1 // Copyright 2010 Google LLC 2 // 3 // Redistribution and use in source and binary forms, with or without 4 // modification, are permitted provided that the following conditions are 5 // met: 6 // 7 // * Redistributions of source code must retain the above copyright 8 // notice, this list of conditions and the following disclaimer. 9 // * Redistributions in binary form must reproduce the above 10 // copyright notice, this list of conditions and the following disclaimer 11 // in the documentation and/or other materials provided with the 12 // distribution. 13 // * Neither the name of Google LLC nor the names of its 14 // contributors may be used to endorse or promote products derived from 15 // this software without specific prior written permission. 16 // 17 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 29 // linux_dumper.h: Define the google_breakpad::LinuxDumper class, which 30 // is a base class for extracting information of a crashed process. It 31 // was originally a complete implementation using the ptrace API, but 32 // has been refactored to allow derived implementations supporting both 33 // ptrace and core dump. A portion of the original implementation is now 34 // in google_breakpad::LinuxPtraceDumper (see linux_ptrace_dumper.h for 35 // details). 36 37 #ifndef CLIENT_LINUX_MINIDUMP_WRITER_LINUX_DUMPER_H_ 38 #define CLIENT_LINUX_MINIDUMP_WRITER_LINUX_DUMPER_H_ 39 40 #include <assert.h> 41 #include <elf.h> 42 #if defined(__ANDROID__) 43 #include <link.h> 44 #endif 45 #include <linux/limits.h> 46 #include <stdint.h> 47 #include <sys/types.h> 48 #include <sys/user.h> 49 50 #include <vector> 51 52 #include "client/linux/dump_writer_common/mapping_info.h" 53 #include "client/linux/dump_writer_common/thread_info.h" 54 #include "common/linux/file_id.h" 55 #include "common/memory_allocator.h" 56 #include "google_breakpad/common/minidump_format.h" 57 58 namespace google_breakpad { 59 60 // Typedef for our parsing of the auxv variables in /proc/pid/auxv. 61 #if defined(__i386) || defined(__ARM_EABI__) || \ 62 (defined(__mips__) && _MIPS_SIM == _ABIO32) || \ 63 (defined(__riscv) && __riscv_xlen == 32) 64 typedef Elf32_auxv_t elf_aux_entry; 65 #elif defined(__x86_64) || defined(__aarch64__) || \ 66 (defined(__mips__) && _MIPS_SIM != _ABIO32) || \ 67 (defined(__riscv) && __riscv_xlen == 64) 68 typedef Elf64_auxv_t elf_aux_entry; 69 #endif 70 71 typedef __typeof__(((elf_aux_entry*) 0)->a_un.a_val) elf_aux_val_t; 72 73 // When we find the VDSO mapping in the process's address space, this 74 // is the name we use for it when writing it to the minidump. 75 // This should always be less than NAME_MAX! 76 const char kLinuxGateLibraryName[] = "linux-gate.so"; 77 78 class LinuxDumper { 79 public: 80 // The |root_prefix| is prepended to mapping paths before opening them, which 81 // is useful if the crash originates from a chroot. 82 explicit LinuxDumper(pid_t pid, const char* root_prefix = ""); 83 84 virtual ~LinuxDumper(); 85 86 // Parse the data for |threads| and |mappings|. 87 virtual bool Init(); 88 89 // Take any actions that could not be taken in Init(). LateInit() is 90 // called after all other caller's initialization is complete, and in 91 // particular after it has called ThreadsSuspend(), so that ptrace is 92 // available. 93 virtual bool LateInit(); 94 95 // Return true if the dumper performs a post-mortem dump. 96 virtual bool IsPostMortem() const = 0; 97 98 // Suspend/resume all threads in the given process. 99 virtual bool ThreadsSuspend() = 0; 100 virtual bool ThreadsResume() = 0; 101 102 // Read information about the |index|-th thread of |threads_|. 103 // Returns true on success. One must have called |ThreadsSuspend| first. 104 virtual bool GetThreadInfoByIndex(size_t index, ThreadInfo* info) = 0; 105 GetMainThreadIndex()106 size_t GetMainThreadIndex() const { 107 for (size_t i = 0; i < threads_.size(); ++i) { 108 if (threads_[i] == pid_) return i; 109 } 110 return -1u; 111 } 112 113 // These are only valid after a call to |Init|. threads()114 const wasteful_vector<pid_t>& threads() { return threads_; } mappings()115 const wasteful_vector<MappingInfo*>& mappings() { return mappings_; } 116 const MappingInfo* FindMapping(const void* address) const; 117 // Find the mapping which the given memory address falls in. Unlike 118 // FindMapping, this method uses the unadjusted mapping address 119 // ranges from the kernel, rather than the ranges that have had the 120 // load bias applied. 121 const MappingInfo* FindMappingNoBias(uintptr_t address) const; auxv()122 const wasteful_vector<elf_aux_val_t>& auxv() { return auxv_; } 123 124 // Find a block of memory to take as the stack given the top of stack pointer. 