1 /*
2 * Copyright 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <debuggerd/client.h>
18
19 #include <fcntl.h>
20 #include <signal.h>
21 #include <stdlib.h>
22 #include <sys/poll.h>
23 #include <sys/stat.h>
24 #include <sys/types.h>
25 #include <time.h>
26 #include <unistd.h>
27
28 #include <chrono>
29 #include <iomanip>
30
31 #include <android-base/cmsg.h>
32 #include <android-base/file.h>
33 #include <android-base/logging.h>
34 #include <android-base/parseint.h>
35 #include <android-base/stringprintf.h>
36 #include <android-base/strings.h>
37 #include <android-base/unique_fd.h>
38 #include <bionic/reserved_signals.h>
39 #include <cutils/sockets.h>
40 #include <procinfo/process.h>
41
42 #include "debuggerd/handler.h"
43 #include "protocol.h"
44 #include "util.h"
45
46 using namespace std::chrono_literals;
47
48 using android::base::ReadFileToString;
49 using android::base::SendFileDescriptors;
50 using android::base::unique_fd;
51 using android::base::WriteStringToFd;
52
send_signal(pid_t pid,const DebuggerdDumpType dump_type)53 static bool send_signal(pid_t pid, const DebuggerdDumpType dump_type) {
54 const int signal = (dump_type == kDebuggerdJavaBacktrace) ? SIGQUIT : BIONIC_SIGNAL_DEBUGGER;
55 sigval val;
56 val.sival_int = (dump_type == kDebuggerdNativeBacktrace) ? 1 : 0;
57
58 if (sigqueue(pid, signal, val) != 0) {
59 PLOG(ERROR) << "libdebuggerd_client: failed to send signal to pid " << pid;
60 return false;
61 }
62 return true;
63 }
64
65 template <typename Duration>
populate_timeval(struct timeval * tv,const Duration & duration)66 static void populate_timeval(struct timeval* tv, const Duration& duration) {
67 auto seconds = std::chrono::duration_cast<std::chrono::seconds>(duration);
68 auto microseconds = std::chrono::duration_cast<std::chrono::microseconds>(duration - seconds);
69 tv->tv_sec = static_cast<long>(seconds.count());
70 tv->tv_usec = static_cast<long>(microseconds.count());
71 }
72
73 /**
74 * Returns the wchan data for each thread in the process,
75 * or empty string if unable to obtain any data.
76 */
get_wchan_data(pid_t pid)77 static std::string get_wchan_data(pid_t pid) {
78 std::stringstream buffer;
79 std::vector<pid_t> tids;
80
81 if (!android::procinfo::GetProcessTids(pid, &tids)) {
82 LOG(WARNING) << "libdebuggerd_client: Failed to get process tids";
83 return buffer.str();
84 }
85
86 std::stringstream data;
87 for (int tid : tids) {
88 std::string path = "/proc/" + std::to_string(pid) + "/task/" + std::to_string(tid) + "/wchan";
89 std::string wchan_str;
90 if (!ReadFileToString(path, &wchan_str, true)) {
91 PLOG(WARNING) << "libdebuggerd_client: Failed to read \"" << path << "\"";
92 continue;
93 }
94 data << "sysTid=" << std::left << std::setw(10) << tid << wchan_str << "\n";
95 }
96
97 if (std::string str = data.str(); !str.empty()) {
98 buffer << "\n----- Waiting Channels: pid " << pid << " at " << get_timestamp() << " -----\n"
99 << "Cmd line: " << get_process_name(pid) << "\n";
100 buffer << "\n" << str << "\n";
101 buffer << "----- end " << std::to_string(pid) << " -----\n";
102 buffer << "\n";
103 }
104
105 return buffer.str();
106 }
107
dump_wchan_data(const std::string & data,int fd,pid_t pid)108 static void dump_wchan_data(const std::string& data, int fd, pid_t pid) {
109 if (!WriteStringToFd(data, fd)) {
110 LOG(WARNING) << "libdebuggerd_client: Failed to dump wchan data for pid: " << pid;
111 }
112 }
113
debuggerd_trigger_dump(pid_t tid,DebuggerdDumpType dump_type,unsigned int timeout_ms,unique_fd output_fd)114 bool debuggerd_trigger_dump(pid_t tid, DebuggerdDumpType dump_type, unsigned int timeout_ms,
115 unique_fd output_fd) {
116 pid_t pid = tid;
117 if (dump_type == kDebuggerdJavaBacktrace) {
118 // Java dumps always get sent to the tgid, so we need to resolve our tid to a tgid.
