Previously, we weren't PTRACE_ATTACHing to all of the threads of a
process, and we were also trying to do it after forking and dropping
privileges. This patch ensures that all ptrace attaching/detaching
happens in one place, before forking/exiting respectively.
Bug: http://b/26443860
Bug: http://b/26436605
Bug: http://b/26436486
Change-Id: Id94e0c1d9d56c051d0dd281d895aaa3285079198
The debuggerd code sometimes calls _LOG(..., logtype::ERROR, ...)
and sometimes ALOGE(). Standardize on ALOGE since the _LOG message
will wind up in the tombstone in weird places, but using ALOGE
will wind up in the logcat portion of the tombstone.
Bug: 21467089
Change-Id: Ie893f5e91d45b48ef3f5864c3a714e60ac848fb3
- Add dumping memory around registers for x86/x86_64.
- Add unit tests for new dump_memory function.
- Cleanup all of the machine.cpp files.
- Increase the high address check for 32 bit, and decrease the high
address allowed for 64 bit slightly to match mips64.
Bug: 21206576
Change-Id: I6f75141f3282db48b10f7c695a1cf2eb75a08351
- Fix a problem where a tid exits before the attach completes, and it
causes debuggerd to self terminate.
- Fix a problem where sibling tid dumps do not properly wait for the tid
to get signalled.
Bug: 17800180
Bug: 12567315
(cherry picked from commit 84ddb34a3a)
Change-Id: I45e33865614d4c96f4a89cf117398666b556d500
Also fix dumping of arm64's vector registers, which are actually 128 bits wide.
Also move the arm/arm64 FP registers to the tombstone. (We've never dumped
them at all for the other architectures.)
Change-Id: I239a86dd225b47fa90109bc824b7610df67ad812
Now the functionality implemented by these semi-confusing cases has been
replaced with the same logtype enum behavior that is easier to
understand, and cases that used log-looking behavior to print to logcat
(when log = NULL) now use the more transparent ALOGE/ALOGD functions.
Change-Id: I7e38f2d4ca74a828df4d2266b3ea34edd3c6f5bb
The system by which debuggerd filters its output to different locations
is now based on an enum called logtype with easy to understand
categories for log messages (like THREAD, MEMORY, etc.) instead of the
old, fairly esoteric scope_flags variable. Now much of the output that
previously went to logcat does not show up on the screen, but all output
can be found in the tombstone file. In addition, the tombstone's
location is now printed so it can be located easily.
Bug: 15341747
Change-Id: Ia2f2051d1dfdea934d0e6ed220f24345e35ba6a2
This one makes dump_memory reasonably architecture-agnostic so it is
possible to share the code between architectures.
It also includes a few small improvements in tombstone.cpp.
Change-Id: Ib8a9599bfa420b41e80207988e87aee1b9d79541
Signed-off-by: Kévin PETIT <kevin.petit@arm.com>
Also fixed the LOG() macro to actually write to the log again, tracking
the change in _LOG() argument semantics.
Bug 8322568
Change-Id: I79330c85c26d3ffb734315b6d0f2c0bb80bd234a
The Activity Manager sets up a permission-guarded domain socket, which
debuggerd connects to when a crash happens. If this is successful,
the daemon then mirrors the logged crash report to that socket, then
closes it.
Bug 8322568
Change-Id: Ife0c772a628ef82e8457094e511ce1edbfe57460
Provides a new mechanism for dumpstate (while running as root)
to request that debuggerd dump the stacks of native processes that
we care about in bug reports. In this mode, the backtrace
is formatted to look similar to a Dalvik backtrace.
Moved the tombstone generating code into a separate file to
make it easier to maintain.
Fixed a bug where sometimes the stack traces would be incomplete
because we were not waiting for each thread to stop after issuing
PTRACE_ATTACH, only the main thread. So sometimes we were missing
traces for some threads.
