// Copyright (c) 2010, Google Inc. // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are // met: // // * Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // * Redistributions in binary form must reproduce the above // copyright notice, this list of conditions and the following disclaimer // in the documentation and/or other materials provided with the // distribution. // * Neither the name of Google Inc. nor the names of its // contributors may be used to endorse or promote products derived from // this software without specific prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // This code writes out minidump files: // http://msdn.microsoft.com/en-us/library/ms680378(VS.85,loband).aspx // // Minidumps are a Microsoft format which Breakpad uses for recording crash // dumps. This code has to run in a compromised environment (the address space // may have received SIGSEGV), thus the following rules apply: // * You may not enter the dynamic linker. This means that we cannot call // any symbols in a shared library (inc libc). Because of this we replace // libc functions in linux_libc_support.h. // * You may not call syscalls via the libc wrappers. This rule is a subset // of the first rule but it bears repeating. We have direct wrappers // around the system calls in linux_syscall_support.h. // * You may not malloc. There's an alternative allocator in memory.h and // a canonical instance in the LinuxDumper object. We use the placement // new form to allocate objects and we don't delete them. #include "client/linux/handler/minidump_descriptor.h" #include "client/linux/minidump_writer/minidump_writer.h" #include "client/minidump_file_writer-inl.h" #include <ctype.h> #include <errno.h> #include <fcntl.h> #include <link.h> #include <stdio.h> #if defined(__ANDROID__) #include <sys/system_properties.h> #endif #include <sys/types.h> #include <sys/ucontext.h> #include <sys/user.h> #include <sys/utsname.h> #include <time.h> #include <unistd.h> #include <algorithm> #include "client/linux/dump_writer_common/seccomp_unwinder.h" #include "client/linux/dump_writer_common/thread_info.h" #include "client/linux/dump_writer_common/ucontext_reader.h" #include "client/linux/handler/exception_handler.h" #include "client/linux/minidump_writer/cpu_set.h" #include "client/linux/minidump_writer/line_reader.h" #include "client/linux/minidump_writer/linux_dumper.h" #include "client/linux/minidump_writer/linux_ptrace_dumper.h" #include "client/linux/minidump_writer/proc_cpuinfo_reader.h" #include "client/minidump_file_writer.h" #include "common/linux/linux_libc_support.h" #include "common/minidump_type_helper.h" #include "google_breakpad/common/minidump_format.h" #include "third_party/lss/linux_syscall_support.h" namespace { using google_breakpad::AppMemoryList; using google_breakpad::ExceptionHandler; using google_breakpad::CpuSet; using google_breakpad::LineReader; using google_breakpad::LinuxDumper; using google_breakpad::LinuxPtraceDumper; using google_breakpad::MDTypeHelper; using google_breakpad::MappingEntry; using google_breakpad::MappingInfo; using google_breakpad::MappingList; using google_breakpad::MinidumpFileWriter; using google_breakpad::PageAllocator; using google_breakpad::ProcCpuInfoReader; using google_breakpad::RawContextCPU; using google_breakpad::SeccompUnwinder; using google_breakpad::ThreadInfo; using google_breakpad::TypedMDRVA; using google_breakpad::UContextReader; using google_breakpad::UntypedMDRVA; using google_breakpad::wasteful_vector; typedef MDTypeHelper<sizeof(void*)>::MDRawDebug MDRawDebug; typedef MDTypeHelper<sizeof(void*)>::MDRawLinkMap MDRawLinkMap; class MinidumpWriter { public: // The following kLimit* constants are for when minidump_size_limit_ is set // and the minidump size might exceed it. // // Estimate for how big each thread's stack will be (in bytes). static const unsigned kLimitAverageThreadStackLength = 8 * 1024; // Number of threads whose stack size we don't want to limit. These base // threads will simply be the first N threads returned by the dumper (although // the crashing thread will never be limited). Threads beyond this count are // the extra threads. static const unsigned kLimitBaseThreadCount = 20; // Maximum stack size to dump for any extra thread (in bytes). static const unsigned kLimitMaxExtraThreadStackLen = 2 * 1024; // Make sure this number of additional bytes can fit in the minidump // (exclude the stack data). static const unsigned kLimitMinidumpFudgeFactor = 64 * 1024; MinidumpWriter(const char* minidump_path, int minidump_fd, const ExceptionHandler::CrashContext* context, const MappingList& mappings, const AppMemoryList& appmem, LinuxDumper* dumper) : fd_(minidump_fd), path_(minidump_path), ucontext_(context ? &context->context : NULL), #if !defined(__ARM_EABI__) && !defined(__mips__) float_state_(context ? &context->float_state : NULL), #endif dumper_(dumper), minidump_size_limit_(-1), memory_blocks_(dumper_->allocator()), mapping_list_(mappings), app_memory_list_(appmem) { // Assert there should be either a valid fd or a valid path, not both. assert(fd_ != -1 || minidump_path); assert(fd_ == -1 || !minidump_path); } bool Init() { if (!dumper_->Init()) return false; if (fd_ != -1) minidump_writer_.SetFile(fd_); else if (!minidump_writer_.Open(path_)) return false; return dumper_->ThreadsSuspend(); } ~MinidumpWriter() { // Don't close the file descriptor when it's been provided explicitly. // Callers might still need to use it. if (fd_ == -1) minidump_writer_.Close(); dumper_->ThreadsResume(); } bool Dump() { // A minidump file contains a number of tagged streams. This is the number // of stream which we write. unsigned kNumWriters = 13; TypedMDRVA<MDRawHeader> header(&minidump_writer_); TypedMDRVA<MDRawDirectory> dir(&minidump_writer_); if (!header.Allocate()) return false; if (!dir.AllocateArray(kNumWriters)) return false; my_memset(header.get(), 0, sizeof(MDRawHeader)); header.get()->signature = MD_HEADER_SIGNATURE; header.get()->version = MD_HEADER_VERSION; header.get()->time_date_stamp = time(NULL); header.get()->stream_count = kNumWriters; header.get()->stream_directory_rva = dir.position(); unsigned dir_index = 0; MDRawDirectory dirent; if (!WriteThreadListStream(&dirent)) return false; dir.CopyIndex(dir_index++, &dirent); if (!WriteMappings(&dirent)) return false; dir.CopyIndex(dir_index++, &dirent); if (!WriteAppMemory()) return false; if (!WriteMemoryListStream(&dirent)) return false; dir.CopyIndex(dir_index++, &dirent); if (!WriteExceptionStream(&dirent)) return false; dir.CopyIndex(dir_index++, &dirent); if (!WriteSystemInfoStream(&dirent)) return false; dir.CopyIndex(dir_index++, &dirent); dirent.stream_type = MD_LINUX_CPU_INFO; if (!WriteFile(&dirent.location, "/proc/cpuinfo")) NullifyDirectoryEntry(&dirent); dir.CopyIndex(dir_index++, &dirent); dirent.stream_type = MD_LINUX_PROC_STATUS; if (!WriteProcFile(&dirent.location, GetCrashThread(), "status")) NullifyDirectoryEntry(&dirent); dir.CopyIndex(dir_index++, &dirent); dirent.stream_type = MD_LINUX_LSB_RELEASE; if (!WriteFile(&dirent.location, "/etc/lsb-release")) NullifyDirectoryEntry(&dirent); dir.CopyIndex(dir_index++, &dirent); dirent.stream_type = MD_LINUX_CMD_LINE; if (!WriteProcFile(&dirent.location, GetCrashThread(), "cmdline")) NullifyDirectoryEntry(&dirent); dir.CopyIndex(dir_index++, &dirent); dirent.stream_type = MD_LINUX_ENVIRON; if (!WriteProcFile(&dirent.location, GetCrashThread(), "environ")) NullifyDirectoryEntry(&dirent); dir.CopyIndex(dir_index++, &dirent); dirent.stream_type = MD_LINUX_AUXV; if (!WriteProcFile(&dirent.location, GetCrashThread(), "auxv")) NullifyDirectoryEntry(&dirent); dir.CopyIndex(dir_index++, &dirent); dirent.stream_type = MD_LINUX_MAPS; if (!WriteProcFile(&dirent.location, GetCrashThread(), "maps")) NullifyDirectoryEntry(&dirent); dir.CopyIndex(dir_index++, &dirent); dirent.stream_type = MD_LINUX_DSO_DEBUG; if (!WriteDSODebugStream(&dirent)) NullifyDirectoryEntry(&dirent); dir.CopyIndex(dir_index++, &dirent); // If you add more directory entries, don't forget to update kNumWriters, // above. dumper_->ThreadsResume(); return true; } bool FillThreadStack(MDRawThread* thread, uintptr_t stack_pointer, int max_stack_len, uint8_t** stack_copy) { *stack_copy = NULL; const void* stack; size_t stack_len; if (dumper_->GetStackInfo(&stack, &stack_len, stack_pointer)) { UntypedMDRVA memory(&minidump_writer_); if (max_stack_len >= 0 && stack_len > static_cast<unsigned int>(max_stack_len)) { stack_len = max_stack_len; } if (!memory.Allocate(stack_len)) return false; *stack_copy = reinterpret_cast<uint8_t*>(Alloc(stack_len)); dumper_->CopyFromProcess(*stack_copy, thread->thread_id, stack, stack_len); memory.Copy(*stack_copy, stack_len); thread->stack.start_of_memory_range = reinterpret_cast<uintptr_t>(stack); thread->stack.memory = memory.location(); memory_blocks_.push_back(thread->stack); } else { thread->stack.start_of_memory_range = stack_pointer; thread->stack.memory.data_size = 0; thread->stack.memory.rva = minidump_writer_.position(); } return true; } // Write information about the threads. bool WriteThreadListStream(MDRawDirectory* dirent) { const unsigned num_threads = dumper_->threads().size(); TypedMDRVA<uint32_t> list(&minidump_writer_); if (!list.AllocateObjectAndArray(num_threads, sizeof(MDRawThread))) return false; dirent->stream_type = MD_THREAD_LIST_STREAM; dirent->location = list.location(); *list.get() = num_threads; // If there's a minidump size limit, check if it might be exceeded. Since // most of the space is filled with stack data, just check against that. // If this expects to exceed the limit, set extra_thread_stack_len such // that any thread beyond the first kLimitBaseThreadCount threads will // have only kLimitMaxExtraThreadStackLen bytes dumped. int extra_thread_stack_len = -1; // default to no maximum if (minidump_size_limit_ >= 0) { const unsigned estimated_total_stack_size = num_threads * kLimitAverageThreadStackLength; const off_t estimated_minidump_size = minidump_writer_.position() + estimated_total_stack_size + kLimitMinidumpFudgeFactor; if (estimated_minidump_size > minidump_size_limit_) extra_thread_stack_len = kLimitMaxExtraThreadStackLen; } for (unsigned i = 0; i < num_threads; ++i) { MDRawThread thread; my_memset(&thread, 