Change-Id: Icfcb75c9d687f0f05c19f66ee778fd8962519436
There's a link here from the javadoc, but a link to the javadoc from
here seems like a good idea.
Test: N/A
Change-Id: I89a29f72d086d08174e72f7d0aa0421fe417f733
liblog_for_runtime_apex is a static variant of liblog which is
explicitly marked as available to the runtime APEX. Any static
dependency to liblog from inside the runtime APEX is changed from liblog
to liblog_for_runtime_apex.
Previously, to support the need for using liblog inside the runtime
APEX, the entire (i.e. both static and shared variants) liblog module
was marked as available to the runtime APEX, although in reality only
the static variant of the library was needed there. This was not only
looking dirty, but also has caused a problem like b/241259844.
To fix this, liblog is separated into two parts. (1) liblog and (2)
liblog_for_runtime_apex. (1) no longer is available to the runtime APEX
and is intended to be depended on in most cases: either from the
non-updatable platform, or from other APEXes. (2) is a static library
which is explicitly marked as available to the runtime APEX and also
visible to certain modules that are included in the runtime APEX.
Bug: 241259844
Test: m and check that liblog depends on stub library of libc
Change-Id: I10edd4487a6f090ef026acffe1ffbd067387a0d3
r.android.com/2108505 was intended to fix a crash in Scudo in
the case where the stack depot, region info or ring buffer were
unreadable. However, it also ended up introducing a number of bugs into
the code. It failed to call __scudo_get_error_info if the page at the
fault address was unreadable. This can happen in legitimate crash cases
if a primary allocation was close to the boundary of a mapped region,
or if the allocation was a secondary allocation with guard pages. It
also used long as the type for tags, whereas Scudo expects it to be
char. In combination this ended up causing most of the MTE tests to
fail. Therefore, mostly revert that change.
Fix the original crash by null checking the pointers returned by
AllocAndReadFully before proceeding with the rest of the function.
Bug: 233720136
Change-Id: I04d70d2abffaa35fe315d15d9224f9b412a9825d
Added SPDX-license-identifier-Apache-2.0 to:
debuggerd/test_permissive_mte/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: Ic48cf8a972147eba8a955136be74204c013ca436
In the fallback path, if the non-main thread is the target
to be dumped, then no other threads are dumped when creating
a tombstone. Fix this and add unit tests to verify that
this all threads, including the main thread are dumped.
Bug: 234058038
Test: All unit tests pass.
Test: debuggerd -b media.swcodec process
Test: debuggerd media.swcodec process
Change-Id: Ibb75264f7b3847acdbab939a66902d986c0d0e5c
The code doesn't properly check if data is not read properly, so
make it fail if reads fail. Also, change the algorithm so that
first try and read the faulting page then 16 pages before and 16
pages after. Rather than trying to read every one of these pages,
stop as soon as one is unreadable. This means that the total memory
passed to the scudo error function is all valid data, rather than
potentially being some uninitialized memory.
Added new unit tests to cover scudo address processing.
Bug: 233720136
Test: All unit tests pass.
Test: atest CtsIncidentHostTestCases
Change-Id: I18a97bdee9a0c44075c1c31ccd1b546d10895be9
This is not meant to be enabled long-term, but can be used to assess system
stability with MTE before enabling it.
Bug: 202037138
Change-Id: I9fb9b63ff94da2de0a814fd7150f51559d3af079
If a process requires executing fallback unwinder and the thread
crashing is not the main thread, the wrong unwinder is used.
Fix this case, and add a new unit test that causes an abort in
the non main thread.
Bug: 233721755
Test: New unit test passes with fix and fails without.
Test: Ran debuggerd on swcodec process and it still dumps all threads.
Change-Id: I70fffc5d680256ce867e7a1d427593b584259160
Merged-In: I70fffc5d680256ce867e7a1d427593b584259160
(cherry picked from commit 2d5d46ca85)
This simplifies most of the calls to avoid doing any Android
specific code.
Bug: 120606663
Test: All unit tests pass.
Change-Id: I511e637b9459a1f052a01e501b134e31d65b5fbe
With the addition of runtime-configurable GWP-ASan, there might be many,
many more than 1,000 allocations. Have support for them, but keep a
hopefully-won't-crash-the-device limit.
Bug: 219651032
Test: atest bionic-unit-tests
Change-Id: I7b8e2bf5ab7c723ab6c61365f0dc610e400dbbce
One is intentionally seeting the abort message. The other is to set
the abort message to null.
Also, make the libseccomp_policy static so that the crasher
executable can be copied to the system afterwards without
requiring libseccomp_policy.so.
Test: Ran both new crash commands on device.
Test: Ran the seccomp crash command to verify seccomp still works.
Change-Id: I255b5f37e6eb188719e5b72302ca3f5911c8d821
Inline definitions of a few constants that don't appear on Q/R devices,
so that this works for us in mainline modules that are loaded on those
older devices.
