1 /*
2  * Copyright (C) 2008 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 
18 #ifndef ART_RUNTIME_FAULT_HANDLER_H_
19 #define ART_RUNTIME_FAULT_HANDLER_H_
20 
21 #include <signal.h>
22 #include <stdint.h>
23 
24 #include <atomic>
25 #include <vector>
26 
27 #include "base/locks.h"  // For annotalysis.
28 #include "base/macros.h"
29 #include "base/mutex.h"
30 #include "runtime_globals.h"  // For CanDoImplicitNullCheckOn.
31 
32 namespace art HIDDEN {
33 
34 class ArtMethod;
35 class FaultHandler;
36 
37 class FaultManager {
38  public:
39   FaultManager();
40   ~FaultManager();
41 
42   // Use libsigchain if use_sig_chain is true. Otherwise, setup SIGBUS directly
43   // using sigaction().
44   void Init(bool use_sig_chain);
45 
46   // Unclaim signals.
47   void Release();
48 
49   // Unclaim signals and delete registered handlers.
50   void Shutdown();
51 
52   // Try to handle a SIGSEGV fault, returns true if successful.
53   bool HandleSigsegvFault(int sig, siginfo_t* info, void* context);
54 
55   // Try to handle a SIGBUS fault, returns true if successful.
56   bool HandleSigbusFault(int sig, siginfo_t* info, void* context);
57 
58   // Added handlers are owned by the fault handler and will be freed on Shutdown().
59   EXPORT void AddHandler(FaultHandler* handler, bool generated_code);
60   EXPORT void RemoveHandler(FaultHandler* handler);
61 
62   void AddGeneratedCodeRange(const void* start, size_t size);
63   void RemoveGeneratedCodeRange(const void* start, size_t size)
64       REQUIRES_SHARED(Locks::mutator_lock_);
65 
66   // Retrieves fault PC from architecture-dependent `context`, returns 0 on failure.
67   // Called in the context of a signal handler.
68   static uintptr_t GetFaultPc(siginfo_t* siginfo, void* context);
69 
70   // Retrieves SP from architecture-dependent `context`.
71   // Called in the context of a signal handler.
72   static uintptr_t GetFaultSp(void* context);
73 
74   // Checks if the fault happened while running generated code.
75   // Called in the context of a signal handler.
76   bool IsInGeneratedCode(siginfo_t* siginfo, void *context) NO_THREAD_SAFETY_ANALYSIS;
77 
78  private:
79   struct GeneratedCodeRange {
80     std::atomic<GeneratedCodeRange*> next;
81     const void* start;
82     size_t size;
83   };
84 
85   GeneratedCodeRange* CreateGeneratedCodeRange(const void* start, size_t size)
86       REQUIRES(generated_code_ranges_lock_);
87   void FreeGeneratedCodeRange(GeneratedCodeRange* range) REQUIRES(!generated_code_ranges_lock_);
88 
89   // The HandleFaultByOtherHandlers function is only called by HandleFault function for generated code.
90   bool HandleFaultByOtherHandlers(int sig, siginfo_t* info, void* context)
91                                   NO_THREAD_SAFETY_ANALYSIS;
92 
93   // Check if this is an implicit suspend check that was somehow not recognized as being
94   // in the compiled code. If that's the case, collect debugging data for the abort message
95   // and crash. Focus on suspend checks in the boot image. Bug: 294339122
96   // NO_THREAD_SAFETY_ANALYSIS: Same as `IsInGeneratedCode()`.
97   void CheckForUnrecognizedImplicitSuspendCheckInBootImage(siginfo_t* siginfo, void* context)
98       NO_THREAD_SAFETY_ANALYSIS;
99 
100   // Note: The lock guards modifications of the ranges but the function `IsInGeneratedCode()`
101   // walks the list in the context of a signal handler without holding the lock.
102   Mutex generated_code_ranges_lock_;
103   std::atomic<GeneratedCodeRange*> generated_code_ranges_ GUARDED_BY(generated_code_ranges_lock_);
104 
105   std::vector<FaultHandler*> generated_code_handlers_;
106   std::vector<FaultHandler*> other_handlers_;
107   bool initialized_;
108 
109   // We keep a certain number of generated code ranges locally to avoid too many
110   // cache misses while traversing the singly-linked list `generated_code_ranges_`.
