1 | // Copyright (c) 2010, Google Inc. |
2 | // All rights reserved. |
3 | // |
4 | // Redistribution and use in source and binary forms, with or without |
5 | // modification, are permitted provided that the following conditions are |
6 | // met: |
7 | // |
8 | // * Redistributions of source code must retain the above copyright |
9 | // notice, this list of conditions and the following disclaimer. |
10 | // * Redistributions in binary form must reproduce the above |
11 | // copyright notice, this list of conditions and the following disclaimer |
12 | // in the documentation and/or other materials provided with the |
13 | // distribution. |
14 | // * Neither the name of Google Inc. nor the names of its |
15 | // contributors may be used to endorse or promote products derived from |
16 | // this software without specific prior written permission. |
17 | // |
18 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
19 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
20 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
21 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
22 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
24 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
25 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
26 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
27 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 | |
30 | // linux_dumper.h: Define the google_breakpad::LinuxDumper class, which |
31 | // is a base class for extracting information of a crashed process. It |
32 | // was originally a complete implementation using the ptrace API, but |
33 | // has been refactored to allow derived implementations supporting both |
34 | // ptrace and core dump. A portion of the original implementation is now |
35 | // in google_breakpad::LinuxPtraceDumper (see linux_ptrace_dumper.h for |
36 | // details). |
37 | |
38 | #ifndef CLIENT_LINUX_MINIDUMP_WRITER_LINUX_DUMPER_H_ |
39 | #define CLIENT_LINUX_MINIDUMP_WRITER_LINUX_DUMPER_H_ |
40 | |
41 | #include <assert.h> |
42 | #include <elf.h> |
43 | #if defined(__ANDROID__) |
44 | #include <link.h> |
45 | #endif |
46 | #include <linux/limits.h> |
47 | #include <stdint.h> |
48 | #include <sys/types.h> |
49 | #include <sys/user.h> |
50 | |
51 | #include <vector> |
52 | |
53 | #include "client/linux/dump_writer_common/mapping_info.h" |
54 | #include "client/linux/dump_writer_common/thread_info.h" |
55 | #include "common/linux/file_id.h" |
56 | #include "common/memory_allocator.h" |
57 | #include "google_breakpad/common/minidump_format.h" |
58 | |
59 | namespace google_breakpad { |
60 | |
61 | // Typedef for our parsing of the auxv variables in /proc/pid/auxv. |
62 | #if defined(__i386) || defined(__ARM_EABI__) || \ |
63 | (defined(__mips__) && _MIPS_SIM == _ABIO32) |
64 | typedef Elf32_auxv_t elf_aux_entry; |
65 | #elif defined(__x86_64) || defined(__aarch64__) || \ |
66 | (defined(__mips__) && _MIPS_SIM != _ABIO32) |
67 | typedef Elf64_auxv_t elf_aux_entry; |
68 | #endif |
69 | |
70 | typedef __typeof__(((elf_aux_entry*) 0)->a_un.a_val) elf_aux_val_t; |
71 | |
72 | // When we find the VDSO mapping in the process's address space, this |
73 | // is the name we use for it when writing it to the minidump. |
74 | // This should always be less than NAME_MAX! |
75 | const char kLinuxGateLibraryName[] = "linux-gate.so" ; |
76 | |
77 | class LinuxDumper { |
78 | public: |
79 | // The |root_prefix| is prepended to mapping paths before opening them, which |
80 | // is useful if the crash originates from a chroot. |
81 | explicit LinuxDumper(pid_t pid, const char* root_prefix = "" ); |
82 | |
83 | virtual ~LinuxDumper(); |
84 | |
85 | // Parse the data for |threads| and |mappings|. |
86 | virtual bool Init(); |
87 | |
88 | // Take any actions that could not be taken in Init(). LateInit() is |
89 | // called after all other caller's initialization is complete, and in |
