Add API to allow apps to attach extra information to tombstones.
Test: atest debuggerd_test
Bug: 155462331
Bug: 309446525
Change-Id: Idc8387307738957dbba3daaae59f605566329f0f
diff --git a/libc/bionic/android_set_abort_message.cpp b/libc/bionic/android_set_abort_message.cpp
index d5f8cb9..53d7576 100644
--- a/libc/bionic/android_set_abort_message.cpp
+++ b/libc/bionic/android_set_abort_message.cpp
@@ -28,9 +28,13 @@
#include <android/set_abort_message.h>
+#include <async_safe/log.h>
+#include <bionic/set_abort_message_internal.h>
+
+#include <bits/stdatomic.h>
#include <pthread.h>
-#include <stdint.h>
#include <stddef.h>
+#include <stdint.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/prctl.h>
@@ -56,6 +60,8 @@
"The in-memory layout of magic_abort_msg_t is not consistent with what automated "
"tools expect.");
+static _Atomic(crash_detail_t*) free_head = nullptr;
+
[[clang::optnone]]
static void fill_abort_message_magic(magic_abort_msg_t* new_magic_abort_message) {
// 128-bit magic for the abort message. Chosen by fair dice roll.
@@ -97,3 +103,65 @@
strcpy(new_magic_abort_message->msg.msg, msg);
__libc_shared_globals()->abort_msg = &new_magic_abort_message->msg;
}
+
+__BIONIC_WEAK_FOR_NATIVE_BRIDGE
+crash_detail_t* android_register_crash_detail(const void* name, size_t name_size, const void* data,
+ size_t data_size) {
+ auto populate_crash_detail = [&](crash_detail_t* result) {
+ result->name = reinterpret_cast<const char*>(name);
+ result->name_size = name_size;
+ result->data = reinterpret_cast<const char*>(data);
+ result->data_size = data_size;
+ };
+ // This is a atomic fast-path for RAII use-cases where the app keeps creating and deleting
+ // crash details for short periods of time to capture detailed scopes.
+ if (crash_detail_t* head = atomic_load(&free_head)) {
+ while (head != nullptr && !atomic_compare_exchange_strong(&free_head, &head, head->prev_free)) {
+ // intentionally left blank.
+ }
+ if (head) {
+ head->prev_free = nullptr;
+ populate_crash_detail(head);
+ return head;
+ }
+ }
+ ScopedPthreadMutexLocker locker(&__libc_shared_globals()->crash_detail_page_lock);
+ struct crash_detail_page_t* prev = nullptr;
+ struct crash_detail_page_t* page = __libc_shared_globals()->crash_detail_page;
+ if (page != nullptr && page->used == kNumCrashDetails) {
+ prev = page;
+ page = nullptr;
+ }
+ if (page == nullptr) {
+ size_t size = sizeof(crash_detail_page_t);
+ void* map = mmap(nullptr, size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, -1, 0);
+ if (map == MAP_FAILED) {
+ async_safe_format_log(ANDROID_LOG_ERROR, "libc", "failed to allocate crash_detail_page: %m");
+ return nullptr;
+ }
+ prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, map, size, "crash details");
+ page = reinterpret_cast<struct crash_detail_page_t*>(map);
+ page->prev = prev;
+ __libc_shared_globals()->crash_detail_page = page;
+ }
+ crash_detail_t* result = &page->crash_details[page->used];
+ populate_crash_detail(result);
+ page->used++;
+ return result;
+}
+
+__BIONIC_WEAK_FOR_NATIVE_BRIDGE
+void android_unregister_crash_detail(crash_detail_t* crash_detail) {
+ if (crash_detail) {
+ if (crash_detail->prev_free) {
+ // removing already removed would mess up the free-list by creating a circle.
+ return;
+ }
+ crash_detail->data = nullptr;
+ crash_detail->name = nullptr;
+ crash_detail_t* prev = atomic_load(&free_head);
+ do {
+ crash_detail->prev_free = prev;
+ } while (!atomic_compare_exchange_strong(&free_head, &prev, crash_detail));
+ }
+}
diff --git a/libc/include/android/set_abort_message.h b/libc/include/android/set_abort_message.h
index 35867ac..e92c6ec 100644
--- a/libc/include/android/set_abort_message.h
+++ b/libc/include/android/set_abort_message.h
@@ -30,13 +30,18 @@
/**
* @file android/set_abort_message.h
- * @brief The android_set_abort_message() function.
+ * @brief Attach extra information to android crashes.
