1// Copyright (c) 2010, Google Inc.
2// All rights reserved.
3//
4// Redistribution and use in source and binary forms, with or without
5// modification, are permitted provided that the following conditions are
6// met:
7//
8// * Redistributions of source code must retain the above copyright
9// notice, this list of conditions and the following disclaimer.
10// * Redistributions in binary form must reproduce the above
11// copyright notice, this list of conditions and the following disclaimer
12// in the documentation and/or other materials provided with the
13// distribution.
14// * Neither the name of Google Inc. nor the names of its
15// contributors may be used to endorse or promote products derived from
16// this software without specific prior written permission.
17//
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
30// linux_dumper.h: Define the google_breakpad::LinuxDumper class, which
31// is a base class for extracting information of a crashed process. It
32// was originally a complete implementation using the ptrace API, but
33// has been refactored to allow derived implementations supporting both
34// ptrace and core dump. A portion of the original implementation is now
35// in google_breakpad::LinuxPtraceDumper (see linux_ptrace_dumper.h for
36// details).
37
38#ifndef CLIENT_LINUX_MINIDUMP_WRITER_LINUX_DUMPER_H_
39#define CLIENT_LINUX_MINIDUMP_WRITER_LINUX_DUMPER_H_
40
41#include <assert.h>
42#include <elf.h>
43#if defined(__ANDROID__)
44#include <link.h>
45#endif
46#include <linux/limits.h>
47#include <stdint.h>
48#include <sys/types.h>
49#include <sys/user.h>
50
51#include <vector>
52
53#include "client/linux/dump_writer_common/mapping_info.h"
54#include "client/linux/dump_writer_common/thread_info.h"
55#include "common/linux/file_id.h"
56#include "common/memory_allocator.h"
57#include "google_breakpad/common/minidump_format.h"
58
59namespace google_breakpad {
60
61// Typedef for our parsing of the auxv variables in /proc/pid/auxv.
62#if defined(__i386) || defined(__ARM_EABI__) || \
63 (defined(__mips__) && _MIPS_SIM == _ABIO32)
64typedef Elf32_auxv_t elf_aux_entry;
65#elif defined(__x86_64) || defined(__aarch64__) || \
66 (defined(__mips__) && _MIPS_SIM != _ABIO32)
67typedef Elf64_auxv_t elf_aux_entry;
68#endif
69
70typedef __typeof__(((elf_aux_entry*) 0)->a_un.a_val) elf_aux_val_t;
71
72// When we find the VDSO mapping in the process's address space, this
73// is the name we use for it when writing it to the minidump.
74// This should always be less than NAME_MAX!
75const char kLinuxGateLibraryName[] = "linux-gate.so";
76
77class LinuxDumper {
78 public:
79 // The |root_prefix| is prepended to mapping paths before opening them, which
80 // is useful if the crash originates from a chroot.
81 explicit LinuxDumper(pid_t pid, const char* root_prefix = "");
82
83 virtual ~LinuxDumper();
84
85 // Parse the data for |threads| and |mappings|.
86 virtual bool Init();
87
88 // Take any actions that could not be taken in Init(). LateInit() is
89 // called after all other caller's initialization is complete, and in
90 // particular after it has called ThreadsSuspend(), so that ptrace is
91 // available.
92 virtual bool LateInit();
93
94 // Return true if the dumper performs a post-mortem dump.
95 virtual bool IsPostMortem() const = 0;
96
97 // Suspend/resume all threads in the given process.
98 virtual bool ThreadsSuspend() = 0;
99 virtual bool ThreadsResume() = 0;
100
101 // Read information about the |index|-th thread of |threads_|.
102 // Returns true on success. One must have called |ThreadsSuspend| first.
103 virtual bool GetThreadInfoByIndex(size_t index, ThreadInfo* info) = 0;
104
105 size_t GetMainThreadIndex() const {
106 for (size_t i = 0; i < threads_.size(); ++i) {
107 if (threads_[i] == pid_) return i;
108 }
109 return -1u;
110 }
111
112 // These are only valid after a call to |Init|.
113 const wasteful_vector<pid_t>& threads() { return threads_; }
114 const wasteful_vector<MappingInfo*>& mappings() { return mappings_; }
115 const MappingInfo* FindMapping(const void* address) const;
116 // Find the mapping which the given memory address falls in. Unlike
117 // FindMapping, this method uses the unadjusted mapping address
118 // ranges from the kernel, rather than the ranges that have had the
119 // load bias applied.
120 const MappingInfo* FindMappingNoBias(uintptr_t address) const;
121 const wasteful_vector<elf_aux_val_t>& auxv() { return auxv_; }
122
123 // Find a block of memory to take as the stack given the top of stack pointer.