Bug: 225406881
Test: boot on Q, watch logcat
Test: boot on R, watch logcat
Change-Id: Ic5781976d4c1e2d16e230c015fc49d9fde74e289
The functionality moved from the Unwinder object to the MapInfo
object and means that the individual unreadable files can be
displayed now.
Included adding the unreadable elfs per thread in the protobuf.
Updated the unwinder test.
Test: All unit tests pass.
Change-Id: I7140bde16938736da005f926e10bbdb3dbc0f6f5
When dumping a tombstone using the fallback path, only the main
thread was showing up. Modify the code to dump the threads using
a slightly different path for the tombstone generation code.
In addition, while looking at this code, two MTE variables were
not set in the tombstone fallback code. Added those variables
so MTE devices will work properly in this fallback path.
Modified the tombstone unit tests for seccomp to have
multiple threads and verify those threads show up in the tombstone.
Bug: 208933016
Test: Ran unit tests.
Test: Ran debuggerd <PID> on a privileged process and verified
Test: all threads dumped. Also verified that the tagged_addr_ctrl
Test: variable is present on the raven device.
Change-Id: I16eadb0cc2c37a7dbc5cac16af9b5051008b5127
debuggerd_test depends on it, and the easiest way to
ensure that the file is available when running the tests
is to make it a dependency of crash_dump.
Change-Id: Iebea8e0c49d8d49d52a434e4194e870793758988
Change use of new_ to old_ to save the old sigaction data. This hasn't
caused any issues, but it's obviously wrong.
Test: Ran unit tests on coral.
Change-Id: I96be5b0980c323c3aeafb422fbc06202577604a2
Hard to get otherwise if you're trying to debug PAC issues.
Bug: http://b/214314197
Test: treehugger
Change-Id: I2e5502809f84579bf287364e59d6e7ff67770919
The frame data no longer contains map_XXX fields which represent
the map data. Now there is only a shared pointer to the MapInfo
object with which this frame is associated.
Bug: 120606663
Test: Unit tests pass.
Change-Id: I89282963f742f6fcc07e48533da4108dc16bdce9
It is expensive to keep the non-protobuf path around and it hasn't
been used for an entire release without anyone noticing, so remove it.
Create new end-to-end unit tests that cover tests of the non-proto
code paths that are being deleted.
Bug: 197981919
Test: Unit tests pass.
Change-Id: Ia1c45572300bd63e5f196ad61e5e5386830c8ece
- Use "likelihood" instead of "probability" since that has connotations
of being less precise, and our probability ordering isn't very precise
anyway.
- Hide the fault address with SEGV_MTEAERR because it is not available.
- Pad the fault address with leading zeroes to make it clearer which
bits of the top byte (and any following bytes such as PAC signature
bits) are set.
Bug: 206015287
Change-Id: I5e1e99b7f3e967c44781d8550bbd7158eb421b64
On the main thread, the siginfo pointer will never be nullptr.
Add a CHECK to make sure this is true.
Test: Unit tests pass both 32 bit and 64 bit.
Test: Ran with debug.debuggerd.translate_proto_to_text set to 0
Test: to exercise old path.
Change-Id: I9d5ed0de5d652de8a4f9cd85eb57cbb1ec676404
This code was added, but a svelte config still tries to use scudo
related code that doesn't exist.
Bug: 201007100
Test: Ran unit tests on normal config.
Test: Ran unit tests on svelte config.
Change-Id: Ic84bae37717d213121aef182bac2f82dbee25213
strerror is nice, but usually I don't care about the text, I care about
the uppercase enum
Bug: N/A
Test: N/A
Change-Id: I8ea86220cb04cbded701379c47b8aba8ea8864b8
I was here because we have a case where timeout(1) kills logcat, but
debuggerd alleges that the process that was killed had started less than
a second ago. I'm not sure this is the problem there, but I did notice
that far too many tombstones were claiming improbably short process
uptimes. It turns out that the code was measuring the *thread* uptime,
not the *process* uptime.
Also simplify the code a bit by switching to sysinfo(2) rather than
reading a file.
Test: manual, plus the existing unit test
Change-Id: Ie2810b1d5777ad9182be92bfb3f60795dc978b24
The libunwindstack code will attempt to dlopen the libdexfile.so
when a dex pc is found. Unfortunately, this failed since that
library was not properly listed as a runtime library. To make
sure this doesn't happen again, add an end to end test that
will create a dex pc frame, and will verify the correct
dex function name is in that frame.
Bug: 199043576
Test: Unit test passes on arm/aarch64/x86/x86_64.
Test: Removed the runtime_libs of libdexfile from libunwindstack
Test: and verified the new test fails.
Change-Id: I3a11f9ee44e06e37a547d193b04f7fbb90ccfe0a
The output.text.fd value is only ever -1 when there is a failure.
There is no need to check both < 0 or -1, so only check for -1.
Test: Unit tests pass.
Test: Verified the message is seen on intercept and not on
Test: regular crashes.
Change-Id: I1eddcd5d2342b268ceb261b246c98b10cee85bb4
Revert "Allow visibility on libdexfile for all libdexfile_suppor..."
