Use the si_code value bionic passes us.
Bionic needs to re-raise various signals, which means the si_code
debuggerd sees has been clobbered. If bionic sends us the original
si_code value, we can use that instead of the one we see when the
ptrace the crashed process' siginfo.
Change-Id: If116a6bc667d55a6fb39b74f96673292af4e4c8c
diff --git a/debuggerd/crasher.c b/debuggerd/crasher.c
index 9946faa..3e3ab5a 100644
--- a/debuggerd/crasher.c
+++ b/debuggerd/crasher.c
@@ -126,7 +126,7 @@
return ctest();
} else if (!strcmp(arg, "exit")) {
exit(1);
- } else if (!strcmp(arg, "crash")) {
+ } else if (!strcmp(arg, "crash") || !strcmp(arg, "SIGSEGV")) {
return crash(42);
} else if (!strcmp(arg, "abort")) {
maybe_abort();
@@ -138,23 +138,32 @@
LOG_ALWAYS_FATAL("hello %s", "world");
} else if (!strcmp(arg, "LOG_ALWAYS_FATAL_IF")) {
LOG_ALWAYS_FATAL_IF(true, "hello %s", "world");
+ } else if (!strcmp(arg, "SIGPIPE")) {
+ int pipe_fds[2];
+ pipe(pipe_fds);
+ close(pipe_fds[0]);
+ write(pipe_fds[1], "oops", 4);
+ return EXIT_SUCCESS;
} else if (!strcmp(arg, "heap-usage")) {
abuse_heap();
}
fprintf(stderr, "%s OP\n", __progname);
fprintf(stderr, "where OP is:\n");
- fprintf(stderr, " smash-stack overwrite a stack-guard canary\n");
- fprintf(stderr, " stack-overflow recurse until the stack overflows\n");
- fprintf(stderr, " heap-corruption cause a libc abort by corrupting the heap\n");
- fprintf(stderr, " heap-usage cause a libc abort by abusing a heap function\n");
- fprintf(stderr, " nostack crash with a NULL stack pointer\n");
- fprintf(stderr, " ctest (obsoleted by thread-crash?)\n");
- fprintf(stderr, " exit call exit(1)\n");
- fprintf(stderr, " crash cause a SIGSEGV\n");
- fprintf(stderr, " abort call abort()\n");
- fprintf(stderr, " assert call assert() without a function\n");
- fprintf(stderr, " assert2 call assert() with a function\n");
+ fprintf(stderr, " smash-stack overwrite a stack-guard canary\n");
+ fprintf(stderr, " stack-overflow recurse until the stack overflows\n");
+ fprintf(stderr, " heap-corruption cause a libc abort by corrupting the heap\n");
+ fprintf(stderr, " heap-usage cause a libc abort by abusing a heap function\n");
+ fprintf(stderr, " nostack crash with a NULL stack pointer\n");
+ fprintf(stderr, " ctest (obsoleted by thread-crash?)\n");
+ fprintf(stderr, " exit call exit(1)\n");
+ fprintf(stderr, " abort call abort()\n");
+ fprintf(stderr, " assert call assert() without a function\n");
+ fprintf(stderr, " assert2 call assert() with a function\n");
+ fprintf(stderr, " LOG_ALWAYS_FATAL call LOG_ALWAYS_FATAL\n");
+ fprintf(stderr, " LOG_ALWAYS_FATAL_IF call LOG_ALWAYS_FATAL\n");
+ fprintf(stderr, " SIGPIPE cause a SIGPIPE\n");
+ fprintf(stderr, " SIGSEGV cause a SIGSEGV (synonym: crash)\n");
fprintf(stderr, "prefix any of the above with 'thread-' to not run\n");
fprintf(stderr, "on the process' main thread.\n");
return EXIT_SUCCESS;
diff --git a/debuggerd/debuggerd.cpp b/debuggerd/debuggerd.cpp
index a2b164e..76bd7a3 100644
--- a/debuggerd/debuggerd.cpp
+++ b/debuggerd/debuggerd.cpp
@@ -51,6 +51,7 @@
pid_t pid, tid;
uid_t uid, gid;
uintptr_t abort_msg_address;
+ int32_t original_si_code;
};
static int write_string(const char* file, const char* string) {
@@ -218,6 +219,7 @@
out_request->uid = cr.uid;
out_request->gid = cr.gid;
out_request->abort_msg_address = msg.abort_msg_address;
+ out_request->original_si_code = msg.original_si_code;
if (msg.action == DEBUGGER_ACTION_CRASH) {
// Ensure that the tid reported by the crashing process is valid.