125 // stack: (output) the lowest address in the memory area 126 // stack_len: (output) the length of the memory area 127 // stack_top: the current top of the stack 128 bool GetStackInfo(const void** stack, size_t* stack_len, uintptr_t stack_top); 129 130 // Sanitize a copy of the stack by overwriting words that are not 131 // pointers with a sentinel (0x0defaced). 132 // stack_copy: a copy of the stack to sanitize. |stack_copy| might 133 // not be word aligned, but it represents word aligned 134 // data copied from another location. 135 // stack_len: the length of the allocation pointed to by |stack_copy|. 136 // stack_pointer: the address of the stack pointer (used to locate 137 // the stack mapping, as an optimization). 138 // sp_offset: the offset relative to stack_copy that reflects the 139 // current value of the stack pointer. 140 void SanitizeStackCopy(uint8_t* stack_copy, size_t stack_len, 141 uintptr_t stack_pointer, uintptr_t sp_offset); 142 143 // Test whether |stack_copy| contains a pointer-aligned word that 144 // could be an address within a given mapping. 145 // stack_copy: a copy of the stack to check. |stack_copy| might 146 // not be word aligned, but it represents word aligned 147 // data copied from another location. 148 // stack_len: the length of the allocation pointed to by |stack_copy|. 149 // sp_offset: the offset relative to stack_copy that reflects the 150 // current value of the stack pointer. 151 // mapping: the mapping against which to test stack words. 152 bool StackHasPointerToMapping(const uint8_t* stack_copy, size_t stack_len, 153 uintptr_t sp_offset, 154 const MappingInfo& mapping); 155 allocator()156 PageAllocator* allocator() { return &allocator_; } 157 158 // Copy content of |length| bytes from a given process |child|, 159 // starting from |src|, into |dest|. Returns true on success. 160 virtual bool CopyFromProcess(void* dest, pid_t child, const void* src, 161 size_t length) = 0; 162 163 // Builds a proc path for a certain pid for a node (/proc/<pid>/<node>). 164 // |path| is a character array of at least NAME_MAX bytes to return the 165 // result.|node| is the final node without any slashes. Returns true on 166 // success. 167 virtual bool BuildProcPath(char* path, pid_t pid, const char* node) const = 0; 168 169 // Generate a File ID from the .text section of a mapped entry. 170 // If not a member, mapping_id is ignored. This method can also manipulate the 171 // |mapping|.name to truncate "(deleted)" from the file name if necessary. 172 bool ElfFileIdentifierForMapping(const MappingInfo& mapping, 173 bool member, 174 unsigned int mapping_id, 175 wasteful_vector<uint8_t>& identifier); 176 177 void SetCrashInfoFromSigInfo(const siginfo_t& siginfo); 178 crash_address()179 uintptr_t crash_address() const { return crash_address_; } set_crash_address(uintptr_t crash_address)180 void set_crash_address(uintptr_t crash_address) { 181 crash_address_ = crash_address; 182 } 183 crash_signal()184 int crash_signal() const { return crash_signal_; } set_crash_signal(int crash_signal)185 void set_crash_signal(int crash_signal) { crash_signal_ = crash_signal; } 186 const char* GetCrashSignalString() const; 187 set_crash_signal_code(int code)188 void set_crash_signal_code(int code) { crash_signal_code_ = code; } crash_signal_code()189 int crash_signal_code() const { return crash_signal_code_; } 190 set_crash_exception_info(const std::vector<uint64_t> & exception_info)191 void set_crash_exception_info(const std::vector<uint64_t>& exception_info) { 192 assert(exception_info.size() <= MD_EXCEPTION_MAXIMUM_PARAMETERS); 193 crash_exception_info_ = exception_info; 194 } crash_exception_info()195 const std::vector<uint64_t>& crash_exception_info() const { 196 return crash_exception_info_; 197 } 198 crash_thread()199 pid_t crash_thread() const { return crash_thread_; } set_crash_thread(pid_t crash_thread)200 void set_crash_thread(pid_t crash_thread) { crash_thread_ = crash_thread; } 201 202 // Concatenates the |root_prefix_| and |mapping| path. Writes into |path| and 203 // returns true unless the string is too long. 204 bool GetMappingAbsolutePath(const MappingInfo& mapping, 205 char path[PATH_MAX]) const; 206 207 // Extracts the effective path and file name of from |mapping|. In most cases 208 // the effective name/path are just the mapping's path and basename. In some 209 // other cases, however, a library can be mapped from an archive (e.g., when 210 // loading .so libs from an apk on Android) and this method is able to 211 // reconstruct the original file name. 212 void GetMappingEffectiveNameAndPath(const MappingInfo& mapping, 213 char* file_path, 214 size_t file_path_size, 215 char* file_name, 216 size_t file_name_size); 217 218 protected: 219 bool ReadAuxv(); 220 221 virtual bool EnumerateMappings(); 222 223 virtual bool EnumerateThreads() = 0; 224 225 // For the case where a running program has been deleted, it'll show up in 226 // /proc/pid/maps as "/path/to/program (deleted)". If this is the case, then 227 // see if '/path/to/program (deleted)' matches /proc/pid/exe and return 228 // /proc/pid/exe in |path| so ELF identifier generation works correctly. This 229 // also checks to see if '/path/to/program (deleted)' exists, so it does not 230 // get fooled by a poorly named binary. 