| /* |
| * Copyright (C) 2018 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include "llkd.h" |
| |
| #include <ctype.h> |
| #include <dirent.h> // opendir() and readdir() |
| #include <errno.h> |
| #include <fcntl.h> |
| #include <pthread.h> |
| #include <pwd.h> // getpwuid() |
| #include <signal.h> |
| #include <stdint.h> |
| #include <sys/cdefs.h> // ___STRING, __predict_true() and _predict_false() |
| #include <sys/mman.h> // mlockall() |
| #include <sys/prctl.h> |
| #include <sys/stat.h> // lstat() |
| #include <sys/syscall.h> // __NR_getdents64 |
| #include <sys/sysinfo.h> // get_nprocs_conf() |
| #include <sys/types.h> |
| #include <time.h> |
| #include <unistd.h> |
| |
| #include <chrono> |
| #include <ios> |
| #include <sstream> |
| #include <string> |
| #include <unordered_map> |
| #include <unordered_set> |
| |
| #include <android-base/file.h> |
| #include <android-base/logging.h> |
| #include <android-base/parseint.h> |
| #include <android-base/properties.h> |
| #include <android-base/strings.h> |
| #include <cutils/android_get_control_file.h> |
| #include <log/log_main.h> |
| |
| #define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) |
| |
| #define TASK_COMM_LEN 16 // internal kernel, not uapi, from .../linux/include/linux/sched.h |
| |
| using namespace std::chrono_literals; |
| using namespace std::chrono; |
| using namespace std::literals; |
| |
| namespace { |
| |
| constexpr pid_t kernelPid = 0; |
| constexpr pid_t initPid = 1; |
| constexpr pid_t kthreaddPid = 2; |
| |
| constexpr char procdir[] = "/proc/"; |
| |
| // Configuration |
| milliseconds llkUpdate; // last check ms signature |
| milliseconds llkCycle; // ms to next thread check |
| bool llkEnable = LLK_ENABLE_DEFAULT; // llk daemon enabled |
| bool llkRunning = false; // thread is running |
| bool llkMlockall = LLK_MLOCKALL_DEFAULT; // run mlocked |
| bool llkTestWithKill = LLK_KILLTEST_DEFAULT; // issue test kills |
| milliseconds llkTimeoutMs = LLK_TIMEOUT_MS_DEFAULT; // default timeout |
| enum { // enum of state indexes |
| llkStateD, // Persistent 'D' state |
| llkStateZ, // Persistent 'Z' state |
| #ifdef __PTRACE_ENABLED__ // Extra privileged states |
| llkStateStack, // stack signature |
| #endif // End of extra privilege |
| llkNumStates, // Maxumum number of states |
| }; // state indexes |
| milliseconds llkStateTimeoutMs[llkNumStates]; // timeout override for each detection state |
| milliseconds llkCheckMs; // checking interval to inspect any |
| // persistent live-locked states |
| bool llkLowRam; // ro.config.low_ram |
| bool khtEnable = LLK_ENABLE_DEFAULT; // [khungtaskd] panic |
| // [khungtaskd] should have a timeout beyond the granularity of llkTimeoutMs. |
| // Provides a wide angle of margin b/c khtTimeout is also its granularity. |
| seconds khtTimeout = duration_cast<seconds>(llkTimeoutMs * (1 + LLK_CHECKS_PER_TIMEOUT_DEFAULT) / |
| LLK_CHECKS_PER_TIMEOUT_DEFAULT); |
| #ifdef __PTRACE_ENABLED__ |
| // list of stack symbols to search for persistence. |
| std::unordered_set<std::string> llkCheckStackSymbols; |
| #endif |
| |
| // Blacklist variables, initialized with comma separated lists of high false |
| // positive and/or dangerous references, e.g. without self restart, for pid, |
| // ppid, name and uid: |
| |
| // list of pids, or tids or names to skip. kernel pid (0), init pid (1), |
