If a process tries to dump itself (e.g. system_server during ANRs),
crash_dump will block trying to write to its pipe if it's not
sufficiently large. Increase the pipe size to the max, and add a test
to make sure that it's always at least 1MB (the default value).
Bug: http://b/38427757
Test: debuggerd_test
Change-Id: Iddb0cb1e5ce9e687efa9e94c2748a1edfe09f119
crash_dump inherits its signal mask from the thread that forked it,
which always has all of its signals blocked, now that sigchain respects
sa_mask.
Manually clear the signal mask, and reduce the timeout to a
still-generous 2 seconds.
Bug: http://b/38427757
Test: manually inserted sleep in crash_dump
Change-Id: If1c9adb68777b71fb19d9b0f47d6998733ed8f52
All intercept requests and crash dump requests must now specify a
dump_type, which can be one of kDebuggerdNativeBacktrace,
kDebuggerdTombstone or kDebuggerdJavaBacktrace. Each process can have
only one outstanding intercept registered at a time.
There's only one non-trivial change in this changeset; and that is
to crash_dump. We now pass the type of dump via a command line
argument instead of inferring it from the (resent) signal, this allows
us to connect to tombstoned before we wait for the signal as the
protocol requires.
Test: debuggerd_test
Change-Id: I189b215acfecd08ac52ab29117e3465da00e3a37
.. for ART and the frameworks to link against. In the new stack dumping
scheme (see related bug), the Java runtime will communicate with
tombstoned in order to obtain a FD to which it can write its traces.
Also move things around to separate headers that are private
implementation details from headers that constitute the public debuggerd
API. There are currently only three such headers :
- tombstoned/tombstoned.h
- debuggerd/client.h
- debuggerd/handler.h
Bug: 32064548
Test: make
Change-Id: If1b8578550e373d84828b180bbe585f1088d1aa3
The changes here involve :
- Creating and opening a new socket to receive trace dump requests on. Having
different sockets allows us to install different sets of access control rules.
- A minor refactor to allow us to share common pieces of implementation
between the java and native dumping code. This will also allow us to
add a unit test for all file / directory related logic.
There are two java trace specific additions here :
- We use SO_PEERCRED instead of trusting the PID written to the seocket
because requests come in from untrusted processes.
- Java trace dumps are not interceptible.
kJavaTraceDumpsEnabled is set to false for now but the value of the flag
will be flipped in a future change.
Bug: 32064548
Test: Manual; Currently working on a unit_test for CrashType.
Change-Id: I1d62cc7a7035fd500c3e2b831704a2934d725e35
bionic's cached values for getpid/gettid can be invalid if the crashing
process manually invoked clone to create a thread or process, which
will lead the crash_dump refusing to do anything, because it sees the
actual values.
Use the getpid/gettid syscalls directly to ensure correct values on
this end.
Bug: http://b/37769298
Test: debuggerd_test
Change-Id: I0b1e652beb1a66e564a48b88ed7fa971d61c6ff9
Move the name of the "private/libc_logging.h" header to <async_safe/log.h>.
For use of libc_malloc_debug_backtrace, remove the libc_logging library.
The library now includes the async safe log functions.
Remove the references to libc_logging.cpp in liblog, it isn't needed because
the code is already protected by a check of the __ANDROID__ define.
Test: Compiled and boot bullhead device.
Test: Run debuggerd unit tests.
Test: Run liblog unit tests on target and host.
Test: Run libmemunreachable unit tests (these tests are flaky though).
Change-Id: Ie79d7274febc31f210b610a2c4da958b5304e402
Applications can set abort messages via android_set_abort_message
without actually aborting. This leads to following non-fatal dumps
printing their output to logcat in the same format as a regular crash.
Bug: http://b/37754992
Test: debuggerd_test
Change-Id: I9c5e942984dfda36448860202b0ff1c2950bdd07
Crashes that happen before tombstoned is running are extremely hard to
diagnose, because tombstones aren't written to disk, and the window of
opportunity to get logs via `adb logcat` is small (potentially
nonexistent).
Solve this by adding a world-writable /dev/kmsg_debug on userdebug
builds, and writing to it in addition to logcat when tombstoned hasn't
started yet.
Bug: http://b/36574794
Test: stop tombstoned; crasher; dmesg
Change-Id: Ib22c02a002afb602933155fb2c9b7a8abbe9ed38
If send_signal failed, debuggerd_trigger_dump should return
instead of further dealing
Change-Id: I0a1ac4255344d1da7a21917ad559b9de4d5a4fee
Signed-off-by: Liu Changcheng <changcheng.liu@intel.com>
Signed-off-by: Jerry Liu <primerlink@gmail.com>
Make sure that we can get the process/thread names for nondumpable
processes with capabilities.
Bug: http://b/36237221
Test: /data/nativetest/debuggerd_test/debuggerd_test32
Change-Id: Iedd4eae18065c2e64abeebff15e3b9b09a630550
Add some tests for edge cases which may have triggered b/36685795.
Bug: http://b/36685795
Test: debuggerd_test
Change-Id: I20670684c8dae422af157be21e44ba5d6d3214d3
Previously, there was no way to detect when tombstoned processed an
intercept request packet, making it possible for a intercept request
followed by a crash_dump being processed in the wrong order.