0, sizeof(thread)); thread.thread_id = dumper_->threads()[i]; // We have a different source of information for the crashing thread. If // we used the actual state of the thread we would find it running in the // signal handler with the alternative stack, which would be deeply // unhelpful. if (static_cast<pid_t>(thread.thread_id) == GetCrashThread() && ucontext_ && !dumper_->IsPostMortem()) { uint8_t* stack_copy; const uintptr_t stack_ptr = UContextReader::GetStackPointer(ucontext_); if (!FillThreadStack(&thread, stack_ptr, -1, &stack_copy)) return false; // Copy 256 bytes around crashing instruction pointer to minidump. const size_t kIPMemorySize = 256; uint64_t ip = UContextReader::GetInstructionPointer(ucontext_); // Bound it to the upper and lower bounds of the memory map // it's contained within. If it's not in mapped memory, // don't bother trying to write it. bool ip_is_mapped = false; MDMemoryDescriptor ip_memory_d; for (unsigned j = 0; j < dumper_->mappings().size(); ++j) { const MappingInfo& mapping = *dumper_->mappings()[j]; if (ip >= mapping.start_addr && ip < mapping.start_addr + mapping.size) { ip_is_mapped = true; // Try to get 128 bytes before and after the IP, but // settle for whatever's available. ip_memory_d.start_of_memory_range = std::max(mapping.start_addr, uintptr_t(ip - (kIPMemorySize / 2))); uintptr_t end_of_range = std::min(uintptr_t(ip + (kIPMemorySize / 2)), uintptr_t(mapping.start_addr + mapping.size)); ip_memory_d.memory.data_size = end_of_range - ip_memory_d.start_of_memory_range; break; } } if (ip_is_mapped) { UntypedMDRVA ip_memory(&minidump_writer_); if (!ip_memory.Allocate(ip_memory_d.memory.data_size)) return false; uint8_t* memory_copy = reinterpret_cast<uint8_t*>(Alloc(ip_memory_d.memory.data_size)); dumper_->CopyFromProcess( memory_copy, thread.thread_id, reinterpret_cast<void*>(ip_memory_d.start_of_memory_range), ip_memory_d.memory.data_size); ip_memory.Copy(memory_copy, ip_memory_d.memory.data_size); ip_memory_d.memory = ip_memory.location(); memory_blocks_.push_back(ip_memory_d); } TypedMDRVA<RawContextCPU> cpu(&minidump_writer_); if (!cpu.Allocate()) return false; my_memset(cpu.get(), 0, sizeof(RawContextCPU)); #if !defined(__ARM_EABI__) && !defined(__mips__) UContextReader::FillCPUContext(cpu.get(), ucontext_, float_state_); #else UContextReader::FillCPUContext(cpu.get(), ucontext_); #endif if (stack_copy) SeccompUnwinder::PopSeccompStackFrame(cpu.get(), thread, stack_copy); thread.thread_context = cpu.location(); crashing_thread_context_ = cpu.location(); } else { ThreadInfo info; if (!dumper_->GetThreadInfoByIndex(i, &info)) return false; uint8_t* stack_copy; int max_stack_len = -1; // default to no maximum for this thread if (minidump_size_limit_ >= 0 && i >= kLimitBaseThreadCount) max_stack_len = extra_thread_stack_len; if (!FillThreadStack(&thread, info.stack_pointer, max_stack_len, &stack_copy)) return false; TypedMDRVA<RawContextCPU> cpu(&minidump_writer_); if (!cpu.Allocate()) return false; my_memset(cpu.get(), 0, sizeof(RawContextCPU)); info.FillCPUContext(cpu.get()); if (stack_copy) SeccompUnwinder::PopSeccompStackFrame(cpu.get(), thread, stack_copy); thread.thread_context = cpu.location(); if (dumper_->threads()[i] == GetCrashThread()) { crashing_thread_context_ = cpu.location(); if (!dumper_->IsPostMortem()) { // This is the crashing thread of a live process, but // no context was provided, so set the crash address // while the instruction pointer is already here. dumper_->set_crash_address(info.GetInstructionPointer()); } } } list.CopyIndexAfterObject(i, &thread, sizeof(thread)); } return true; } // Write application-provided memory regions. bool WriteAppMemory() { for (AppMemoryList::const_iterator iter = app_memory_list_.begin(); iter != app_memory_list_.end(); ++iter) { uint8_t* data_copy = reinterpret_cast<uint8_t*>(dumper_->allocator()->Alloc(iter->length)); dumper_->CopyFromProcess(data_copy, GetCrashThread(), iter->ptr, iter->length); UntypedMDRVA memory(&minidump_writer_); if (!memory.Allocate(iter->length)) { return false; } memory.Copy(data_copy, iter->length); MDMemoryDescriptor desc; desc.start_of_memory_range = reinterpret_cast<uintptr_t>(iter->ptr); desc.memory = memory.location(); memory_blocks_.push_back(desc); } return true; } static bool ShouldIncludeMapping(const MappingInfo& mapping) { if (mapping.name[0] == 0 || // only want modules with filenames. // Only want to include one mapping per shared lib. // Avoid filtering executable mappings. (mapping.offset != 0 && !mapping.exec) || mapping.size < 4096) { // too small to get a signature for. return false; } return true; } // If there is caller-provided information about this mapping // in the mapping_list_ list, return true. Otherwise, return false. bool HaveMappingInfo(const MappingInfo& mapping) { for (MappingList::const_iterator iter = mapping_list_.begin(); iter != mapping_list_.end(); ++iter) { // Ignore any mappings that are wholly contained within // mappings in the mapping_info_ list. if (mapping.start_addr >= iter->first.start_addr && (mapping.start_addr + mapping.size) <= (iter->first.start_addr + iter->first.size)) { return