124 // stack: (output) the lowest address in the memory area
125 // stack_len: (output) the length of the memory area
126 // stack_top: the current top of the stack
127 bool GetStackInfo(const void** stack, size_t* stack_len, uintptr_t stack_top);
128
129 // Sanitize a copy of the stack by overwriting words that are not
130 // pointers with a sentinel (0x0defaced).
131 // stack_copy: a copy of the stack to sanitize. |stack_copy| might
132 // not be word aligned, but it represents word aligned
133 // data copied from another location.
134 // stack_len: the length of the allocation pointed to by |stack_copy|.
135 // stack_pointer: the address of the stack pointer (used to locate
136 // the stack mapping, as an optimization).
137 // sp_offset: the offset relative to stack_copy that reflects the
138 // current value of the stack pointer.
139 void SanitizeStackCopy(uint8_t* stack_copy, size_t stack_len,
140 uintptr_t stack_pointer, uintptr_t sp_offset);
141
142 // Test whether |stack_copy| contains a pointer-aligned word that
143 // could be an address within a given mapping.
144 // stack_copy: a copy of the stack to check. |stack_copy| might
145 // not be word aligned, but it represents word aligned
146 // data copied from another location.
147 // stack_len: the length of the allocation pointed to by |stack_copy|.
148 // sp_offset: the offset relative to stack_copy that reflects the
149 // current value of the stack pointer.
150 // mapping: the mapping against which to test stack words.
151 bool StackHasPointerToMapping(const uint8_t* stack_copy, size_t stack_len,
152 uintptr_t sp_offset,
153 const MappingInfo& mapping);
154
155 PageAllocator* allocator() { return &allocator_; }
156
157 // Copy content of |length| bytes from a given process |child|,
158 // starting from |src|, into |dest|. Returns true on success.
159 virtual bool CopyFromProcess(void* dest, pid_t child, const void* src,
160 size_t length) = 0;
161
162 // Builds a proc path for a certain pid for a node (/proc/<pid>/<node>).
163 // |path| is a character array of at least NAME_MAX bytes to return the
164 // result.|node| is the final node without any slashes. Returns true on
165 // success.
166 virtual bool BuildProcPath(char* path, pid_t pid, const char* node) const = 0;
167
168 // Generate a File ID from the .text section of a mapped entry.
169 // If not a member, mapping_id is ignored. This method can also manipulate the
170 // |mapping|.name to truncate "(deleted)" from the file name if necessary.
171 bool ElfFileIdentifierForMapping(const MappingInfo& mapping,
172 bool member,
173 unsigned int mapping_id,
174 wasteful_vector<uint8_t>& identifier);
175
176 void SetCrashInfoFromSigInfo(const siginfo_t& siginfo);
177
178 uintptr_t crash_address() const { return crash_address_; }
179 void set_crash_address(uintptr_t crash_address) {
180 crash_address_ = crash_address;
181 }
182
183 int crash_signal() const { return crash_signal_; }
184 void set_crash_signal(int crash_signal) { crash_signal_ = crash_signal; }
185 const char* GetCrashSignalString() const;
186
187 void set_crash_signal_code(int code) { crash_signal_code_ = code; }
188 int crash_signal_code() const { return crash_signal_code_; }
189
190 void set_crash_exception_info(const std::vector<uint64_t>& exception_info) {
191 assert(exception_info.size() <= MD_EXCEPTION_MAXIMUM_PARAMETERS);
192 crash_exception_info_ = exception_info;
193 }
194 const std::vector<uint64_t>& crash_exception_info() const {
195 return crash_exception_info_;
196 }
197
198 pid_t crash_thread() const { return crash_thread_; }
199 void set_crash_thread(pid_t crash_thread) { crash_thread_ = crash_thread; }
200
201 // Concatenates the |root_prefix_| and |mapping| path. Writes into |path| and
202 // returns true unless the string is too long.
203 bool GetMappingAbsolutePath(const MappingInfo& mapping,
204 char path[PATH_MAX]) const;
205
206 // Extracts the effective path and file name of from |mapping|. In most cases
207 // the effective name/path are just the mapping's path and basename. In some
208 // other cases, however, a library can be mapped from an archive (e.g., when
209 // loading .so libs from an apk on Android) and this method is able to
210 // reconstruct the original file name.
211 void GetMappingEffectiveNameAndPath(const MappingInfo& mapping,
212 char* file_path,
213 size_t file_path_size,
214 char* file_name,
215 size_t file_name_size);
216
217 protected:
218 bool ReadAuxv();
219
220 virtual bool EnumerateMappings();
221
222 virtual bool EnumerateThreads() = 0;
223
224 // For the case where a running program has been deleted, it'll show up in
225 // /proc/pid/maps as "/path/to/program (deleted)". If this is the case, then
226 // see if '/path/to/program (deleted)' matches /proc/pid/exe and return
227 // /proc/pid/exe in |path| so ELF identifier generation works correctly. This
228 // also checks to see if '/path/to/program (deleted)' exists, so it does not
229 // get fooled by a poorly named binary.