@@ -302,9 +304,10 @@
case SIGSTOP:
if (request.action == DEBUGGER_ACTION_DUMP_TOMBSTONE) {
XLOG("stopped -- dumping to tombstone\n");
- tombstone_path = engrave_tombstone(
- request.pid, request.tid, signal, request.abort_msg_address, true, true,
- &detach_failed, &total_sleep_time_usec);
+ tombstone_path = engrave_tombstone(request.pid, request.tid,
+ signal, request.original_si_code,
+ request.abort_msg_address, true, true,
+ &detach_failed, &total_sleep_time_usec);
} else if (request.action == DEBUGGER_ACTION_DUMP_BACKTRACE) {
XLOG("stopped -- dumping to fd\n");
dump_backtrace(fd, -1, request.pid, request.tid, &detach_failed,
@@ -336,9 +339,10 @@
kill(request.pid, SIGSTOP);
// don't dump sibling threads when attaching to GDB because it
// makes the process less reliable, apparently...
- tombstone_path = engrave_tombstone(
- request.pid, request.tid, signal, request.abort_msg_address, !attach_gdb,
- false, &detach_failed, &total_sleep_time_usec);
+ tombstone_path = engrave_tombstone(request.pid, request.tid,
+ signal, request.original_si_code,
+ request.abort_msg_address, !attach_gdb, false,
+ &detach_failed, &total_sleep_time_usec);
break;
default:
diff --git a/debuggerd/tombstone.cpp b/debuggerd/tombstone.cpp
index 83df37f..f95e572 100755
--- a/debuggerd/tombstone.cpp
+++ b/debuggerd/tombstone.cpp
@@ -55,7 +55,7 @@
// Must match the path defined in NativeCrashListener.java
#define NCRASH_SOCKET_PATH "/data/system/ndebugsocket"
-static bool signal_has_address(int sig) {
+static bool signal_has_si_addr(int sig) {
switch (sig) {
case SIGILL:
case SIGFPE:
@@ -75,7 +75,7 @@
case SIGFPE: return "SIGFPE";
case SIGSEGV: return "SIGSEGV";
case SIGPIPE: return "SIGPIPE";
-#ifdef SIGSTKFLT
+#if defined(SIGSTKFLT)
case SIGSTKFLT: return "SIGSTKFLT";
#endif
case SIGSTOP: return "SIGSTOP";
@@ -171,20 +171,26 @@
_LOG(log, SCOPE_AT_FAULT, "Build fingerprint: '%s'\n", fingerprint);
}
-static void dump_fault_addr(log_t* log, pid_t tid, int sig) {
+static void dump_signal_info(log_t* log, pid_t tid, int signal, int si_code) {
siginfo_t si;
-
memset(&si, 0, sizeof(si));
- if (ptrace(PTRACE_GETSIGINFO, tid, 0, &si)){
+ if (ptrace(PTRACE_GETSIGINFO, tid, 0, &si) == -1) {
_LOG(log, SCOPE_AT_FAULT, "cannot get siginfo: %s\n", strerror(errno));
- } else if (signal_has_address(sig)) {
- _LOG(log, SCOPE_AT_FAULT, "signal %d (%s), code %d (%s), fault addr %" PRIPTR "\n",
- sig, get_signame(sig), si.si_code, get_sigcode(sig, si.si_code),
- reinterpret_cast<uintptr_t>(si.si_addr));
- } else {
- _LOG(log, SCOPE_AT_FAULT, "signal %d (%s), code %d (%s), fault addr --------\n",
- sig, get_signame(sig), si.si_code, get_sigcode(sig, si.si_code));
+ return;
}
+
+ // bionic has to re-raise some signals, which overwrites the si_code with SI_TKILL.
+ si.si_code = si_code;
+
+ char addr_desc[32]; // ", fault addr 0x1234"
+ if (signal_has_si_addr(signal)) {
+ snprintf(addr_desc, sizeof(addr_desc), "%p", si.si_addr);
+ } else {
+ snprintf(addr_desc, sizeof(addr_desc), "--------");
+ }
+
+ _LOG(log, SCOPE_AT_FAULT, "signal %d (%s), code %d (%s), fault addr %s\n",
+ signal, get_signame(signal), si.si_code, get_sigcode(signal, si.si_code), addr_desc);
}
static void dump_thread_info(log_t* log, pid_t pid, pid_t tid, int scope_flags) {
@@ -349,7 +355,7 @@
_LOG(log, scope_flags, "cannot get siginfo for %d: %s\n", tid, strerror(errno));
return;
}
- if (!signal_has_address(si.si_signo)) {
+ if (!signal_has_si_addr(si.si_signo)) {
return;
}
@@ -588,8 +594,9 @@
}
// Dumps all information about the specified pid to the tombstone.