true; } } return false; } // Write information about the mappings in effect. Because we are using the // minidump format, the information about the mappings is pretty limited. // Because of this, we also include the full, unparsed, /proc/$x/maps file in // another stream in the file. bool WriteMappings(MDRawDirectory* dirent) { const unsigned num_mappings = dumper_->mappings().size(); unsigned num_output_mappings = mapping_list_.size(); for (unsigned i = 0; i < dumper_->mappings().size(); ++i) { const MappingInfo& mapping = *dumper_->mappings()[i]; if (ShouldIncludeMapping(mapping) && !HaveMappingInfo(mapping)) num_output_mappings++; } TypedMDRVA<uint32_t> list(&minidump_writer_); if (num_output_mappings) { if (!list.AllocateObjectAndArray(num_output_mappings, MD_MODULE_SIZE)) return false; } else { // Still create the module list stream, although it will have zero // modules. if (!list.Allocate()) return false; } dirent->stream_type = MD_MODULE_LIST_STREAM; dirent->location = list.location(); *list.get() = num_output_mappings; // First write all the mappings from the dumper unsigned int j = 0; for (unsigned i = 0; i < num_mappings; ++i) { const MappingInfo& mapping = *dumper_->mappings()[i]; if (!ShouldIncludeMapping(mapping) || HaveMappingInfo(mapping)) continue; MDRawModule mod; if (!FillRawModule(mapping, true, i, mod, NULL)) return false; list.CopyIndexAfterObject(j++, &mod, MD_MODULE_SIZE); } // Next write all the mappings provided by the caller for (MappingList::const_iterator iter = mapping_list_.begin(); iter != mapping_list_.end(); ++iter) { MDRawModule mod; if (!FillRawModule(iter->first, false, 0, mod, iter->second)) return false; list.CopyIndexAfterObject(j++, &mod, MD_MODULE_SIZE); } return true; } // Fill the MDRawModule |mod| with information about the provided // |mapping|. If |identifier| is non-NULL, use it instead of calculating // a file ID from the mapping. bool FillRawModule(const MappingInfo& mapping, bool member, unsigned int mapping_id, MDRawModule& mod, const uint8_t* identifier) { my_memset(&mod, 0, MD_MODULE_SIZE); mod.base_of_image = mapping.start_addr; mod.size_of_image = mapping.size; uint8_t cv_buf[MDCVInfoPDB70_minsize + NAME_MAX]; uint8_t* cv_ptr = cv_buf; const uint32_t cv_signature = MD_CVINFOPDB70_SIGNATURE; my_memcpy(cv_ptr, &cv_signature, sizeof(cv_signature)); cv_ptr += sizeof(cv_signature); uint8_t* signature = cv_ptr; cv_ptr += sizeof(MDGUID); if (identifier) { // GUID was provided by caller. my_memcpy(signature, identifier, sizeof(MDGUID)); } else { // Note: ElfFileIdentifierForMapping() can manipulate the |mapping.name|. dumper_->ElfFileIdentifierForMapping(mapping, member, mapping_id, signature); } my_memset(cv_ptr, 0, sizeof(uint32_t)); // Set age to 0 on Linux. cv_ptr += sizeof(uint32_t); char file_name[NAME_MAX]; char file_path[NAME_MAX]; LinuxDumper::GetMappingEffectiveNameAndPath( mapping, file_path, sizeof(file_path), file_name, sizeof(file_name)); const size_t file_name_len = my_strlen(file_name); UntypedMDRVA cv(&minidump_writer_); if (!cv.Allocate(MDCVInfoPDB70_minsize + file_name_len + 1)) return false; // Write pdb_file_name my_memcpy(cv_ptr, file_name, file_name_len + 1); cv.Copy(cv_buf, MDCVInfoPDB70_minsize + file_name_len + 1); mod.cv_record = cv.location(); MDLocationDescriptor ld; if (!minidump_writer_.WriteString(file_path, my_strlen(file_path), &ld)) return false; mod.module_name_rva = ld.rva; return true; } bool WriteMemoryListStream(MDRawDirectory* dirent) { TypedMDRVA<uint32_t> list(&minidump_writer_); if (memory_blocks_.size()) { if (!list.AllocateObjectAndArray(memory_blocks_.size(), sizeof(MDMemoryDescriptor))) return false; } else { // Still create the memory list stream, although it will have zero // memory blocks. if (!list.Allocate()) return false; } dirent->stream_type = MD_MEMORY_LIST_STREAM; dirent->location = list.location(); *list.get() = memory_blocks_.size(); for (size_t i = 0; i < memory_blocks_.size(); ++i) { list.CopyIndexAfterObject(i, &memory_blocks_[i], sizeof(MDMemoryDescriptor)); } return true; } bool WriteExceptionStream(MDRawDirectory* dirent) { TypedMDRVA<MDRawExceptionStream> exc(&minidump_writer_); if (!exc.Allocate()) return false; my_memset(exc.get(), 0, sizeof(MDRawExceptionStream)); dirent->stream_type = MD_EXCEPTION_STREAM; dirent->location = exc.location(); exc.get()->thread_id = GetCrashThread(); exc.get()->exception_record.exception_code = dumper_->crash_signal(); exc.get()->exception_record.exception_address = dumper_->crash_address(); exc.get()->thread_context = crashing_thread_context_; return true; } bool WriteSystemInfoStream(MDRawDirectory* dirent) { TypedMDRVA<MDRawSystemInfo> si(&minidump_writer_); if (!si.Allocate()) return false; my_memset(si.get(), 0, sizeof(MDRawSystemInfo)); dirent->stream_type = MD_SYSTEM_INFO_STREAM; dirent->location = si.location(); WriteCPUInformation(si.get()); WriteOSInformation(si.get()); return true; } bool WriteDSODebugStream(MDRawDirectory* dirent) { ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr) *>(dumper_->auxv()[AT_PHDR]); char* base; int phnum = dumper_->auxv()[AT_PHNUM]; if (!phnum || !phdr) return false; // Assume