| // [kthreadd] pid (2), ourselves, "init", "[kthreadd]", "lmkd", "llkd" or |
| // combinations of watchdogd in kernel and user space. |
| std::unordered_set<std::string> llkBlacklistProcess; |
| // list of parent pids, comm or cmdline names to skip. default: |
| // kernel pid (0), [kthreadd] (2), or ourselves, enforced and implied |
| std::unordered_set<std::string> llkBlacklistParent; |
| // list of uids, and uid names, to skip, default nothing |
| std::unordered_set<std::string> llkBlacklistUid; |
| #ifdef __PTRACE_ENABLED__ |
| // list of names to skip stack checking. "init", "lmkd", "llkd", "keystore" or |
| // "logd" (if not userdebug). |
| std::unordered_set<std::string> llkBlacklistStack; |
| #endif |
| |
| class dir { |
| public: |
| enum level { proc, task, numLevels }; |
| |
| private: |
| int fd; |
| size_t available_bytes; |
| dirent* next; |
| // each directory level picked to be just north of 4K in size |
| static constexpr size_t buffEntries = 15; |
| static dirent buff[numLevels][buffEntries]; |
| |
| bool fill(enum level index) { |
| if (index >= numLevels) return false; |
| if (available_bytes != 0) return true; |
| if (__predict_false(fd < 0)) return false; |
| // getdents64 has no libc wrapper |
| auto rc = TEMP_FAILURE_RETRY(syscall(__NR_getdents64, fd, buff[index], sizeof(buff[0]), 0)); |
| if (rc <= 0) return false; |
| available_bytes = rc; |
| next = buff[index]; |
| return true; |
| } |
| |
| public: |
| dir() : fd(-1), available_bytes(0), next(nullptr) {} |
| |
| explicit dir(const char* directory) |
| : fd(__predict_true(directory != nullptr) |
| ? ::open(directory, O_CLOEXEC | O_DIRECTORY | O_RDONLY) |
| : -1), |
| available_bytes(0), |
| next(nullptr) {} |
| |
| explicit dir(const std::string&& directory) |
| : fd(::open(directory.c_str(), O_CLOEXEC | O_DIRECTORY | O_RDONLY)), |
| available_bytes(0), |
| next(nullptr) {} |
| |
| explicit dir(const std::string& directory) |
| : fd(::open(directory.c_str(), O_CLOEXEC | O_DIRECTORY | O_RDONLY)), |
| available_bytes(0), |
| next(nullptr) {} |
| |
| // Don't need any copy or move constructors. |
| explicit dir(const dir& c) = delete; |
| explicit dir(dir& c) = delete; |
| explicit dir(dir&& c) = delete; |
| |
| ~dir() { |
| if (fd >= 0) { |
| ::close(fd); |
| } |
| } |
| |
| operator bool() const { return fd >= 0; } |
| |
| void reset(void) { |
| if (fd >= 0) { |
| ::close(fd); |
| fd = -1; |
| available_bytes = 0; |
| next = nullptr; |
| } |
| } |
| |
| dir& reset(const char* directory) { |
| reset(); |
| // available_bytes will _always_ be zero here as its value is |
| // intimately tied to fd < 0 or not. |
| fd = ::open(directory, O_CLOEXEC | O_DIRECTORY | O_RDONLY); |
| return *this; |
| } |
| |
| void rewind(void) { |
| if (fd >= 0) { |
| ::lseek(fd, off_t(0), SEEK_SET); |
| available_bytes = 0; |
| next = nullptr; |
| } |
| } |
| |
| dirent* read(enum level index = proc, dirent* def = nullptr) { |
| if (!fill(index)) return def; |
| auto ret = next; |
| available_bytes -= next->d_reclen; |
| next = reinterpret_cast<dirent*>(reinterpret_cast<char*>(next) + next->d_reclen); |
| return ret; |
| } |
| } llkTopDirectory; |
| |
| dirent dir::buff[dir::numLevels][dir::buffEntries]; |
| |
| // helper functions |
| |
| bool llkIsMissingExeLink(pid_t tid) { |
| char c; |
