On 64 bit systems, calls to dump_backtrace_to_file or dump_tombstone
try and directly contact the correct debuggerd (32 bit vs 64 bit)
by reading the elf information for the executable.
Unfortunately, system_server makes a call to dump_backtrace_to_file
and it doesn't have permissions to read the executable data, so it
defaults to always contacting the 64 bit debuggerd.
This CL changes the code so that all dump requests go to the 64 bit
debuggerd, which reads the elf information and redirects requests for
32 bit processes to the 32 bit debuggerd.
Testing:
- Forced the watchdog code in system_server to dump stacks and
verified that all native stacks are dumped correctly.
- Verified that dumpstate and bugreport still properly dump the native
processes on a 64 bit and 32 bit system.
- Intentionally forced the 64 bit to 32 bit redirect to write only a
byte at a time and verified there are no errors, and no dropped data.
- Used debuggerd and debuggerd64 to dump 32 bit and 64 bit processes
seemlessly.
- Used debuggerd on a 32 bit system to dump native stacks.
Bug: https://code.google.com/p/android/issues/detail?id=97024
Change-Id: Ie01945153bdc1c4ded696c7334b61d58575314d1
- Fix a problem where a tid exits before the attach completes, and it
causes debuggerd to self terminate.
- Fix a problem where sibling tid dumps do not properly wait for the tid
to get signalled.
Bug: 17800180
Bug: 12567315
(cherry picked from commit 84ddb34a3a)
Change-Id: I45e33865614d4c96f4a89cf117398666b556d500
debuggerd allows uid-0 processes to dump tombstones or backtraces
of any process, and uid-system processes to dump backtraces of any
processes. Restrict these operations via SELinux based on the
client context, the target process context, and the action.
Depends on I8e120d319512ff207ed22ed87cde4e0432a13dda for the
corresponding policy definitions.
Change-Id: Ib317564e54e07cc21f259e75124b762ad17c6e16
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Also fix dumping of arm64's vector registers, which are actually 128 bits wide.
Also move the arm/arm64 FP registers to the tombstone. (We've never dumped
them at all for the other architectures.)
(cherry picked from commit b40c50351e)
Change-Id: Ic646fb9ea01e9beb42e1757feb8742c1d4efafa7
Also fix dumping of arm64's vector registers, which are actually 128 bits wide.
Also move the arm/arm64 FP registers to the tombstone. (We've never dumped
them at all for the other architectures.)
Change-Id: I239a86dd225b47fa90109bc824b7610df67ad812
There's no good reason to separate "fill the integer registers with
recognizable patterns and crash" from "fill the FP registers with recognizable
patterns and crash".
Also remove the incorrect use of ARCH_ARM_HAVE_VFP_D32 rather than try to fix
it.
Change-Id: I3a4a3aca1575de5489314027ae52168997404d79
Maps output now displays fault address location more intelligently. If
the fault is not in a mapped region, it now shows where that address is
with respect to the other maps.
In addition, the size of the map is now printed as part of the output.
Also, crasher now supports an "mmap" option which mmaps/munmaps a region
of memory and then attempts to access it, causing a fault address in
between mapped regions that can be used to test that new part of the
maps output.
Change-Id: Ia5e1926802bdfcbbdb7857e3631ddf395ae0c5b8
Now the debugging output shows the tid of the crashed thread instead of
the pid of the process that crashed.
Change-Id: I637f409ff02d73d458edc6d1a5c462c21d128211
The debug output was still showing the pathname that worked with
gdbclient before my changes, and therefore did not work after the fact.
Change-Id: Ie12d79f5346088914ce0a70bda69780707b31d31
If the fault address is not within a mapped region, it logs an error
message after the output. Otherwise, it prefixes the location of the
fault address with "--->" to make it easier to locate.
Change-Id: I330adaade4402ffeb09f1a6d34a944c2f054d06d
Now the functionality implemented by these semi-confusing cases has been
replaced with the same logtype enum behavior that is easier to
understand, and cases that used log-looking behavior to print to logcat
(when log = NULL) now use the more transparent ALOGE/ALOGD functions.
Change-Id: I7e38f2d4ca74a828df4d2266b3ea34edd3c6f5bb
Now the map output is only sent to the tombstone, and the entire
contents of /prod/$PID/maps is logged, not just 3 lines. Additionally,
crasher now supports "crasher SIGSEGV-non-null", which attempts to write to a
dereferenced function address, causing a SIGSEGV at a non-zero address.
This new crasher mode can be used to test the new maps output.
Bug: 15343662
Change-Id: I796d92e8352a6b9714bbbfe96f3143c56565ef2f
The system by which debuggerd filters its output to different locations
is now based on an enum called logtype with easy to understand
categories for log messages (like THREAD, MEMORY, etc.) instead of the
old, fairly esoteric scope_flags variable. Now much of the output that
previously went to logcat does not show up on the screen, but all output
can be found in the tombstone file. In addition, the tombstone's
location is now printed so it can be located easily.
Bug: 15341747
Change-Id: Ia2f2051d1dfdea934d0e6ed220f24345e35ba6a2