the program base is at the beginning of the same page as the PHDR base = reinterpret_cast<char *>(reinterpret_cast<uintptr_t>(phdr) & ~0xfff); // Search for the program PT_DYNAMIC segment ElfW(Addr) dyn_addr = 0; for (; phnum >= 0; phnum--, phdr++) { ElfW(Phdr) ph; if (!dumper_->CopyFromProcess(&ph, GetCrashThread(), phdr, sizeof(ph))) return false; // Adjust base address with the virtual address of the PT_LOAD segment // corresponding to offset 0 if (ph.p_type == PT_LOAD && ph.p_offset == 0) { base -= ph.p_vaddr; } if (ph.p_type == PT_DYNAMIC) { dyn_addr = ph.p_vaddr; } } if (!dyn_addr) return false; ElfW(Dyn) *dynamic = reinterpret_cast<ElfW(Dyn) *>(dyn_addr + base); // The dynamic linker makes information available that helps gdb find all // DSOs loaded into the program. If this information is indeed available, // dump it to a MD_LINUX_DSO_DEBUG stream. struct r_debug* r_debug = NULL; uint32_t dynamic_length = 0; for (int i = 0; ; ++i) { ElfW(Dyn) dyn; dynamic_length += sizeof(dyn); if (!dumper_->CopyFromProcess(&dyn, GetCrashThread(), dynamic + i, sizeof(dyn))) { return false; } if (dyn.d_tag == DT_DEBUG) { r_debug = reinterpret_cast<struct r_debug*>(dyn.d_un.d_ptr); continue; } else if (dyn.d_tag == DT_NULL) { break; } } // The "r_map" field of that r_debug struct contains a linked list of all // loaded DSOs. // Our list of DSOs potentially is different from the ones in the crashing // process. So, we have to be careful to never dereference pointers // directly. Instead, we use CopyFromProcess() everywhere. // See <link.h> for a more detailed discussion of the how the dynamic // loader communicates with debuggers. // Count the number of loaded DSOs int dso_count = 0; struct r_debug debug_entry; if (!dumper_->CopyFromProcess(&debug_entry, GetCrashThread(), r_debug, sizeof(debug_entry))) { return false; } for (struct link_map* ptr = debug_entry.r_map; ptr; ) { struct link_map map; if (!dumper_->CopyFromProcess(&map, GetCrashThread(), ptr, sizeof(map))) return false; ptr = map.l_next; dso_count++; } MDRVA linkmap_rva = minidump_writer_.kInvalidMDRVA; if (dso_count > 0) { // If we have at least one DSO, create an array of MDRawLinkMap // entries in the minidump file. TypedMDRVA<MDRawLinkMap> linkmap(&minidump_writer_); if (!linkmap.AllocateArray(dso_count)) return false; linkmap_rva = linkmap.location().rva; int idx = 0; // Iterate over DSOs and write their information to mini dump for (struct link_map* ptr = debug_entry.r_map; ptr; ) { struct link_map map; if (!dumper_->CopyFromProcess(&map, GetCrashThread(), ptr, sizeof(map))) return false; ptr = map.l_next; char filename[257] = { 0 }; if (map.l_name) { dumper_->CopyFromProcess(filename, GetCrashThread(), map.l_name, sizeof(filename) - 1); } MDLocationDescriptor location; if (!minidump_writer_.WriteString(filename, 0, &location)) return false; MDRawLinkMap entry; entry.name = location.rva; entry.addr = map.l_addr; entry.ld = reinterpret_cast<uintptr_t>(map.l_ld); linkmap.CopyIndex(idx++, &entry); } } // Write MD_LINUX_DSO_DEBUG record TypedMDRVA<MDRawDebug> debug(&minidump_writer_); if (!debug.AllocateObjectAndArray(1, dynamic_length)) return false; my_memset(debug.get(), 0, sizeof(MDRawDebug)); dirent->stream_type = MD_LINUX_DSO_DEBUG; dirent->location = debug.location(); debug.get()->version = debug_entry.r_version; debug.get()->map = linkmap_rva; debug.get()->dso_count = dso_count; debug.get()->brk = debug_entry.r_brk; debug.get()->ldbase = debug_entry.r_ldbase; debug.get()->dynamic = reinterpret_cast<uintptr_t>(dynamic); wasteful_vector<char> dso_debug_data(dumper_->allocator(), dynamic_length); // The passed-in size to the constructor (above) is only a hint. // Must call .resize() to do actual initialization of the elements. dso_debug_data.resize(dynamic_length); dumper_->CopyFromProcess(&dso_debug_data[0], GetCrashThread(), dynamic, dynamic_length); debug.CopyIndexAfterObject(0, &dso_debug_data[0], dynamic_length); return true; } void set_minidump_size_limit(off_t limit) { minidump_size_limit_ = limit; } private: void* Alloc(unsigned bytes) { return dumper_->allocator()->Alloc(bytes); } pid_t GetCrashThread() const { return dumper_->crash_thread(); } void NullifyDirectoryEntry(MDRawDirectory* dirent) { dirent->stream_type = 0; dirent->location.data_size = 0; dirent->location.rva = 0; } #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) bool WriteCPUInformation(MDRawSystemInfo* sys_info) { char vendor_id[sizeof(sys_info->cpu.x86_cpu_info.vendor_id) + 1] = {0}; static const char vendor_id_name[] = "vendor_id"; struct CpuInfoEntry { const char* info_name; int value; bool found; } cpu_info_table[] = { { "processor", -1, false }, #if defined(__i386__) || defined(__x86_64__) { "model", 0, false }, { "stepping", 0, false }, { "cpu family", 0, false }, #endif }; // processor_architecture should always be set, do this first sys_info->processor_architecture = #if defined(__mips__) MD_CPU_ARCHITECTURE_MIPS; #elif defined(__i386__) MD_CPU_ARCHITECTURE_X86; #else MD_CPU_ARCHITECTURE_AMD64; #endif const int fd = sys_open("/proc/cpuinfo", O_RDONLY, 0); if (fd < 0) return false; { PageAllocator