| // CAP_SYS_PTRACE is required to prevent ret == -1, but ENOENT is signal |
| auto ret = ::readlink((procdir + std::to_string(tid) + "/exe").c_str(), &c, sizeof(c)); |
| return (ret == -1) && (errno == ENOENT); |
| } |
| |
| // Common routine where caller accepts empty content as error/passthrough. |
| // Reduces the churn of reporting read errors in the callers. |
| std::string ReadFile(std::string&& path) { |
| std::string content; |
| if (!android::base::ReadFileToString(path, &content)) { |
| PLOG(DEBUG) << "Read " << path << " failed"; |
| content = ""; |
| } |
| return content; |
| } |
| |
| std::string llkProcGetName(pid_t tid, const char* node = "/cmdline") { |
| std::string content = ReadFile(procdir + std::to_string(tid) + node); |
| static constexpr char needles[] = " \t\r\n"; // including trailing nul |
| auto pos = content.find_first_of(needles, 0, sizeof(needles)); |
| if (pos != std::string::npos) { |
| content.erase(pos); |
| } |
| return content; |
| } |
| |
| uid_t llkProcGetUid(pid_t tid) { |
| // Get the process' uid. The following read from /status is admittedly |
| // racy, prone to corruption due to shape-changes. The consequences are |
| // not catastrophic as we sample a few times before taking action. |
| // |
| // If /loginuid worked on reliably, or on Android (all tasks report -1)... |
| // Android lmkd causes /cgroup to contain memory:/<dom>/uid_<uid>/pid_<pid> |
| // which is tighter, but also not reliable. |
| std::string content = ReadFile(procdir + std::to_string(tid) + "/status"); |
| static constexpr char Uid[] = "\nUid:"; |
| auto pos = content.find(Uid); |
| if (pos == std::string::npos) { |
| return -1; |
| } |
| pos += ::strlen(Uid); |
| while ((pos < content.size()) && ::isblank(content[pos])) { |
| ++pos; |
| } |
| content.erase(0, pos); |
| for (pos = 0; (pos < content.size()) && ::isdigit(content[pos]); ++pos) { |
| ; |
| } |
| // Content of form 'Uid: 0 0 0 0', newline is error |
| if ((pos >= content.size()) || !::isblank(content[pos])) { |
| return -1; |
| } |
| content.erase(pos); |
| uid_t ret; |
| if (!android::base::ParseUint(content, &ret, uid_t(0))) { |
| return -1; |
| } |
| return ret; |
| } |
| |
| struct proc { |
| pid_t tid; // monitored thread id (in Z or D state). |
| nanoseconds schedUpdate; // /proc/<tid>/sched "se.avg.lastUpdateTime", |
| uint64_t nrSwitches; // /proc/<tid>/sched "nr_switches" for |
| // refined ABA problem detection, determine |
| // forward scheduling progress. |
| milliseconds update; // llkUpdate millisecond signature of last. |
| milliseconds count; // duration in state. |
| #ifdef __PTRACE_ENABLED__ // Privileged state checking |
| milliseconds count_stack; // duration where stack is stagnant. |
| #endif // End privilege |
| pid_t pid; // /proc/<pid> before iterating through |
| // /proc/<pid>/task/<tid> for threads. |
| pid_t ppid; // /proc/<tid>/stat field 4 parent pid. |
| uid_t uid; // /proc/<tid>/status Uid: field. |
| unsigned time; // sum of /proc/<tid>/stat field 14 utime & |
| // 15 stime for coarse ABA problem detection. |
| std::string cmdline; // cached /cmdline content |
| char state; // /proc/<tid>/stat field 3: Z or D |
| // (others we do not monitor: S, R, T or ?) |
| #ifdef __PTRACE_ENABLED__ // Privileged state checking |
| char stack; // index in llkCheckStackSymbols for matches |