*/
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
#include <sys/cdefs.h>
__BEGIN_DECLS
+typedef struct crash_detail_t crash_detail_t;
+
/**
* android_set_abort_message() sets the abort message that will be shown
* by [debuggerd](https://source.android.com/devices/tech/debug/native-crash).
@@ -46,4 +51,51 @@
*/
void android_set_abort_message(const char* _Nullable __msg);
+/**
+ * Register a new buffer to get logged into tombstones for crashes.
+ *
+ * It will be added to both the tombstone proto in the crash_detail field, and
+ * in the tombstone text format.
+ *
+ * Tombstone proto definition:
+ * https://cs.android.com/android/platform/superproject/main/+/main:system/core/debuggerd/proto/tombstone.proto
+ *
+ * The lifetime of name and data has to be valid until the program crashes, or until
+ * android_unregister_crash_detail is called.
+ *
+ * Example usage:
+ * const char* stageName = "garbage_collection";
+ * crash_detail_t* cd = android_register_crash_detail("stage", stageName, strlen(stageName));
+ * do_garbage_collection();
+ * android_unregister_crash_detail(cd);
+ *
+ * If this example crashes in do_garbage_collection, a line will show up in the textual representation of the tombstone:
+ * Extra crash detail: stage: 'garbage_collection'
+ *
+ * Introduced in API 35.
+ *
+ * \param name identifying name for this extra data.
+ * this should generally be a human-readable debug string, but we are treating
+ * it as arbitrary bytes because it could be corrupted by the crash.
+ * \param name_size number of bytes of the buffer pointed to by name
+ * \param data a buffer containing the extra detail bytes
+ * \param data_size number of bytes of the buffer pointed to by data
+ *
+ * \return a handle to the extra crash detail for use with android_unregister_crash_detail.
+ */
+crash_detail_t* _Nullable android_register_crash_detail(
+ const void* _Nonnull name, size_t name_size, const void* _Nonnull data, size_t data_size) __INTRODUCED_IN(35);
+
+/**
+ * Unregister crash detail from being logged into tombstones.
+ *
+ * After this function returns, the lifetime of the objects crash_detail was
+ * constructed from no longer needs to be valid.
+ *
+ * Introduced in API 35.
+ *
+ * \param crash_detail the crash_detail that should be removed.
+ */
+void android_unregister_crash_detail(crash_detail_t* _Nonnull crash_detail) __INTRODUCED_IN(35);
+
__END_DECLS
diff --git a/libc/libc.map.txt b/libc/libc.map.txt
index 156e9ee..ecdb25c 100644
--- a/libc/libc.map.txt
+++ b/libc/libc.map.txt
@@ -1586,6 +1586,8 @@
LIBC_V { # introduced=VanillaIceCream
global:
+ android_register_crash_detail;
+ android_unregister_crash_detail;
epoll_pwait2;
epoll_pwait2_64;
localtime_rz;
diff --git a/libc/platform/bionic/set_abort_message_internal.h b/libc/platform/bionic/set_abort_message_internal.h
new file mode 100644
index 0000000..4dff3ac
--- /dev/null
+++ b/libc/platform/bionic/set_abort_message_internal.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <android/set_abort_message.h>
+#include <stddef.h>
+#include <sys/cdefs.h>
+
+struct crash_detail_t {
+ const char* name;
+ size_t name_size;
+ const char* data;
+ size_t data_size;
+ crash_detail_t* prev_free;
+};
+
+constexpr auto kNumCrashDetails = 128;
+
+struct crash_detail_page_t {
+ struct crash_detail_page_t* prev;
+ size_t used;
+ struct crash_detail_t crash_details[kNumCrashDetails];
+};
diff --git a/libc/private/bionic_globals.h b/libc/private/bionic_globals.h
index 08a61f0..6f1e389 100644
--- a/libc/private/bionic_globals.h
+++ b/libc/private/bionic_globals.h
@@ -84,6 +84,7 @@
__LIBC_HIDDEN__ extern WriteProtected<libc_globals> __libc_globals;
struct abort_msg_t;
+struct crash_detail_page_t;
namespace gwp_asan {
struct AllocatorState;
struct AllocationMetadata;
@@ -138,6 +139,8 @@
int64_t heap_tagging_upgrade_timer_sec = 0;
void (*memtag_stack_dlopen_callback)() = nullptr;
+ pthread_mutex_t crash_detail_page_lock = PTHREAD_MUTEX_INITIALIZER;
+ crash_detail_page_t* crash_detail_page = nullptr;
};
__LIBC_HIDDEN__ libc_shared_globals* __libc_shared_globals();