119 android::procinfo::ProcessInfo procinfo;
120 std::string error;
121 if (!android::procinfo::GetProcessInfo(tid, &procinfo, &error)) {
122 LOG(ERROR) << "libdebugged_client: failed to get process info: " << error;
123 return false;
124 }
125 pid = procinfo.pid;
126 }
127
128 LOG(INFO) << "libdebuggerd_client: started dumping process " << pid;
129 unique_fd sockfd;
130 const auto end = std::chrono::steady_clock::now() + std::chrono::milliseconds(timeout_ms);
131 auto time_left = [&end]() { return end - std::chrono::steady_clock::now(); };
132 auto set_timeout = [timeout_ms, &time_left](int sockfd) {
133 if (timeout_ms <= 0) {
134 return sockfd;
135 }
136
137 auto remaining = time_left();
138 if (remaining < decltype(remaining)::zero()) {
139 LOG(ERROR) << "libdebuggerd_client: timeout expired";
140 return -1;
141 }
142
143 struct timeval timeout;
144 populate_timeval(&timeout, remaining);
145
146 if (setsockopt(sockfd, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) != 0) {
147 PLOG(ERROR) << "libdebuggerd_client: failed to set receive timeout";
148 return -1;
149 }
150 if (setsockopt(sockfd, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(timeout)) != 0) {
151 PLOG(ERROR) << "libdebuggerd_client: failed to set send timeout";
152 return -1;
153 }
154
155 return sockfd;
156 };
157
158 sockfd.reset(socket(AF_LOCAL, SOCK_SEQPACKET, 0));
159 if (sockfd == -1) {
160 PLOG(ERROR) << "libdebugger_client: failed to create socket";
161 return false;
162 }
163
164 if (socket_local_client_connect(set_timeout(sockfd.get()), kTombstonedInterceptSocketName,
165 ANDROID_SOCKET_NAMESPACE_RESERVED, SOCK_SEQPACKET) == -1) {
166 PLOG(ERROR) << "libdebuggerd_client: failed to connect to tombstoned";
167 return false;
168 }
169
170 InterceptRequest req = {
171 .dump_type = dump_type,
172 .pid = pid,
173 };
174 if (!set_timeout(sockfd)) {
175 PLOG(ERROR) << "libdebugger_client: failed to set timeout";
176 return false;
177 }
178
179 // Create an intermediate pipe to pass to the other end.
180 unique_fd pipe_read, pipe_write;
181 if (!Pipe(&pipe_read, &pipe_write)) {
182 PLOG(ERROR) << "libdebuggerd_client: failed to create pipe";
183 return false;
184 }
185
186 std::string pipe_size_str;
187 int pipe_buffer_size = 1024 * 1024;
188 if (android::base::ReadFileToString("/proc/sys/fs/pipe-max-size", &pipe_size_str)) {
189 pipe_size_str = android::base::Trim(pipe_size_str);
190
191 if (!android::base::ParseInt(pipe_size_str.c_str(), &pipe_buffer_size, 0)) {
192 LOG(FATAL) << "failed to parse pipe max size '" << pipe_size_str << "'";
193 }
194 }
195
196 if (fcntl(pipe_read.get(), F_SETPIPE_SZ, pipe_buffer_size) != pipe_buffer_size) {
197 PLOG(ERROR) << "failed to set pipe buffer size";
198 }
199
200 ssize_t rc = SendFileDescriptors(set_timeout(sockfd), &req, sizeof(req), pipe_write.get());
201 pipe_write.reset();
202 if (rc != sizeof(req)) {
203 PLOG(ERROR) << "libdebuggerd_client: failed to send output fd to tombstoned";
204 return false;
205 }
206
207 // Check to make sure we've successfully registered.