111   // 16 should be enough for the boot image (assuming `--multi-image`; there is
112   // only one entry for `--single-image`), nterp, JIT code cache and a few other
113   // entries for the app or system server.
114   static constexpr size_t kNumLocalGeneratedCodeRanges = 16;
115   GeneratedCodeRange generated_code_ranges_storage_[kNumLocalGeneratedCodeRanges];
116   GeneratedCodeRange* free_generated_code_ranges_
117        GUARDED_BY(generated_code_ranges_lock_);
118 
119   DISALLOW_COPY_AND_ASSIGN(FaultManager);
120 };
121 
122 class FaultHandler {
123  public:
124   EXPORT explicit FaultHandler(FaultManager* manager);
~FaultHandler()125   virtual ~FaultHandler() {}
GetFaultManager()126   FaultManager* GetFaultManager() {
127     return manager_;
128   }
129 
130   virtual bool Action(int sig, siginfo_t* siginfo, void* context) = 0;
131 
132  protected:
133   FaultManager* const manager_;
134 
135  private:
136   DISALLOW_COPY_AND_ASSIGN(FaultHandler);
137 };
138 
139 class NullPointerHandler final : public FaultHandler {
140  public:
141   explicit NullPointerHandler(FaultManager* manager);
142 
143   // NO_THREAD_SAFETY_ANALYSIS: Called after the fault manager determined that
144   // the thread is `Runnable` and holds the mutator lock (shared) but without
145   // telling annotalysis that we actually hold the lock.
146   bool Action(int sig, siginfo_t* siginfo, void* context) override
147       NO_THREAD_SAFETY_ANALYSIS;
148 
149  private:
150   // Helper functions for checking whether the signal can be interpreted
151   // as implicit NPE check. Note that the runtime will do more exhaustive
152   // checks (that we cannot reasonably do in signal processing code) based
153   // on the dex instruction faulting.
154 
IsValidFaultAddress(uintptr_t fault_address)155   static bool IsValidFaultAddress(uintptr_t fault_address) {
156     // Our implicit NPE checks always limit the range to a page.
157     return CanDoImplicitNullCheckOn(fault_address);
158   }
159 
160   static bool IsValidMethod(ArtMethod* method)
161       REQUIRES_SHARED(Locks::mutator_lock_);
162 
163   static bool IsValidReturnPc(ArtMethod** sp, uintptr_t return_pc)
164       REQUIRES_SHARED(Locks::mutator_lock_);
165 
166   DISALLOW_COPY_AND_ASSIGN(NullPointerHandler);
167 };
168 
169 class SuspensionHandler final : public FaultHandler {
170  public:
171   explicit SuspensionHandler(FaultManager* manager);
172 
173   bool Action(int sig, siginfo_t* siginfo, void* context) override;
174 
175  private:
176   DISALLOW_COPY_AND_ASSIGN(SuspensionHandler);
177 };
178 
179 class StackOverflowHandler final : public FaultHandler {
180  public:
181   explicit StackOverflowHandler(FaultManager* manager);
182 
183   bool Action(int sig, siginfo_t* siginfo, void* context) override;
184 
185  private:
186   DISALLOW_COPY_AND_ASSIGN(StackOverflowHandler);
187 };
188 
189 class JavaStackTraceHandler final : public FaultHandler {
190  public:
191   explicit JavaStackTraceHandler(FaultManager* manager);
192 
193   bool Action(int sig, siginfo_t* siginfo, void* context) override NO_THREAD_SAFETY_ANALYSIS;
194 
195  private:
196   DISALLOW_COPY_AND_ASSIGN(JavaStackTraceHandler);
197 };
198 
199 // Statically allocated so the the signal handler can Get access to it.
200 EXPORT extern FaultManager fault_manager;
201 
202 }  // namespace art
203 #endif  // ART_RUNTIME_FAULT_HANDLER_H_
204 
205