-static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal, uintptr_t abort_msg_address,
- bool dump_sibling_threads, int* total_sleep_time_usec) {
+static bool dump_crash(log_t* log, pid_t pid, pid_t tid, int signal, int si_code,
+ uintptr_t abort_msg_address, bool dump_sibling_threads,
+ int* total_sleep_time_usec) {
// don't copy log messages to tombstone unless this is a dev device
char value[PROPERTY_VALUE_MAX];
property_get("ro.debuggable", value, "0");
@@ -611,7 +618,7 @@
dump_revision_info(log);
dump_thread_info(log, pid, tid, SCOPE_AT_FAULT);
if (signal) {
- dump_fault_addr(log, tid, signal);
+ dump_signal_info(log, tid, signal, si_code);
}
UniquePtr<BacktraceMap> map(BacktraceMap::Create(pid));
@@ -725,9 +732,9 @@
return amfd;
}
-char* engrave_tombstone(
- pid_t pid, pid_t tid, int signal, uintptr_t abort_msg_address, bool dump_sibling_threads,
- bool quiet, bool* detach_failed, int* total_sleep_time_usec) {
+char* engrave_tombstone(pid_t pid, pid_t tid, int signal, int original_si_code,
+ uintptr_t abort_msg_address, bool dump_sibling_threads, bool quiet,
+ bool* detach_failed, int* total_sleep_time_usec) {
if ((mkdir(TOMBSTONE_DIR, 0755) == -1) && (errno != EEXIST)) {
LOG("failed to create %s: %s\n", TOMBSTONE_DIR, strerror(errno));
}
@@ -752,8 +759,8 @@
log.tfd = fd;
log.amfd = activity_manager_connect();
log.quiet = quiet;
- *detach_failed = dump_crash(
- &log, pid, tid, signal, abort_msg_address, dump_sibling_threads, total_sleep_time_usec);
+ *detach_failed = dump_crash(&log, pid, tid, signal, original_si_code, abort_msg_address,
+ dump_sibling_threads, total_sleep_time_usec);
close(log.amfd);
close(fd);
diff --git a/debuggerd/tombstone.h b/debuggerd/tombstone.h
index e9878bf..3574e84 100644
--- a/debuggerd/tombstone.h
+++ b/debuggerd/tombstone.h
@@ -23,7 +23,9 @@
/* Creates a tombstone file and writes the crash dump to it.
* Returns the path of the tombstone, which must be freed using free(). */
-char* engrave_tombstone(pid_t pid, pid_t tid, int signal, uintptr_t abort_msg_address,
- bool dump_sibling_threads, bool quiet, bool* detach_failed, int* total_sleep_time_usec);
+char* engrave_tombstone(pid_t pid, pid_t tid, int signal, int original_si_code,
+ uintptr_t abort_msg_address,
+ bool dump_sibling_threads, bool quiet,
+ bool* detach_failed, int* total_sleep_time_usec);
#endif // _DEBUGGERD_TOMBSTONE_H
diff --git a/include/cutils/debugger.h b/include/cutils/debugger.h
index af80e2c..ae6bfc4 100644
--- a/include/cutils/debugger.h
+++ b/include/cutils/debugger.h
@@ -42,6 +42,7 @@
debugger_action_t action;
pid_t tid;
uintptr_t abort_msg_address;
+ int32_t original_si_code;
} debugger_msg_t;
/* Dumps a process backtrace, registers, and stack to a tombstone file (requires root).
diff --git a/libcutils/debugger.c b/libcutils/debugger.c
index 7d907fc..056de5d 100644
--- a/libcutils/debugger.c
+++ b/libcutils/debugger.c
@@ -15,6 +15,7 @@
*/
#include <stdlib.h>
+#include <string.h>
#include <unistd.h>
#include <cutils/debugger.h>
@@ -28,9 +29,9 @@
}
debugger_msg_t msg;
+ memset(&msg, 0, sizeof(msg));
msg.tid = tid;
msg.action = DEBUGGER_ACTION_DUMP_TOMBSTONE;
- msg.abort_msg_address = 0;
int result = 0;
if (TEMP_FAILURE_RETRY(write(s, &msg, sizeof(msg))) != sizeof(msg)) {
@@ -62,9 +63,9 @@
}
debugger_msg_t msg;
+ memset(&msg, 0, sizeof(msg));
msg.tid = tid;
msg.action = DEBUGGER_ACTION_DUMP_BACKTRACE;
- msg.abort_msg_address = 0;
int result = 0;
if (TEMP_FAILURE_RETRY(write(s, &msg, sizeof(msg))) != sizeof(msg)) {