| #endif // and with maximum index PROP_VALUE_MAX/2. |
| char comm[TASK_COMM_LEN + 3]; // space for adding '[' and ']' |
| bool exeMissingValid; // exeMissing has been cached |
| bool cmdlineValid; // cmdline has been cached |
| bool updated; // cleared before monitoring pass. |
| bool killed; // sent a kill to this thread, next panic... |
| |
| void setComm(const char* _comm) { strncpy(comm + 1, _comm, sizeof(comm) - 2); } |
| |
| proc(pid_t tid, pid_t pid, pid_t ppid, const char* _comm, int time, char state) |
| : tid(tid), |
| schedUpdate(0), |
| nrSwitches(0), |
| update(llkUpdate), |
| count(0ms), |
| #ifdef __PTRACE_ENABLED__ |
| count_stack(0ms), |
| #endif |
| pid(pid), |
| ppid(ppid), |
| uid(-1), |
| time(time), |
| state(state), |
| #ifdef __PTRACE_ENABLED__ |
| stack(-1), |
| #endif |
| exeMissingValid(false), |
| cmdlineValid(false), |
| updated(true), |
| killed(!llkTestWithKill) { |
| memset(comm, '\0', sizeof(comm)); |
| setComm(_comm); |
| } |
| |
| const char* getComm(void) { |
| if (comm[1] == '\0') { // comm Valid? |
| strncpy(comm + 1, llkProcGetName(tid, "/comm").c_str(), sizeof(comm) - 2); |
| } |
| if (!exeMissingValid) { |
| if (llkIsMissingExeLink(tid)) { |
| comm[0] = '['; |
| } |
| exeMissingValid = true; |
| } |
| size_t len = strlen(comm + 1); |
| if (__predict_true(len < (sizeof(comm) - 1))) { |
| if (comm[0] == '[') { |
| if ((comm[len] != ']') && __predict_true(len < (sizeof(comm) - 2))) { |
| comm[++len] = ']'; |
| comm[++len] = '\0'; |
| } |
| } else { |
| if (comm[len] == ']') { |
| comm[len] = '\0'; |
| } |
| } |
| } |
| return &comm[comm[0] != '[']; |
| } |
| |
| const char* getCmdline(void) { |
| if (!cmdlineValid) { |
| cmdline = llkProcGetName(tid); |
| cmdlineValid = true; |
| } |
| return cmdline.c_str(); |
| } |
| |
| uid_t getUid(void) { |
| if (uid <= 0) { // Churn on root user, because most likely to setuid() |
| uid = llkProcGetUid(tid); |
| } |
| return uid; |
| } |
| |
| void reset(void) { // reset cache, if we detected pid rollover |
| uid = -1; |
| state = '?'; |
| #ifdef __PTRACE_ENABLED__ |
| count_stack = 0ms; |
| stack = -1; |
| #endif |
| cmdline = ""; |
| comm[0] = '\0'; |
| exeMissingValid = false; |
| cmdlineValid = false; |
| } |
| }; |
| |
| std::unordered_map<pid_t, proc> tids; |
| |
| // Check range and setup defaults, in order of propagation: |
| // llkTimeoutMs |
| // llkCheckMs |
| // ... |
| // KISS to keep it all self-contained, and called multiple times as parameters |
| // are interpreted so that defaults, llkCheckMs and llkCycle make sense. |
| void llkValidate() { |
| if (llkTimeoutMs == 0ms) { |
| llkTimeoutMs = LLK_TIMEOUT_MS_DEFAULT; |
| } |
| llkTimeoutMs = std::max(llkTimeoutMs, LLK_TIMEOUT_MS_MINIMUM); |
| if (llkCheckMs == 0ms) { |
| llkCheckMs = llkTimeoutMs / LLK_CHECKS_PER_TIMEOUT_DEFAULT; |
| } |
| llkCheckMs = std::min(llkCheckMs, llkTimeoutMs); |
| |
| for (size_t state = 0; state < ARRAY_SIZE(llkStateTimeoutMs); ++state) { |
| if (llkStateTimeoutMs[state] == 0ms) { |
| llkStateTimeoutMs[state] = llkTimeoutMs; |
| } |
| llkStateTimeoutMs[state] = |
| std::min(std::max(llkStateTimeoutMs[state], LLK_TIMEOUT_MS_MINIMUM), llkTimeoutMs); |
| llkCheckMs = std::min(llkCheckMs, llkStateTimeoutMs[state]); |
| } |
| |
| llkCheckMs = std::max(llkCheckMs, LLK_CHECK_MS_MINIMUM); |
| if (llkCycle == 0ms) { |
| llkCycle = llkCheckMs; |
