r29 is the stack pointer on mips, but it's x2 on riscv64 (and the git
history shows that this was indeed copy & pasted from the mips code)
and since bionic always sets up a signal stack with sigaltstack() I
doubt the comment was relevant even on mips (but no-one ever used it,
so who'd know?).
While I'm here, stop using decimal arithmetic --- the whole point was to
have each register contain the value that was obviously appropriate for
that register. (riscv64's mips-like mess of registers all over the place
means that's not going to be super readable, but there's no reason to
make it worse.)
Also, even though I personally prefer the 0xdead from the old mips code,
everyone else is using 0xa5a5, so let's make riscv64 match the others.
Test: treehugger
Change-Id: Ibbae821bc0a02e07164147d621e342224528c2c9
This changes the crash export mechanism in Microdroid. For this, we
create module tombstone_handler which exports methods very similar to
tombstoned.h
For Microdroid (detected using prop: ro.hardware): It calls newly
introduces microdroid specific methods to connect/notify completion of
crash.
Individual methods:
connect -> For Android, it would connect to
tombstoned which would send it the fd corresponding to newly created
file on /data/tombstone_ . For Microdroid, we connect to tombstone
server on host via vsock & populate these sockets as the output fd.
crash_dump, in the later case, would directly write on the socket(s).
notify_completion: For Microdroid, it would simply shutdown the vsock
connections.
Note when OS is not Microdroid: It calls corresponding methods of
tombstoned_client, essentially serving as a proxy.
Detailed design: go/vm-tombstone
Test: atest MicrodroidHostTests#testTombstonesAreGeneratedUponUserspaceCrash
Bug: 243494912
Change-Id: I68537b967f2ee48c1647f0f923aa79e8bcc66942
When this was translated to riscv64, someone "fixed" the crashing bugs
that were the whole point of these two functions. Fix them back so they
actually crash, and add the CFI directives.
Test: treehugger
Change-Id: I312c51fa4c893d27b0f4e39383521657a5870a0d
They're the same script right now, but gdbclient.py is a bit misleading,
even if we're not likely to ever actually remove it.
Test: treehugger
Change-Id: Ic514f98bf13b3e699be4dbad2bafef22d41d9ffd
1. Fixes this test under clang coverage, which is run under presubmit
for TEST_MAPPING files. When we spawn under a minijail, and the
process exited normally (which is the case for recoverable), clang
coverage would use atexit handlers to dump some stuff using banned
prctl's and other syscalls. Instead of allow-listing them all which
sounds like a huge pain, call _exit() which skips those handlers.
2. Extends the invariant testing to make sure that recoverable GWP-ASan
recovers both the first time, and a second time in a different slot.
Bug: N/A
Test: CLANG_COVERAGE=true NATIVE_COVERAGE_PATHS="*" atest debuggerd_test
Change-Id: I6059e21db4c2898b1c9777a00d2a54497d80ef79
Currently, debuggerd tells the teacher that an app that received a fatal
signal. On the playground, dobbing on a process that doesn't actually
need to be killed is considered a friendship-ending move.
Because recoverable GWP-ASan is *supposed* to not crash your app,
suppress this behaviour and don't let ActivityManager know about the
crash.
Bug: N/A
Test: Run a use-after-free in an app that's using recoverable GWP-ASan,
through the 'libc.debug.gwp_asan.recoverable.<app_name>=1' and
'libc.debug.gwp_asan.process_sampling.<app_name>=1' sysprops.
Change-Id: I033ea67d577573df10936e37db7302d4f4bc0069
Recoverable GWP-ASan is a mode landed upstream in
https://reviews.llvm.org/D140173. For more information about why/what it
is, see
https://android-review.git.corp.google.com/c/platform/bionic/+/2394588.
This patch makes debuggerd call the required libc callbacks for GWP-ASan
to recover from the memory corruption. It also adds the functionality
that libart/sigchain eventually ends up calling, which dumps a GWP-ASan
report for the first error encountered.