allocator; ProcCpuInfoReader* const reader = new(allocator) ProcCpuInfoReader(fd); const char* field; while (reader->GetNextField(&field)) { for (size_t i = 0; i < sizeof(cpu_info_table) / sizeof(cpu_info_table[0]); i++) { CpuInfoEntry* entry = &cpu_info_table[i]; if (i > 0 && entry->found) { // except for the 'processor' field, ignore repeated values. continue; } if (!my_strcmp(field, entry->info_name)) { size_t value_len; const char* value = reader->GetValueAndLen(&value_len); if (value_len == 0) continue; uintptr_t val; if (my_read_decimal_ptr(&val, value) == value) continue; entry->value = static_cast<int>(val); entry->found = true; } } // special case for vendor_id if (!my_strcmp(field, vendor_id_name)) { size_t value_len; const char* value = reader->GetValueAndLen(&value_len); if (value_len > 0) my_strlcpy(vendor_id, value, sizeof(vendor_id)); } } sys_close(fd); } // make sure we got everything we wanted for (size_t i = 0; i < sizeof(cpu_info_table) / sizeof(cpu_info_table[0]); i++) { if (!cpu_info_table[i].found) { return false; } } // cpu_info_table[0] holds the last cpu id listed in /proc/cpuinfo, // assuming this is the highest id, change it to the number of CPUs // by adding one. cpu_info_table[0].value++; sys_info->number_of_processors = cpu_info_table[0].value; #if defined(__i386__) || defined(__x86_64__) sys_info->processor_level = cpu_info_table[3].value; sys_info->processor_revision = cpu_info_table[1].value << 8 | cpu_info_table[2].value; #endif if (vendor_id[0] != '\0') { my_memcpy(sys_info->cpu.x86_cpu_info.vendor_id, vendor_id, sizeof(sys_info->cpu.x86_cpu_info.vendor_id)); } return true; } #elif defined(__arm__) || defined(__aarch64__) bool WriteCPUInformation(MDRawSystemInfo* sys_info) { // The CPUID value is broken up in several entries in /proc/cpuinfo. // This table is used to rebuild it from the entries. const struct CpuIdEntry { const char* field; char format; char bit_lshift; char bit_length; } cpu_id_entries[] = { { "CPU implementer", 'x', 24, 8 }, { "CPU variant", 'x', 20, 4 }, { "CPU part", 'x', 4, 12 }, { "CPU revision", 'd', 0, 4 }, }; // The ELF hwcaps are listed in the "Features" entry as textual tags. // This table is used to rebuild them. const struct CpuFeaturesEntry { const char* tag; uint32_t hwcaps; } cpu_features_entries[] = { #if defined(__arm__) { "swp", MD_CPU_ARM_ELF_HWCAP_SWP }, { "half", MD_CPU_ARM_ELF_HWCAP_HALF }, { "thumb", MD_CPU_ARM_ELF_HWCAP_THUMB }, { "26bit", MD_CPU_ARM_ELF_HWCAP_26BIT }, { "fastmult", MD_CPU_ARM_ELF_HWCAP_FAST_MULT }, { "fpa", MD_CPU_ARM_ELF_HWCAP_FPA }, { "vfp", MD_CPU_ARM_ELF_HWCAP_VFP }, { "edsp", MD_CPU_ARM_ELF_HWCAP_EDSP }, { "java", MD_CPU_ARM_ELF_HWCAP_JAVA }, { "iwmmxt", MD_CPU_ARM_ELF_HWCAP_IWMMXT }, { "crunch", MD_CPU_ARM_ELF_HWCAP_CRUNCH }, { "thumbee", MD_CPU_ARM_ELF_HWCAP_THUMBEE }, { "neon", MD_CPU_ARM_ELF_HWCAP_NEON }, { "vfpv3", MD_CPU_ARM_ELF_HWCAP_VFPv3 }, { "vfpv3d16", MD_CPU_ARM_ELF_HWCAP_VFPv3D16 }, { "tls", MD_CPU_ARM_ELF_HWCAP_TLS }, { "vfpv4", MD_CPU_ARM_ELF_HWCAP_VFPv4 }, { "idiva", MD_CPU_ARM_ELF_HWCAP_IDIVA }, { "idivt", MD_CPU_ARM_ELF_HWCAP_IDIVT }, { "idiv", MD_CPU_ARM_ELF_HWCAP_IDIVA | MD_CPU_ARM_ELF_HWCAP_IDIVT }, #elif defined(__aarch64__) // No hwcaps on aarch64. #endif }; // processor_architecture should always be set, do this first sys_info->processor_architecture = #if defined(__aarch64__) MD_CPU_ARCHITECTURE_ARM64; #else MD_CPU_ARCHITECTURE_ARM; #endif // /proc/cpuinfo is not readable under various sandboxed environments // (e.g. Android services with the android:isolatedProcess attribute) // prepare for this by setting default values now, which will be // returned when this happens. // // Note: Bogus values are used to distinguish between failures (to // read /sys and /proc files) and really badly configured kernels. sys_info->number_of_processors = 0; sys_info->processor_level = 1U; // There is no ARMv1 sys_info->processor_revision = 42; sys_info->cpu.arm_cpu_info.cpuid = 0; sys_info->cpu.arm_cpu_info.elf_hwcaps = 0; // Counting the number of CPUs involves parsing two sysfs files, // because the content of /proc/cpuinfo will only mirror the number // of 'online' cores, and thus will vary with time. // See http://www.kernel.org/doc/Documentation/cputopology.txt { CpuSet cpus_present; CpuSet cpus_possible; int fd = sys_open("/sys/devices/system/cpu/present", O_RDONLY, 0); if (fd >= 0) { cpus_present.ParseSysFile(fd); sys_close(fd); fd = sys_open("/sys/devices/system/cpu/possible", O_RDONLY, 0); if (fd >= 0) { cpus_possible.ParseSysFile(fd); sys_close(fd); cpus_present.IntersectWith(cpus_possible); int cpu_count = cpus_present.GetCount(); if (cpu_count > 255) cpu_count = 255; sys_info->number_of_processors = static_cast<uint8_t>(cpu_count); } } } // Parse /proc/cpuinfo to reconstruct the CPUID value, as well // as the ELF hwcaps field. For the latter, it would be easier to // read /proc/self/auxv but unfortunately, this file is not always // readable from regular Android applications on later versions // (>= 4.1) of the Android platform. const int fd = sys_open("/proc/cpuinfo", O_RDONLY, 0); if (fd < 0) { // Do not return false here to allow the minidump generation // to happen properly. return true; } { PageAllocator allocator; ProcCpuInfoReader* const reader = new(allocator) ProcCpuInfoReader(fd); const char* field; while (reader->GetNextField(&field)) { for (size_t i = 0; i < sizeof(cpu_id_entries)/sizeof(cpu_id_entries[0]); ++i) { const CpuIdEntry* entry = &cpu_id_entries[i]; if (my_strcmp(entry->field, field) != 0) continue; uintptr_t result = 0; const char* value = reader->GetValue(); const char* p = value; if (value[0] == '0' && value[1] == 'x') { p = my_read_hex_ptr(&result, value+2); } else if (entry->format == 'x') { p = my_read_hex_ptr(&result, value); } else { p = my_read_decimal_ptr(&result, value); } if (p == value) continue; result &= (1U << entry->bit_length)-1; result <<= entry->bit_lshift; sys_info->cpu.arm_cpu_info.cpuid |= static_cast<uint32_t>(result); } #if defined(__arm__) // Get the architecture version from the "Processor" field. // Note that it is also available in the "CPU architecture" field, // however, some existing kernels are misconfigured and will report // invalid values here (e.g. 6, while the CPU is ARMv7-A based). // The "Processor" field doesn't have this issue. if (!my_strcmp(field, "Processor")) { size_t value_len; const char* value = reader->GetValueAndLen(&value_len); // Expected format: <text> (v<level><endian>) // Where <text> is some text like "ARMv7 Processor rev 2" // and <level> is a decimal corresponding to the ARM // architecture number. <endian> is either 'l' or 'b' // and corresponds to the endianess, it is ignored here. while (value_len > 0 && my_isspace(value[value_len-1])) value_len--; size_t nn = value_len; while (nn > 0 && value[nn-1] != '(') nn--; if (nn > 0 && value[nn] == 'v') { uintptr_t arch_level = 5; my_read_decimal_ptr(&arch_level, value + nn + 1); sys_info->processor_level = static_cast<uint16_t>(arch_level); } } #elif defined(__aarch64__) // The aarch64 architecture does not provide the architecture level // in the Processor field, so we instead check the "CPU architecture" // field. if (!my_strcmp(field, "CPU architecture")) { uintptr_t arch_level = 0; const char* value = reader->GetValue(); const char* p = value; p = my_read_decimal_ptr(&arch_level, value); if (p == value) continue; sys_info->processor_level = static_cast<uint16_t>(arch_level); } #endif // Rebuild the ELF hwcaps from the 'Features' field. if (!my_strcmp(field, "Features")) { size_t value_len; const char* value = reader->GetValueAndLen(&value_len); // Parse each space-separated tag. while (value_len > 0) { const char* tag = value; size_t tag_len = value_len; const char* p = my_strchr(tag, ' '); if (p != NULL) { tag_len = static_cast<size_t>(p - tag); value += tag_len + 1; value_len -= tag_len + 1; } else { tag_len = strlen(tag); value_len = 0; } for (size_t i = 0; i < sizeof(cpu_features_entries)/ sizeof(cpu_features_entries[0]); ++i) { const CpuFeaturesEntry* entry = &cpu_features_entries[i]; if (tag_len == strlen(entry->tag) && !memcmp(tag, entry->tag, tag_len)) { sys_info->cpu.arm_cpu_info.elf_hwcaps |= entry->hwcaps; break; } } } } } sys_close(fd); } return true; } #else # error "Unsupported CPU" #endif bool WriteFile(MDLocationDescriptor* result, const char* filename) { const int fd = sys_open(filename, O_RDONLY, 0); if (fd < 0) return false; // We can't stat the files because several of the files that we want to // read are kernel seqfiles, which always have a length of zero. So we have // to read as much as we can into a buffer. static const unsigned kBufSize = 1024 - 2*sizeof(void*); struct Buffers { Buffers* next; size_t len; uint8_t data[kBufSize]; } *buffers = reinterpret_cast<Buffers*>(Alloc(sizeof(Buffers))); buffers->next = NULL; buffers->len = 0; size_t total = 0; for (Buffers* bufptr = buffers;;) { ssize_t r; do { r = sys_read(fd, &bufptr->data[bufptr->len], kBufSize - bufptr->len); } while (r == -1 && errno == EINTR); if (r < 1) break; total += r; bufptr->len += r; if (bufptr->len == kBufSize) { bufptr->next = reinterpret_cast<Buffers*>(Alloc(sizeof(Buffers))); bufptr = bufptr->next; bufptr->next = NULL; bufptr->len = 0; } } sys_close(fd); if (!total) return false; UntypedMDRVA memory(&minidump_writer_); if (!memory.Allocate(total)) return false; for (MDRVA pos = memory.position(); buffers; buffers = buffers->next) { // Check for special case of a zero-length buffer. This should only // occur if a file's size happens to be a multiple of the buffer's // size, in which case the final sys_read() will have resulted in // zero bytes being read after the final buffer was just allocated. if (buffers->len == 0) { // This can only occur with final buffer. assert(buffers->next == NULL); continue; } memory.Copy(pos, &buffers->data, buffers->len); pos += buffers->len; } *result = memory.location(); return true; } bool WriteOSInformation(MDRawSystemInfo* sys_info) { #if defined(__ANDROID__) sys_info->platform_id = MD_OS_ANDROID; #else sys_info->platform_id = MD_OS_LINUX; #endif struct utsname uts; if (uname(&uts)) return false; static const size_t buf_len = 512; char buf[buf_len] = {0}; size_t space_left = buf_len - 1; const char* info_table[] = { uts.sysname, uts.release, uts.version, uts.machine, NULL }; bool first_item = true; for (const char** cur_info = info_table; *cur_info; cur_info++) { static const char separator[] = " "; size_t separator_len = sizeof(separator) - 1; size_t info_len = my_strlen(*cur_info); if (info_len == 0) continue; if (space_left < info_len + (first_item ? 