90 | // particular after it has called ThreadsSuspend(), so that ptrace is |
91 | // available. |
92 | virtual bool LateInit(); |
93 | |
94 | // Return true if the dumper performs a post-mortem dump. |
95 | virtual bool IsPostMortem() const = 0; |
96 | |
97 | // Suspend/resume all threads in the given process. |
98 | virtual bool ThreadsSuspend() = 0; |
99 | virtual bool ThreadsResume() = 0; |
100 | |
101 | // Read information about the |index|-th thread of |threads_|. |
102 | // Returns true on success. One must have called |ThreadsSuspend| first. |
103 | virtual bool GetThreadInfoByIndex(size_t index, ThreadInfo* info) = 0; |
104 | |
105 | size_t GetMainThreadIndex() const { |
106 | for (size_t i = 0; i < threads_.size(); ++i) { |
107 | if (threads_[i] == pid_) return i; |
108 | } |
109 | return -1u; |
110 | } |
111 | |
112 | // These are only valid after a call to |Init|. |
113 | const wasteful_vector<pid_t>& threads() { return threads_; } |
114 | const wasteful_vector<MappingInfo*>& mappings() { return mappings_; } |
115 | const MappingInfo* FindMapping(const void* address) const; |
116 | // Find the mapping which the given memory address falls in. Unlike |
117 | // FindMapping, this method uses the unadjusted mapping address |
118 | // ranges from the kernel, rather than the ranges that have had the |
119 | // load bias applied. |
120 | const MappingInfo* FindMappingNoBias(uintptr_t address) const; |
121 | const wasteful_vector<elf_aux_val_t>& auxv() { return auxv_; } |
122 | |
123 | // Find a block of memory to take as the stack given the top of stack pointer. |
124 | // stack: (output) the lowest address in the memory area |
125 | // stack_len: (output) the length of the memory area |
126 | // stack_top: the current top of the stack |
127 | bool GetStackInfo(const void** stack, size_t* stack_len, uintptr_t stack_top); |
128 | |
129 | // Sanitize a copy of the stack by overwriting words that are not |
130 | // pointers with a sentinel (0x0defaced). |
131 | // stack_copy: a copy of the stack to sanitize. |stack_copy| might |
132 | // not be word aligned, but it represents word aligned |
133 | // data copied from another location. |
134 | // stack_len: the length of the allocation pointed to by |stack_copy|. |
135 | // stack_pointer: the address of the stack pointer (used to locate |
136 | // the stack mapping, as an optimization). |
137 | // sp_offset: the offset relative to stack_copy that reflects the |
138 | // current value of the stack pointer. |
139 | void SanitizeStackCopy(uint8_t* stack_copy, size_t stack_len, |
140 | uintptr_t stack_pointer, uintptr_t sp_offset); |
141 | |
142 | // Test whether |stack_copy| contains a pointer-aligned word that |
143 | // could be an address within a given mapping. |
144 | // stack_copy: a copy of the stack to check. |stack_copy| might |
145 | // not be word aligned, but it represents word aligned |
146 | // data copied from another location. |
147 | // stack_len: the length of the allocation pointed to by |stack_copy|. |
148 | // sp_offset: the offset relative to stack_copy that reflects the |
149 | // current value of the stack pointer. |
150 | // mapping: the mapping against which to test stack words. |
151 | bool StackHasPointerToMapping(const uint8_t* stack_copy, size_t stack_len, |
152 | uintptr_t sp_offset, |
153 | const MappingInfo& mapping); |
154 | |
155 | PageAllocator* allocator() { return &allocator_; } |
156 | |
157 | // Copy content of |length| bytes from a given process |child|, |
158 | // starting from |src|, into |dest|. Returns true on success. |
159 | virtual bool CopyFromProcess(void* dest, pid_t child, const void* src, |
160 | size_t length) = 0; |
161 | |
162 | // Builds a proc path for a certain pid for a node (/proc/<pid>/<node>). |
163 | // |path| is a character array of at least NAME_MAX bytes to return the |
164 | // result.|node| is the final node without any slashes. Returns true on |