208 InterceptResponse response;
209 rc = TEMP_FAILURE_RETRY(recv(set_timeout(sockfd.get()), &response, sizeof(response), MSG_TRUNC));
210 if (rc == 0) {
211 LOG(ERROR) << "libdebuggerd_client: failed to read initial response from tombstoned: "
212 << "timeout reached?";
213 return false;
214 } else if (rc == -1) {
215 PLOG(ERROR) << "libdebuggerd_client: failed to read initial response from tombstoned";
216 return false;
217 } else if (rc != sizeof(response)) {
218 LOG(ERROR) << "libdebuggerd_client: received packet of unexpected length from tombstoned while "
219 "reading initial response: expected "
220 << sizeof(response) << ", received " << rc;
221 return false;
222 }
223
224 if (response.status != InterceptStatus::kRegistered) {
225 LOG(ERROR) << "libdebuggerd_client: unexpected registration response: "
226 << static_cast<int>(response.status);
227 return false;
228 }
229
230 if (!send_signal(tid, dump_type)) {
231 return false;
232 }
233
234 rc = TEMP_FAILURE_RETRY(recv(set_timeout(sockfd.get()), &response, sizeof(response), MSG_TRUNC));
235 if (rc == 0) {
236 LOG(ERROR) << "libdebuggerd_client: failed to read status response from tombstoned: "
237 "timeout reached?";
238 return false;
239 } else if (rc == -1) {
240 PLOG(ERROR) << "libdebuggerd_client: failed to read status response from tombstoned";
241 return false;
242 } else if (rc != sizeof(response)) {
243 LOG(ERROR) << "libdebuggerd_client: received packet of unexpected length from tombstoned while "
244 "reading confirmation response: expected "
245 << sizeof(response) << ", received " << rc;
246 return false;
247 }
248
249 if (response.status != InterceptStatus::kStarted) {
250 response.error_message[sizeof(response.error_message) - 1] = '\0';
251 LOG(ERROR) << "libdebuggerd_client: tombstoned reported failure: " << response.error_message;
252 return false;
253 }
254
255 // Forward output from the pipe to the output fd.
256 while (true) {
257 auto remaining_ms = std::chrono::duration_cast<std::chrono::milliseconds>(time_left()).count();
258 if (timeout_ms <= 0) {
259 remaining_ms = -1;
260 } else if (remaining_ms < 0) {
261 LOG(ERROR) << "libdebuggerd_client: timeout expired";
262 return false;
263 }
264
265 struct pollfd pfd = {
266 .fd = pipe_read.get(), .events = POLLIN, .revents = 0,
267 };
268
269 rc = poll(&pfd, 1, remaining_ms);
270 if (rc == -1) {
271 if (errno == EINTR) {
272 continue;
273 } else {
274 PLOG(ERROR) << "libdebuggerd_client: error while polling";
275 return false;
276 }
277 } else if (rc == 0) {
278 LOG(ERROR) << "libdebuggerd_client: timeout expired";
279 return false;
280 }
281
282 char buf[1024];
283 rc = TEMP_FAILURE_RETRY(read(pipe_read.get(), buf, sizeof(buf)));
284 if (rc == 0) {
285 // Done.
286 break;
287 } else if (rc == -1) {
288 PLOG(ERROR) << "libdebuggerd_client: error while reading";
289 return false;
290 }
291
292 if (!android::base::WriteFully(output_fd.get(), buf, rc)) {
293 PLOG(ERROR) << "libdebuggerd_client: error while writing";
294 return false;
295 }
296 }
297
298 LOG(INFO) << "libdebuggerd_client: done dumping process " << pid;
299
300 return true;
301 }
302
dump_backtrace_to_file(pid_t tid,DebuggerdDumpType dump_type,int fd)303 int dump_backtrace_to_file(pid_t tid, DebuggerdDumpType dump_type, int fd) {
304 return dump_backtrace_to_file_timeout(tid, dump_type, 0, fd);
305 }
306
dump_backtrace_to_file_timeout(pid_t tid,DebuggerdDumpType dump_type,int timeout_secs,int fd)307 int dump_backtrace_to_file_timeout(pid_t tid, DebuggerdDumpType dump_type, int timeout_secs,
308 int fd) {
309 android::base::unique_fd copy(dup(fd));
310 if (copy == -1) {
311 return -1;
312 }
313
314 // debuggerd_trigger_dump results in every thread in the process being interrupted
315 // by a signal, so we need to fetch the wchan data before calling that.
316 std::string wchan_data = get_wchan_data(tid);
317
318 int timeout_ms = timeout_secs > 0 ? timeout_secs * 1000 : 0;
319 int ret = debuggerd_trigger_dump(tid, dump_type, timeout_ms, std::move(copy)) ? 0 : -1;
320
321 // Dump wchan data, since only privileged processes (CAP_SYS_ADMIN) can read
322 // kernel stack traces (/proc/*/stack).
323 dump_wchan_data(wchan_data, fd, tid);
324
325 return ret;
326 }
327