Test: Build the platform, run sanitizer-status in recoverable mode,
asserting that it doesn't crash but we get a debuggerd report.
Bug: 247012630
Change-Id: I27212f7250844c20a8fd1e961417cdb4e5bd3626
When moving to a proto tombstone, backtraces no longer contain
an offset when a frame is in a shared library from an apk.
Add the offset display again if needed, and add a test to
verify this behavior.
Bug: 267341682
Test: All unit tests pass.
Test: Dumped a process running through an apk to verify the offset
Test: is present.
Change-Id: Ib720ccb5bfcc8531d1e407f3d01817e8a0b9128c
An early return out of this function makes it harder to add new prints
after the memory maps.
Test: m, flash, look at tombstone
Change-Id: Id06e432918d69ac3307761b244473b6b7ab769e8
GWP-ASan changed one of the APIs upstream to now take the fault address
as well. This is to support the recoverable mode.
Add the fault address as well.
Test: gwp_asan_unittest
Bug: N/A
Change-Id: I8a4edd3fad159d91cc036050d330bbb8f9c8d435
This is a no-op but will be used in upcoming scudo changes that allow to
change the buffer size at process startup time, and as such we will no
longer be able to call __scudo_get_ring_buffer_size in debuggerd.
Bug: 263287052
Change-Id: I350421d1fcdf22ce3b8b73780b88c1e10fa8a074
The current logging...
```
F libc : Fatal signal 31 (SIGSYS), code 1 (SYS_SECCOMP) in tid 6640 (logcat), pid 6640 (logcat)
```
...isn't super useful if crash_dump then fails, because you have no idea
what syscall caused the problem.
We already include the fault address in this line for relevant cases,
so include the syscall number in this case.
Bug: http://b/262391724
Test: treehugger
Change-Id: I45ad7d99c9904bab32b65efeb19be232e59ab3a4
* Intentional crash test code with null/free/escape warnings.
Test: make tidy-system-core-debuggerd_subset
Change-Id: Ib1255c17a374729c82aa246c6a59156dbc4e1b77
The long term plan is to completely remove tombstoned from microdroid (b/243494912), however it might take time some time to implement it.
In the meantime, we've recently removed cgroups support from the microdroid kernel. This means that starting a tombstoned results in a bunch of non-fatal errors in the logs that are related to the fact that tombstoned service specifies task_profiles.
To get rid of these error messages we temporary add a microdroid variant of the tombstoned (tombstoned.microdroid) that doesn't specify task_profiles.
Bug: 239367015
Test: microdroid presubmit
Change-Id: Ia7d37ede2276790008702e48fdfaf37f4c1fd251
Fixes
```
out/soong/installs-aosp_riscv64.mk:56833: error: overriding commands for target `out/target/product/generic_riscv64/system/etc/seccomp_policy/crash_dump.riscv64.policy', previously defined at out/soong/installs-aosp_riscv64.mk:56829
```
Test: m
Change-Id: I78a1c6b10dac2da704515f33b492ff37cc086dd6
The use of __builtin_abort in CrasherTest::Trap breaks with
-ftrap-function=abort, because then the argument of Trap is no longer in
the first argument register at the time of crash.
This flag is added when *any* sanitizer is enabled on the target, even harmless
ones like memtag-heap. See sanitize.go:769.
Fix CrasherTest::Trap to be a little more reliable.
Test: debuggerd_test with SANITIZE_TARGET=memtag_heap
Change-Id: I150f1c0355bd6f2bfabfa5a7bba125acdde1120e
Signed-off-by: Liu Cunyuan <liucunyuan.lcy@linux.alibaba.com>
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Change-Id: Ie22c2895fc30fab68eddc18713c80e403f44b203
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Change-Id: Ie58bd7cf5dde792d8fba78602b5f53471752ab24
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Change-Id: I521c6da61cf2f6f67a73febf368068c430d94cdb