165 | // success. |
166 | virtual bool BuildProcPath(char* path, pid_t pid, const char* node) const = 0; |
167 | |
168 | // Generate a File ID from the .text section of a mapped entry. |
169 | // If not a member, mapping_id is ignored. This method can also manipulate the |
170 | // |mapping|.name to truncate "(deleted)" from the file name if necessary. |
171 | bool ElfFileIdentifierForMapping(const MappingInfo& mapping, |
172 | bool member, |
173 | unsigned int mapping_id, |
174 | wasteful_vector<uint8_t>& identifier); |
175 | |
176 | void SetCrashInfoFromSigInfo(const siginfo_t& siginfo); |
177 | |
178 | uintptr_t crash_address() const { return crash_address_; } |
179 | void set_crash_address(uintptr_t crash_address) { |
180 | crash_address_ = crash_address; |
181 | } |
182 | |
183 | int crash_signal() const { return crash_signal_; } |
184 | void set_crash_signal(int crash_signal) { crash_signal_ = crash_signal; } |
185 | const char* GetCrashSignalString() const; |
186 | |
187 | void set_crash_signal_code(int code) { crash_signal_code_ = code; } |
188 | int crash_signal_code() const { return crash_signal_code_; } |
189 | |
190 | void set_crash_exception_info(const std::vector<uint64_t>& exception_info) { |
191 | assert(exception_info.size() <= MD_EXCEPTION_MAXIMUM_PARAMETERS); |
192 | crash_exception_info_ = exception_info; |
193 | } |
194 | const std::vector<uint64_t>& crash_exception_info() const { |
195 | return crash_exception_info_; |
196 | } |
197 | |
198 | pid_t crash_thread() const { return crash_thread_; } |
199 | void set_crash_thread(pid_t crash_thread) { crash_thread_ = crash_thread; } |
200 | |
201 | // Concatenates the |root_prefix_| and |mapping| path. Writes into |path| and |
202 | // returns true unless the string is too long. |
203 | bool GetMappingAbsolutePath(const MappingInfo& mapping, |
204 | char path[PATH_MAX]) const; |
205 | |
206 | // Extracts the effective path and file name of from |mapping|. In most cases |
207 | // the effective name/path are just the mapping's path and basename. In some |
208 | // other cases, however, a library can be mapped from an archive (e.g., when |
209 | // loading .so libs from an apk on Android) and this method is able to |
210 | // reconstruct the original file name. |
211 | void GetMappingEffectiveNameAndPath(const MappingInfo& mapping, |
212 | char* file_path, |
213 | size_t file_path_size, |
214 | char* file_name, |
215 | size_t file_name_size); |
216 | |
217 | protected: |
218 | bool ReadAuxv(); |
219 | |
220 | virtual bool EnumerateMappings(); |
221 | |
222 | virtual bool EnumerateThreads() = 0; |
223 | |
224 | // For the case where a running program has been deleted, it'll show up in |
225 | // /proc/pid/maps as "/path/to/program (deleted)". If this is the case, then |
226 | // see if '/path/to/program (deleted)' matches /proc/pid/exe and return |
227 | // /proc/pid/exe in |path| so ELF identifier generation works correctly. This |
228 | // also checks to see if '/path/to/program (deleted)' exists, so it does not |
229 | // get fooled by a poorly named binary. |
230 | // For programs that don't end with ' (deleted)', this is a no-op. |
231 | // This assumes |path| is a buffer with length NAME_MAX. |
232 | // Returns true if |path| is modified. |
233 | bool HandleDeletedFileInMapping(char* path) const; |
234 | |
235 | // ID of the crashed process. |
236 | const pid_t pid_; |
237 | |
238 | // Path of the root directory to which mapping paths are relative. |
239 | const char* const root_prefix_; |
240 | |
241 | // Virtual address at which the process crashed. |
242 | uintptr_t crash_address_; |
243 | |
244 | // Signal that terminated the crashed process. |
245 | int crash_signal_; |
246 | |
247 | // The code associated with |crash_signal_|. |
248 | int crash_signal_code_; |
249 | |
250 | // The additional fields associated with |crash_signal_|. |