Refactored the logging code to prevent accidentally writing data
to logcat when explicitly dumping a tombstone or backtrace from the
console.
Only root or system server can request to dump backtraces but
only root can dump tombstones.
Bug: 6615693
Change-Id: Ib3edcc16f9f3a687e414e3f2d250d9500566123b
Keep track of whether memory maps are readable. Use the information
in try_get_word to try to avoid accidentally dereferencing an invalid
pointer within the current process. (Note that I haven't ever
seen that happen during normal unwinding, but it pays to be
a little more careful.)
Refactored try_get_word a little to make it easier to pass it the
needed state for validation checks by way of a little memory_t struct.
Improved how the memory map for the current process is cached. This is
important because we need up to date information about readable maps.
Use a 5 second cache expiration.
Improved the PC -> LR fallback logic in the unwinder so we can
eke out an extra frame sometimes.
Fixed a bug reading ELF program headers. The phnum & phentsize
fields are half-words. We were incorrectly interpreting
phnum as a whole word.
Used android_atomic_* operations carefully in the unwinder
to prevent possible memory races between the dumper and the dumpee.
This was highly unlikely (or even impossible due to the presence
of other barriers along the way) but the code is clearer now about
its invariants.
Fixed a bug in debuggerd where the pid was being passed to have
its stack dump taken instead of the tid, resulting in short
stacks because ptrace couldn't read the data if pid != tid.
Did a full sweep to ensure that we use pid / tid correctly everywhere.
Ported old code from debuggerd to rewind the program counter back
one instruction so that it points to the branch instruction itself
instead of the return address.
Change-Id: Icc4eb08320052975a4ae7f0f5f0ac9308a2d33d7
This adds some additional output to native crashes. For example, if
something tried to access a bit of mmap(/dev/zero) memory that had
been mprotect()ed, you might see output like this:
I DEBUG : memory map around addr 4015a00c:
I DEBUG : 40159000-4015a000 /system/lib/libstdc++.so
I DEBUG : 4015a000-40162000 /dev/zero
I DEBUG : b0001000-b0009000 /system/bin/linker
The idea is to see what's in and around the fault address to make it
easier to identify bus errors due to file truncation and segmentation
faults caused by buffer over/underruns.
No output is generated for accesses below 0x1000 (which are likely
NULL pointer dereferences) or for signals that don't set si_addr.
Also, suppress the fault address for signals that don't set si_addr:
I DEBUG : signal 6 (SIGABRT), code 0 (?), fault addr --------
We still print "fault addr" followed by 8 characters for anything
that is parsing the contents. The "address" shown for signals like
SIGABRT was meaningless and possibly confusing.
Bug 5358516
Change-Id: Icae8ef309ea2d89b129f68d30f96b2ca8a69cc6c
The structure user_vfp is incorrectly defined in bionic/libc/kernel/arch-arm/asm/ptrace.h
at the moment, while it should be under bionic/libc/kernel/arch-arm/asm/user.h instead.
Before moving its definition in the corresponding source files, we need to fix its users.
It happens that debuggerd is the only one for now, so fix this by including <linux/user.h>
instead (which will include <asm/user.h> and <asm/ptrace.h>).
Also, make the debug output less chatty by specifying all symbols to be listed
through XLOG2 instead of XLOG.
Change-Id: I16e0fa700945d86efd44ee885a84ad609c0a9b58
This change enables debuggerd to provide backtraces with function
names in tombstone files and log messages. It does this by reading
the image file that the address is found in, and parsing the dynamic
symbol table to try to extract the symbol corresponding to the given
address.
This works best when "-Wl,-export-dynamic" is added to the LDFLAGS
of each library and executable, because this will cause all symbols
to be added to the dynamic symbol table. If this flag is not present,
it will still work, but it will only be able to identify functions
which are part of the external API of the library/executable.
Change-Id: I618baaff9ed9143b7d1a1f302224e9f21d2b0626