| } |
| llkCycle = std::min(llkCycle, llkCheckMs); |
| } |
| |
| milliseconds llkGetTimespecDiffMs(timespec* from, timespec* to) { |
| return duration_cast<milliseconds>(seconds(to->tv_sec - from->tv_sec)) + |
| duration_cast<milliseconds>(nanoseconds(to->tv_nsec - from->tv_nsec)); |
| } |
| |
| std::string llkProcGetName(pid_t tid, const char* comm, const char* cmdline) { |
| if ((cmdline != nullptr) && (*cmdline != '\0')) { |
| return cmdline; |
| } |
| if ((comm != nullptr) && (*comm != '\0')) { |
| return comm; |
| } |
| |
| // UNLIKELY! Here because killed before we kill it? |
| // Assume change is afoot, do not call llkTidAlloc |
| |
| // cmdline ? |
| std::string content = llkProcGetName(tid); |
| if (content.size() != 0) { |
| return content; |
| } |
| // Comm instead? |
| content = llkProcGetName(tid, "/comm"); |
| if (llkIsMissingExeLink(tid) && (content.size() != 0)) { |
| return '[' + content + ']'; |
| } |
| return content; |
| } |
| |
| int llkKillOneProcess(pid_t pid, char state, pid_t tid, const char* tcomm = nullptr, |
| const char* tcmdline = nullptr, const char* pcomm = nullptr, |
| const char* pcmdline = nullptr) { |
| std::string forTid; |
| if (tid != pid) { |
| forTid = " for '" + llkProcGetName(tid, tcomm, tcmdline) + "' (" + std::to_string(tid) + ")"; |
| } |
| LOG(INFO) << "Killing '" << llkProcGetName(pid, pcomm, pcmdline) << "' (" << pid |
| << ") to check forward scheduling progress in " << state << " state" << forTid; |
| // CAP_KILL required |
| errno = 0; |
| auto r = ::kill(pid, SIGKILL); |
| if (r) { |
| PLOG(ERROR) << "kill(" << pid << ")=" << r << ' '; |
| } |
| |
| return r; |
| } |
| |
| // Kill one process |
| int llkKillOneProcess(pid_t pid, proc* tprocp) { |
| return llkKillOneProcess(pid, tprocp->state, tprocp->tid, tprocp->getComm(), |
| tprocp->getCmdline()); |
| } |
| |
| // Kill one process specified by kprocp |
| int llkKillOneProcess(proc* kprocp, proc* tprocp) { |
| if (kprocp == nullptr) { |
| return -2; |
| } |
| |
| return llkKillOneProcess(kprocp->tid, tprocp->state, tprocp->tid, tprocp->getComm(), |
| tprocp->getCmdline(), kprocp->getComm(), kprocp->getCmdline()); |
| } |
| |
| // Acquire file descriptor from environment, or open and cache it. |
| // NB: cache is unnecessary in our current context, pedantically |
| // required to prevent leakage of file descriptors in the future. |
| int llkFileToWriteFd(const std::string& file) { |
| static std::unordered_map<std::string, int> cache; |
| auto search = cache.find(file); |
| if (search != cache.end()) return search->second; |
| auto fd = android_get_control_file(file.c_str()); |
| if (fd >= 0) return fd; |
| fd = TEMP_FAILURE_RETRY(::open(file.c_str(), O_WRONLY | O_CLOEXEC)); |
| if (fd >= 0) cache.emplace(std::make_pair(file, fd)); |
| return fd; |
| } |
| |
| // Wrap android::base::WriteStringToFile to use android_get_control_file. |
| bool llkWriteStringToFile(const std::string& string, const std::string& file) { |
| auto fd = llkFileToWriteFd(file); |
| if (fd < 0) return false; |
| return android::base::WriteStringToFd(string, fd); |
| } |
| |
| bool llkWriteStringToFileConfirm(const std::string& string, const std::string& file) { |
| auto fd = llkFileToWriteFd(file); |
| auto ret = (fd < 0) ? false : android::base::WriteStringToFd(string, fd); |
| std::string content; |