251 | std::vector<uint64_t> crash_exception_info_; |
252 | |
253 | // ID of the crashed thread. |
254 | pid_t crash_thread_; |
255 | |
256 | mutable PageAllocator allocator_; |
257 | |
258 | // IDs of all the threads. |
259 | wasteful_vector<pid_t> threads_; |
260 | |
261 | // Info from /proc/<pid>/maps. |
262 | wasteful_vector<MappingInfo*> mappings_; |
263 | |
264 | // Info from /proc/<pid>/auxv |
265 | wasteful_vector<elf_aux_val_t> auxv_; |
266 | |
267 | #if defined(__ANDROID__) |
268 | private: |
269 | // Android M and later support packed ELF relocations in shared libraries. |
270 | // Packing relocations changes the vaddr of the LOAD segments, such that |
271 | // the effective load bias is no longer the same as the start address of |
272 | // the memory mapping containing the executable parts of the library. The |
273 | // packing is applied to the stripped library run on the target, but not to |
274 | // any other library, and in particular not to the library used to generate |
275 | // breakpad symbols. As a result, we need to adjust the |start_addr| for |
276 | // any mapping that results from a shared library that contains Android |
277 | // packed relocations, so that it properly represents the effective library |
278 | // load bias. The following functions support this adjustment. |
279 | |
280 | // Check that a given mapping at |start_addr| is for an ELF shared library. |
281 | // If it is, place the ELF header in |ehdr| and return true. |
282 | // The first LOAD segment in an ELF shared library has offset zero, so the |
283 | // ELF file header is at the start of this map entry, and in already mapped |
284 | // memory. |
285 | bool GetLoadedElfHeader(uintptr_t start_addr, ElfW(Ehdr)* ehdr); |
286 | |
287 | // For the ELF file mapped at |start_addr|, iterate ELF program headers to |
288 | // find the min vaddr of all program header LOAD segments, the vaddr for |
289 | // the DYNAMIC segment, and a count of DYNAMIC entries. Return values in |
290 | // |min_vaddr_ptr|, |dyn_vaddr_ptr|, and |dyn_count_ptr|. |
291 | // The program header table is also in already mapped memory. |
292 | void ParseLoadedElfProgramHeaders(ElfW(Ehdr)* ehdr, |
293 | uintptr_t start_addr, |
294 | uintptr_t* min_vaddr_ptr, |
295 | uintptr_t* dyn_vaddr_ptr, |
296 | size_t* dyn_count_ptr); |
297 | |
298 | // Search the DYNAMIC tags for the ELF file with the given |load_bias|, and |
299 | // return true if the tags indicate that the file contains Android packed |
300 | // relocations. Dynamic tags are found at |dyn_vaddr| past the |load_bias|. |
301 | bool HasAndroidPackedRelocations(uintptr_t load_bias, |
302 | uintptr_t dyn_vaddr, |
303 | size_t dyn_count); |
304 | |
305 | // If the ELF file mapped at |start_addr| contained Android packed |
306 | // relocations, return the load bias that the system linker (or Chromium |
307 | // crazy linker) will have used. If the file did not contain Android |
308 | // packed relocations, returns |start_addr|, indicating that no adjustment |
309 | // is necessary. |
310 | // The effective load bias is |start_addr| adjusted downwards by the |
311 | // min vaddr in the library LOAD segments. |
312 | uintptr_t GetEffectiveLoadBias(ElfW(Ehdr)* ehdr, uintptr_t start_addr); |
313 | |
314 | // Called from LateInit(). Iterates |mappings_| and rewrites the |start_addr| |
315 | // field of any that represent ELF shared libraries with Android packed |
316 | // relocations, so that |start_addr| is the load bias that the system linker |
317 | // (or Chromium crazy linker) used. This value matches the addresses produced |
318 | // when the non-relocation-packed library is used for breakpad symbol |
319 | // generation. |
320 | void LatePostprocessMappings(); |
321 | #endif // __ANDROID__ |
322 | }; |
323 | |
324 | } // namespace google_breakpad |
325 | |
326 | #endif // CLIENT_LINUX_HANDLER_LINUX_DUMPER_H_ |
327 | |