Revert "Add libdexfile runtime dependency of libdexfile_support."
Revert "Add libdexfile runtime dependency of libdexfile_support."
Revert submission 1810760-libdexfile-runtime-2
Reason for revert: DroidMonitor: Potential culprit for Bug 198352910 - verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted Changes:
If4da968e4:Add libdexfile runtime dependency of libdexfile_su...
I80162942a:Allow visibility on libdexfile for all libdexfile_...
Iab18abc8e:Add libdexfile runtime dependency of libdexfile_su...
I473d146d8:Add libdexfile runtime dependency of libdexfile_su...
Change-Id: Iacab8e0a5c74e0c3185a155e35c28903aa9acb4a
When the switch was made to dump the tombstone from the protobuf,
the fault address marker in the maps section went missing. Re-add
that logic and add new unit tests to verify all of the different
behaviors.
Bug: 193935960
Test: All unit tests pass.
Test: All unit tests pass when setprop debug.debuggerd.translate_proto_to_text 0
Test: The above on cuttlefish, 32 bit and 64 bit.
Test: The above on a flame, 32 bit and 64 bit.
Change-Id: I098bb6ab4bacacae2ca0fc5ec9a73549ed0b9489
The "missing output fd" message can seem like an error, so modify
the message to indicate what is really happening. This message
will occur normally when running the debuggerd command, or when
a bugreport is generated, or when an ANR occurs. In all of those
cases, this is not an error, but an expected action.
Bug: 196189981
Test: Ran debuggerd -b and debuggerd and verified this message is seen.
Test: Ran unit tests.
Change-Id: I6e3d5a76d92b972c77fca301ea7147745bc67c37
The tombstone will add a newline after the abort message, so remove
any trailing newlines before saving/printing.
Bug: 196414062
Test: Unit tests pass.
Test: Set system property debug.debuggerd.translate_proto_to_text to 0
test: and unit tests still pass.
Change-Id: I0d3dc215eb5d8be93d99e5b9d4f0a14b1d61396d
A lot of things had moved out of system/core/ without their TEST_MAPPING
entries having gone with them, reducing the amount of presubmit coverage
for those things.
In order to reduce the likelihood of that happening again, I've pushed
all that remained in the system/core/ TEST_MAPPING down into the
individual subdirectories.
Test: treehugger
Change-Id: Ib75d65f9200fa64ae1552471da6fbe5b7023cf94
After compiler update, infinite side effect free loops are replaced with trap
instructions. So use -fno-finite-loop to disable this behavior.
Bug: 196162833
Test: run debuggerd_test.
Change-Id: I057263360a5df64af18c17a025fab48887d0b470
When running debuggerd from the command line, it's possible that
the signal will happen on a side thread. The original intercept
in tombstoned is set to only handle crashes from the main thread
pid, so in this case, the intercept doesn't occur. To fix this,
modify the code so that running debuggerd always sends the signal
to the main pid. In addition, modify the signal handler is entered
due to the BIONIC_SIGNAL_DEBUGGER signal, then the crashing tid is
set to the main thread pid instead of the current thread.
Add unit test to cover this case.
Bug: 194346289
Test: All unit tests pass.
Test: Verify the new unit test is getting the signal on the non-main
Test: thread and still properly handling the intercept.
Test: Modify the debuggerd code to send the signal to the non main pid
Test: and verify the dump still occurs correctly.
Change-Id: I2dd1bd11fc8ef4a6fe87f05ecc67ae349a101c82
For the new kernel 5.13 heders, there is a new TRAP_PERF value that
needs to be handled.
Test: Builds.
Change-Id: I2c6658ca94423c210db9ad6692ec69f6be69b3f5
Dumping stack in ANR can fail, but error message is only printed
to logcat. To allow easier debugging of such cases we add the
error messages in the ANR file as well.
Also factor out some duplication, inline single-call functions to
their call sites, and make some of the lambdas clearer by only having
implicit state unrelated to their primary purpose in captures but
passing as arguments things they fundamentally need to do their job
(and actually adding some duplication for time_left() which was subtle
enough to fool me into thinking that we only needed one call of
set_timeout(), which I've renamed to update_timeout()).
Bug: 191172191
Test: Manual
Change-Id: I39a50ca5b72059bfeff48b010d3be44f19eb32fa
writepid command usage to join a cgroup has been deprecated in favor
of a more flexible approach using task_profiles. This way cgroup path
is not hardcoded and cgroup changes can be easily made. Replace
writepid with task_profiles command to migrate between cgroups.
Bug: 191283136
Test: build and boot
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I945c634dfa7621437d8ea3981bce370d680b7371
Using thread cache will cause SIGSEGV for 32bit+kernel4.9 device.
Bug: 190579082
Bug: 189803009
Test: run cts -m CtsSeccompHostTestCases
Change-Id: I47b13d02674aadbacd8dac36d8382eed0885413c
Signed-off-by: yidong zhang <yidong.zhang@amlogic.com>