| if (!android::base::ReadFileToString(file, &content)) return ret; |
| return android::base::Trim(content) == string; |
| } |
| |
| void llkPanicKernel(bool dump, pid_t tid, const char* state) __noreturn; |
| void llkPanicKernel(bool dump, pid_t tid, const char* state) { |
| auto sysrqTriggerFd = llkFileToWriteFd("/proc/sysrq-trigger"); |
| if (sysrqTriggerFd < 0) { |
| // DYB |
| llkKillOneProcess(initPid, 'R', tid); |
| // The answer to life, the universe and everything |
| ::exit(42); |
| // NOTREACHED |
| } |
| ::sync(); |
| if (dump) { |
| // Show all locks that are held |
| android::base::WriteStringToFd("d", sysrqTriggerFd); |
| // This can trigger hardware watchdog, that is somewhat _ok_. |
| // But useless if pstore configured for <256KB, low ram devices ... |
| if (!llkLowRam) { |
| android::base::WriteStringToFd("t", sysrqTriggerFd); |
| } |
| ::usleep(200000); // let everything settle |
| } |
| llkWriteStringToFile("SysRq : Trigger a crash : 'livelock,"s + state + "'\n", "/dev/kmsg"); |
| android::base::WriteStringToFd("c", sysrqTriggerFd); |
| // NOTREACHED |
| // DYB |
| llkKillOneProcess(initPid, 'R', tid); |
| // I sat at my desk, stared into the garden and thought '42 will do'. |
| // I typed it out. End of story |
| ::exit(42); |
| // NOTREACHED |
| } |
| |
| void llkAlarmHandler(int) { |
| llkPanicKernel(false, ::getpid(), "alarm"); |
| } |
| |
| milliseconds GetUintProperty(const std::string& key, milliseconds def) { |
| return milliseconds(android::base::GetUintProperty(key, static_cast<uint64_t>(def.count()), |
| static_cast<uint64_t>(def.max().count()))); |
| } |
| |
| seconds GetUintProperty(const std::string& key, seconds def) { |
| return seconds(android::base::GetUintProperty(key, static_cast<uint64_t>(def.count()), |
| static_cast<uint64_t>(def.max().count()))); |
| } |
| |
| proc* llkTidLookup(pid_t tid) { |
| auto search = tids.find(tid); |
| if (search == tids.end()) { |
| return nullptr; |
| } |
| return &search->second; |
| } |
| |
| void llkTidRemove(pid_t tid) { |
| tids.erase(tid); |
| } |
| |
| proc* llkTidAlloc(pid_t tid, pid_t pid, pid_t ppid, const char* comm, int time, char state) { |
| auto it = tids.emplace(std::make_pair(tid, proc(tid, pid, ppid, comm, time, state))); |
| return &it.first->second; |
| } |
| |
| std::string llkFormat(milliseconds ms) { |
| auto sec = duration_cast<seconds>(ms); |
| std::ostringstream s; |
| s << sec.count() << '.'; |
| auto f = s.fill('0'); |
| auto w = s.width(3); |
| s << std::right << (ms - sec).count(); |
| s.width(w); |
| s.fill(f); |
| s << 's'; |
| return s.str(); |
| } |
| |
| std::string llkFormat(seconds s) { |
| return std::to_string(s.count()) + 's'; |
| } |
| |
| std::string llkFormat(bool flag) { |
| return flag ? "true" : "false"; |
| } |
| |
| std::string llkFormat(const std::unordered_set<std::string>& blacklist) { |
| std::string ret; |
| for (auto entry : blacklist) { |
| if (ret.size()) { |
| ret += ","; |
| } |
| ret += entry; |
| } |
| return ret; |
| } |
| |
| // We only officially support comma separators, but wetware being what they |
| // are will take some liberty and I do not believe they should be punished. |
| std::unordered_set<std::string> llkSplit(const std::string& s) { |
| std::unordered_set<std::string> result; |
| |
| // Special case, allow boolean false to empty the list, otherwise expected |