0 : separator_len)) break; if (!first_item) { my_strlcat(buf, separator, sizeof(buf)); space_left -= separator_len; } first_item = false; my_strlcat(buf, *cur_info, sizeof(buf)); space_left -= info_len; } MDLocationDescriptor location; if (!minidump_writer_.WriteString(buf, 0, &location)) return false; sys_info->csd_version_rva = location.rva; return true; } bool WriteProcFile(MDLocationDescriptor* result, pid_t pid, const char* filename) { char buf[NAME_MAX]; if (!dumper_->BuildProcPath(buf, pid, filename)) return false; return WriteFile(result, buf); } // Only one of the 2 member variables below should be set to a valid value. const int fd_; // File descriptor where the minidum should be written. const char* path_; // Path to the file where the minidum should be written. const struct ucontext* const ucontext_; // also from the signal handler #if !defined(__ARM_EABI__) && !defined(__mips__) const google_breakpad::fpstate_t* const float_state_; // ditto #endif LinuxDumper* dumper_; MinidumpFileWriter minidump_writer_; off_t minidump_size_limit_; MDLocationDescriptor crashing_thread_context_; // Blocks of memory written to the dump. These are all currently // written while writing the thread list stream, but saved here // so a memory list stream can be written afterwards. wasteful_vector<MDMemoryDescriptor> memory_blocks_; // Additional information about some mappings provided by the caller. const MappingList& mapping_list_; // Additional memory regions to be included in the dump, // provided by the caller. const AppMemoryList& app_memory_list_; }; bool WriteMinidumpImpl(const char* minidump_path, int minidump_fd, off_t minidump_size_limit, pid_t crashing_process, const void* blob, size_t blob_size, const MappingList& mappings, const AppMemoryList& appmem) { LinuxPtraceDumper dumper(crashing_process); const ExceptionHandler::CrashContext* context = NULL; if (blob) { if (blob_size != sizeof(ExceptionHandler::CrashContext)) return false; context = reinterpret_cast<const ExceptionHandler::CrashContext*>(blob); dumper.set_crash_address( reinterpret_cast<uintptr_t>(context->siginfo.si_addr)); dumper.set_crash_signal(context->siginfo.si_signo); dumper.set_crash_thread(context->tid); } MinidumpWriter writer(minidump_path, minidump_fd, context, mappings, appmem, &dumper); // Set desired limit for file size of minidump (-1 means no limit). writer.set_minidump_size_limit(minidump_size_limit); if (!writer.Init()) return false; return writer.Dump(); } } // namespace namespace google_breakpad { bool WriteMinidump(const char* minidump_path, pid_t crashing_process, const void* blob, size_t blob_size) { return WriteMinidumpImpl(minidump_path, -1, -1, crashing_process, blob, blob_size, MappingList(), AppMemoryList()); } bool WriteMinidump(int minidump_fd, pid_t crashing_process, const void* blob, size_t blob_size) { return WriteMinidumpImpl(NULL, minidump_fd, -1, crashing_process, blob, blob_size, MappingList(), AppMemoryList()); } bool WriteMinidump(const char* minidump_path, pid_t process, pid_t process_blamed_thread) { LinuxPtraceDumper dumper(process); // MinidumpWriter will set crash address dumper.set_crash_signal(MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED); dumper.set_crash_thread(process_blamed_thread); MinidumpWriter writer(minidump_path, -1, NULL, MappingList(), AppMemoryList(), &dumper); if (!writer.Init()) return false; return writer.Dump(); } bool WriteMinidump(const char* minidump_path, pid_t crashing_process, const void* blob, size_t blob_size, const MappingList& mappings, const AppMemoryList& appmem) { return WriteMinidumpImpl(minidump_path, -1, -1, crashing_process, blob, blob_size, mappings, appmem); } bool WriteMinidump(int minidump_fd, pid_t crashing_process, const void* blob, size_t blob_size, const MappingList& mappings, const AppMemoryList& appmem) { return WriteMinidumpImpl(NULL, minidump_fd, -1, crashing_process, blob, blob_size, mappings, appmem); } bool WriteMinidump(const char* minidump_path, off_t minidump_size_limit, pid_t crashing_process, const void* blob, size_t blob_size, const MappingList& mappings, const AppMemoryList& appmem) { return WriteMinidumpImpl(minidump_path, -1, minidump_size_limit, crashing_process, blob, blob_size, mappings, appmem); } bool WriteMinidump(int minidump_fd, off_t minidump_size_limit, pid_t crashing_process, const void* blob, size_t blob_size, const MappingList& mappings, const AppMemoryList& appmem) { return WriteMinidumpImpl(NULL, minidump_fd, minidump_size_limit, crashing_process, blob, blob_size, mappings, appmem); } bool WriteMinidump(const char* filename, const MappingList& mappings, const AppMemoryList& appmem, LinuxDumper* dumper) { MinidumpWriter writer(filename, -1, NULL, mappings, appmem, dumper); if (!writer.Init()) return false; return writer.Dump(); } } // namespace google_breakpad