231 // For programs that don't end with ' (deleted)', this is a no-op. 232 // This assumes |path| is a buffer with length NAME_MAX. 233 // Returns true if |path| is modified. 234 bool HandleDeletedFileInMapping(char* path) const; 235 236 // ID of the crashed process. 237 const pid_t pid_; 238 239 // Path of the root directory to which mapping paths are relative. 240 const char* const root_prefix_; 241 242 // Virtual address at which the process crashed. 243 uintptr_t crash_address_; 244 245 // Signal that terminated the crashed process. 246 int crash_signal_; 247 248 // The code associated with |crash_signal_|. 249 int crash_signal_code_; 250 251 // The additional fields associated with |crash_signal_|. 252 std::vector<uint64_t> crash_exception_info_; 253 254 // ID of the crashed thread. 255 pid_t crash_thread_; 256 257 mutable PageAllocator allocator_; 258 259 // IDs of all the threads. 260 wasteful_vector<pid_t> threads_; 261 262 // Info from /proc/<pid>/maps. 263 wasteful_vector<MappingInfo*> mappings_; 264 265 // Info from /proc/<pid>/auxv 266 wasteful_vector<elf_aux_val_t> auxv_; 267 268 #if defined(__ANDROID__) 269 private: 270 // Android M and later support packed ELF relocations in shared libraries. 271 // Packing relocations changes the vaddr of the LOAD segments, such that 272 // the effective load bias is no longer the same as the start address of 273 // the memory mapping containing the executable parts of the library. The 274 // packing is applied to the stripped library run on the target, but not to 275 // any other library, and in particular not to the library used to generate 276 // breakpad symbols. As a result, we need to adjust the |start_addr| for 277 // any mapping that results from a shared library that contains Android 278 // packed relocations, so that it properly represents the effective library 279 // load bias. The following functions support this adjustment. 280 281 // Check that a given mapping at |start_addr| is for an ELF shared library. 282 // If it is, place the ELF header in |ehdr| and return true. 283 // The first LOAD segment in an ELF shared library has offset zero, so the 284 // ELF file header is at the start of this map entry, and in already mapped 285 // memory. 286 bool GetLoadedElfHeader(uintptr_t start_addr, ElfW(Ehdr)* ehdr); 287 288 // For the ELF file mapped at |start_addr|, iterate ELF program headers to 289 // find the min vaddr of all program header LOAD segments, the vaddr for 290 // the DYNAMIC segment, and a count of DYNAMIC entries. Return values in 291 // |min_vaddr_ptr|, |dyn_vaddr_ptr|, and |dyn_count_ptr|. 292 // The program header table is also in already mapped memory. 293 void ParseLoadedElfProgramHeaders(ElfW(Ehdr)* ehdr, 294 uintptr_t start_addr, 295 uintptr_t* min_vaddr_ptr, 296 uintptr_t* dyn_vaddr_ptr, 297 size_t* dyn_count_ptr); 298 299 // Search the DYNAMIC tags for the ELF file with the given |load_bias|, and 300 // return true if the tags indicate that the file contains Android packed 301 // relocations. Dynamic tags are found at |dyn_vaddr| past the |load_bias|. 302 bool HasAndroidPackedRelocations(uintptr_t load_bias, 303 uintptr_t dyn_vaddr, 304 size_t dyn_count); 305 306 // If the ELF file mapped at |start_addr| contained Android packed 307 // relocations, return the load bias that the system linker (or Chromium 308 // crazy linker) will have used. If the file did not contain Android 309 // packed relocations, returns |start_addr|, indicating that no adjustment 310 // is necessary. 311 // The effective load bias is |start_addr| adjusted downwards by the 312 // min vaddr in the library LOAD segments. 313 uintptr_t GetEffectiveLoadBias(ElfW(Ehdr)* ehdr, uintptr_t start_addr); 314 315 // Called from LateInit(). Iterates |mappings_| and rewrites the |start_addr| 316 // field of any that represent ELF shared libraries with Android packed 317 // relocations, so that |start_addr| is the load bias that the system linker 318 // (or Chromium crazy linker) used. This value matches the addresses produced 319 // when the non-relocation-packed library is used for breakpad symbol 320 // generation. 321 void LatePostprocessMappings(); 322 #endif // __ANDROID__ 323 }; 324 325 } // namespace google_breakpad 326 327 #endif // CLIENT_LINUX_HANDLER_LINUX_DUMPER_H_ 328