From fa07f9dc4b4d101a49fba5dbbf35c88cdfec4433 Mon Sep 17 00:00:00 2001 From: Mark Salyzyn Date: Fri, 21 Oct 2016 09:46:42 -0700 Subject: [PATCH] logd: mLastWorstPidOFSystem crash mLastWorstPidOfSystem is filled with iterator references that are not from AID_SYSTEM to aid the performance. But we only clear entries from the list during erase if they are from AID_SYSTEM. Remove the filter check in erase so the stale references will be removed. The conditions that caused this failure are difficult to reproduce and are rare. Test: gTests logd-unit-tests, liblog-unit-tests and logcat-unit-tests Bug: 32247044 Bug: 31237377 Change-Id: Ie405dd643203b816cac15eef5c97600551cee450 --- logd/LogBuffer.cpp | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/logd/LogBuffer.cpp b/logd/LogBuffer.cpp index 5554d5327..aff8a4676 100644 --- a/logd/LogBuffer.cpp +++ b/logd/LogBuffer.cpp @@ -222,6 +222,9 @@ LogBufferElementCollection::iterator LogBuffer::erase( LogBufferElement *element = *it; log_id_t id = element->getLogId(); + // Remove iterator references in the various lists that will become stale + // after the element is erased from the main logging list. + { // start of scope for found iterator int key = ((id == LOG_ID_EVENTS) || (id == LOG_ID_SECURITY)) ? element->getTag() : element->getUid(); @@ -231,7 +234,8 @@ LogBufferElementCollection::iterator LogBuffer::erase( } } - if ((id != LOG_ID_EVENTS) && (id != LOG_ID_SECURITY) && (element->getUid() == AID_SYSTEM)) { + if ((id != LOG_ID_EVENTS) && (id != LOG_ID_SECURITY)) { + // element->getUid() may not be AID_SYSTEM for next-best-watermark. // start of scope for pid found iterator LogBufferPidIteratorMap::iterator found = mLastWorstPidOfSystem[id].find(element->getPid()); @@ -501,7 +505,7 @@ bool LogBuffer::prune(log_id_t id, unsigned long pruneRows, uid_t caller_uid) { it = found->second; } } - if (worstPid) { + if (worstPid) { // Only set if !LOG_ID_EVENTS and !LOG_ID_SECURITY // begin scope for pid worst found iterator LogBufferPidIteratorMap::iterator found = mLastWorstPidOfSystem[id].find(worstPid); @@ -534,6 +538,7 @@ bool LogBuffer::prune(log_id_t id, unsigned long pruneRows, uid_t caller_uid) { ++it; continue; } + // below this point element->getLogId() == id if (leading && (!mLastSet[id] || ((*mLast[id])->getLogId() != id))) { mLast[id] = it; @@ -590,6 +595,8 @@ bool LogBuffer::prune(log_id_t id, unsigned long pruneRows, uid_t caller_uid) { && ((!gc && (element->getPid() == worstPid)) || (mLastWorstPidOfSystem[id].find(element->getPid()) == mLastWorstPidOfSystem[id].end()))) { + // element->getUid() may not be AID_SYSTEM, next best + // watermark if current one empty. mLastWorstPidOfSystem[id][element->getPid()] = it; } if ((!gc && !worstPid && (key == worst)) @@ -607,6 +614,8 @@ bool LogBuffer::prune(log_id_t id, unsigned long pruneRows, uid_t caller_uid) { ++it; continue; } + // key == worst below here + // If worstPid set, then element->getPid() == worstPid below here pruneRows--; if (pruneRows == 0) { @@ -630,6 +639,8 @@ bool LogBuffer::prune(log_id_t id, unsigned long pruneRows, uid_t caller_uid) { if (worstPid && (!gc || (mLastWorstPidOfSystem[id].find(worstPid) == mLastWorstPidOfSystem[id].end()))) { + // element->getUid() may not be AID_SYSTEM, next best + // watermark if current one empty. mLastWorstPidOfSystem[id][worstPid] = it; } if ((!gc && !worstPid) ||