230 // For programs that don't end with ' (deleted)', this is a no-op.
231 // This assumes |path| is a buffer with length NAME_MAX.
232 // Returns true if |path| is modified.
233 bool HandleDeletedFileInMapping(char* path) const;
234
235 // ID of the crashed process.
236 const pid_t pid_;
237
238 // Path of the root directory to which mapping paths are relative.
239 const char* const root_prefix_;
240
241 // Virtual address at which the process crashed.
242 uintptr_t crash_address_;
243
244 // Signal that terminated the crashed process.
245 int crash_signal_;
246
247 // The code associated with |crash_signal_|.
248 int crash_signal_code_;
249
250 // The additional fields associated with |crash_signal_|.
251 std::vector<uint64_t> crash_exception_info_;
252
253 // ID of the crashed thread.
254 pid_t crash_thread_;
255
256 mutable PageAllocator allocator_;
257
258 // IDs of all the threads.
259 wasteful_vector<pid_t> threads_;
260
261 // Info from /proc/<pid>/maps.
262 wasteful_vector<MappingInfo*> mappings_;
263
264 // Info from /proc/<pid>/auxv
265 wasteful_vector<elf_aux_val_t> auxv_;
266
267#if defined(__ANDROID__)
268 private:
269 // Android M and later support packed ELF relocations in shared libraries.
270 // Packing relocations changes the vaddr of the LOAD segments, such that
271 // the effective load bias is no longer the same as the start address of
272 // the memory mapping containing the executable parts of the library. The
273 // packing is applied to the stripped library run on the target, but not to
274 // any other library, and in particular not to the library used to generate
275 // breakpad symbols. As a result, we need to adjust the |start_addr| for
276 // any mapping that results from a shared library that contains Android
277 // packed relocations, so that it properly represents the effective library
278 // load bias. The following functions support this adjustment.
279
280 // Check that a given mapping at |start_addr| is for an ELF shared library.
281 // If it is, place the ELF header in |ehdr| and return true.
282 // The first LOAD segment in an ELF shared library has offset zero, so the
283 // ELF file header is at the start of this map entry, and in already mapped
284 // memory.
285 bool GetLoadedElfHeader(uintptr_t start_addr, ElfW(Ehdr)* ehdr);
286
287 // For the ELF file mapped at |start_addr|, iterate ELF program headers to
288 // find the min vaddr of all program header LOAD segments, the vaddr for
289 // the DYNAMIC segment, and a count of DYNAMIC entries. Return values in
290 // |min_vaddr_ptr|, |dyn_vaddr_ptr|, and |dyn_count_ptr|.
291 // The program header table is also in already mapped memory.
292 void ParseLoadedElfProgramHeaders(ElfW(Ehdr)* ehdr,
293 uintptr_t start_addr,
294 uintptr_t* min_vaddr_ptr,
295 uintptr_t* dyn_vaddr_ptr,
296 size_t* dyn_count_ptr);
297
298 // Search the DYNAMIC tags for the ELF file with the given |load_bias|, and
299 // return true if the tags indicate that the file contains Android packed
300 // relocations. Dynamic tags are found at |dyn_vaddr| past the |load_bias|.
301 bool HasAndroidPackedRelocations(uintptr_t load_bias,
302 uintptr_t dyn_vaddr,
303 size_t dyn_count);
304
305 // If the ELF file mapped at |start_addr| contained Android packed
306 // relocations, return the load bias that the system linker (or Chromium
307 // crazy linker) will have used. If the file did not contain Android
308 // packed relocations, returns |start_addr|, indicating that no adjustment
309 // is necessary.
310 // The effective load bias is |start_addr| adjusted downwards by the
311 // min vaddr in the library LOAD segments.
312 uintptr_t GetEffectiveLoadBias(ElfW(Ehdr)* ehdr, uintptr_t start_addr);
313
314 // Called from LateInit(). Iterates |mappings_| and rewrites the |start_addr|
315 // field of any that represent ELF shared libraries with Android packed
316 // relocations, so that |start_addr| is the load bias that the system linker
317 // (or Chromium crazy linker) used. This value matches the addresses produced
318 // when the non-relocation-packed library is used for breakpad symbol
319 // generation.
320 void LatePostprocessMappings();
321#endif // __ANDROID__
322};
323
324} // namespace google_breakpad
325
326#endif // CLIENT_LINUX_HANDLER_LINUX_DUMPER_H_
327