Add a response to intercept registration, to eliminate this race.
Test: debuggerd_test
Change-Id: If38c6d14081ebc86ff1ed0edd7afaeafc40a8381
Also make it loop, so that upon failing to start a dequeued crash
request, we continue to the next one.
Bug: http://b/36685795
Test: debuggerd_test
Change-Id: I94889125f16f4681c6fa0fa9cac456302602ce01
Previously, we would increment num_concurrent_dumps and fail to
decrement it if we failed to start the request. Change this to
only increment after we've successfully started the dump.
Bug: http://b/36685795
Test: debuggerd_test
Change-Id: I66169ed56ed44271e1d8fe1298d95260be7a32a3
Use an intermediate pipe to detect and report when a requested dump has
completed.
Bug: http://b/35241370
Bug: http://b/35813071
Test: debuggerd_test
Test: manually triggered a background ANR
Change-Id: If14aedf6071288360f1a7853d5a2ee79db121759
This just means we were asked to dump, not that something necessarily went
wrong.
Bug: http://b/36191903
Test: builds
Change-Id: I5638b38f3a13081b1e971512f43238010febb59c
There was at least one failure due to si_code being unitialized
and then examined.
Test: Run the 32 bit and 64 bit version of the unit tests on angler.
Change-Id: I5455a2cd29afafcd26a49f696e61141bb48478dc
It's possible that a device map has memory controlled by a single entry
device driver. Thus, you can deadlock if a process is touching that
device memory and we try to unwind it and also touch that device memory.
Simply skip any attempts to step through, or get function names from
device memory maps.
Bug: 36130325
Test: Ran new unit tests, ran bionic unit tests, ran art ThreadStress.
Change-Id: Ibc62d7ec8106c619ee08968f05e04aea55d7cbfa
Processes that don't have dumpable set to 1 cannot have their
process/thread names read by processes that don't have all of their
capabilities. Fetch these names in crash_dump before dropping
privileges.
Bug: http://b/36237221
Test: debuggerd_test
Test: debuggerd -b `pidof android.hardware.bluetooth@1.0-service`
Change-Id: I174769e7b3c1ea9f11f9c8cbdff83028a4225783
The .clang-format files in the base, debuggerd, adb, libprocinfo, and
fastboot subdirectories each differ slightly from the top level
.clang-format-2 and .clang-format-4, but not in a substantially
meaningful way, as the source files in those directories have not been
re-formatted with clang-format. Therefore, let's reduce the
differences and use only the two top level clang-format files.
Secondly perform some small clean-up of the top level .clang-format
files. AllowShortBlocksOnASingleLine is already false in the Google
style, so it can be removed. AllowShortFunctionsOnASingleLine should
not change between the -2 and -4 versions, so leave it at the Google
default style in both, which is 'All'.
The diff stats for these changes are:
./base/
Old:
640 insertions(+), 531 deletions(-)
New:
563 insertions(+), 808 deletions(-)
./debuggerd/
Old:
910 insertions(+), 886 deletions(-)
New:
991 insertions(+), 1023 deletions(-)
./adb/
Old:
2623 insertions(+), 2886 deletions(-)
New:
2655 insertions(+), 3103 deletions(-)
./libprocinfo/
Old:
2 insertions(+), 1 deletion(-)
New:
4 insertions(+), 18 deletions(-)
./fastboot/
Old:
618 insertions(+), 743 deletions(-)
New:
726 insertions(+), 882 deletions(-)
./init/
Old:
1755 insertions(+), 1866 deletions(-)
New:
1715 insertions(+), 1952 deletions(-)
Test: Above clang-format stats
Change-Id: I3f7b8ab0660c8394c5008ba95ea15e70dd22b55b
If a process that's getting dumped dies before crash_dump starts (e.g.
because seccomp immediately kills it after it execs crash_dump),
improve the error message to not just say "target died before we could
attach".
Bug: http://b/36077710
Test: inserted an exit in the handler, inspected output
Change-Id: I7d394c66d60d328b096b15654b3648e1ed711728
Avoid breaking internal code when AOSP automerges to internal.
This will be reverted after fixing up the uses on the other end.
Bug: http://b/35858739
Test: treehugger
Change-Id: If1ee03d8d7c218d3ad9f451cfe9a9077753dda02
So _LOG could be overridden by customized logging
implementations in non-Android systems.
Bug: 35919515
Test: Test on device
Change-Id: I0885c15353c0b1bf66f6f156e7f502f326b85d57
Don't try to connect to ourselves in a signal handler (e.g. if someone
does `killall -ABRT tombstoned`).
Test: killall -ABRT tombstoned
Change-Id: Ib69a206f741acb523c9f2883d474c940b6ebfab2
Make tombstones group readable to allow them to be picked up by the
dropbox service.
Bug: http://b/35979630
Test: killall -ABRT rild; dumpsys dropbox
Change-Id: If57cc17563c80d5b5c4887b0937905bffef6b231
Include the ABI in seccomp causes.
Slightly improved command-line usage information.
Fix crasher for seccomp failures.
Bug: N/A
Test: crasher
Change-Id: Ie419ecfe72ee4f5ccf49c927be18350a58a66a90