| // source of input from android::base::GetProperty will supply the default |
| // value on empty content in the property. |
| if (s == "false") return result; |
| |
| size_t base = 0; |
| while (s.size() > base) { |
| auto found = s.find_first_of(", \t:", base); |
| // Only emplace content, empty entries are not an option |
| if (found != base) result.emplace(s.substr(base, found - base)); |
| if (found == s.npos) break; |
| base = found + 1; |
| } |
| return result; |
| } |
| |
| bool llkSkipName(const std::string& name, |
| const std::unordered_set<std::string>& blacklist = llkBlacklistProcess) { |
| if ((name.size() == 0) || (blacklist.size() == 0)) { |
| return false; |
| } |
| |
| return blacklist.find(name) != blacklist.end(); |
| } |
| |
| bool llkSkipPid(pid_t pid) { |
| return llkSkipName(std::to_string(pid), llkBlacklistProcess); |
| } |
| |
| bool llkSkipPpid(pid_t ppid) { |
| return llkSkipName(std::to_string(ppid), llkBlacklistParent); |
| } |
| |
| bool llkSkipUid(uid_t uid) { |
| // Match by number? |
| if (llkSkipName(std::to_string(uid), llkBlacklistUid)) { |
| return true; |
| } |
| |
| // Match by name? |
| auto pwd = ::getpwuid(uid); |
| return (pwd != nullptr) && __predict_true(pwd->pw_name != nullptr) && |
| __predict_true(pwd->pw_name[0] != '\0') && llkSkipName(pwd->pw_name, llkBlacklistUid); |
| } |
| |
| bool getValidTidDir(dirent* dp, std::string* piddir) { |
| if (!::isdigit(dp->d_name[0])) { |
| return false; |
| } |
| |
| // Corner case can not happen in reality b/c of above ::isdigit check |
| if (__predict_false(dp->d_type != DT_DIR)) { |
| if (__predict_false(dp->d_type == DT_UNKNOWN)) { // can't b/c procfs |
| struct stat st; |
| *piddir = procdir; |
| *piddir += dp->d_name; |
| return (lstat(piddir->c_str(), &st) == 0) && (st.st_mode & S_IFDIR); |
| } |
| return false; |
| } |
| |
| *piddir = procdir; |
| *piddir += dp->d_name; |
| return true; |
| } |
| |
| bool llkIsMonitorState(char state) { |
| return (state == 'Z') || (state == 'D'); |
| } |
| |
| // returns -1 if not found |
| long long getSchedValue(const std::string& schedString, const char* key) { |
| auto pos = schedString.find(key); |
| if (pos == std::string::npos) { |
| return -1; |
| } |
| pos = schedString.find(':', pos); |
| if (__predict_false(pos == std::string::npos)) { |
| return -1; |
| } |
| while ((++pos < schedString.size()) && ::isblank(schedString[pos])) { |
| ; |
| } |
| long long ret; |
| if (!android::base::ParseInt(schedString.substr(pos), &ret, static_cast<long long>(0))) { |
| return -1; |
| } |
| return ret; |
| } |
| |
| #ifdef __PTRACE_ENABLED__ |
| bool llkCheckStack(proc* procp, const std::string& piddir) { |
| if (llkCheckStackSymbols.empty()) return false; |
| if (procp->state == 'Z') { // No brains for Zombies |
| procp->stack = -1; |
| procp->count_stack = 0ms; |
| return false; |
| } |
| |
| // Don't check process that are known to block ptrace, save sepolicy noise. |
| if (llkSkipName(std::to_string(procp->pid), llkBlacklistStack)) return false; |
| if (llkSkipName(procp->getComm(), llkBlacklistStack)) return false; |
| if (llkSkipName(procp->getCmdline(), llkBlacklistStack)) return false; |
| if (llkSkipName(android::base::Basename(procp->getCmdline()), llkBlacklistStack)) return false; |
| |
| auto kernel_stack = ReadFile(piddir + "/stack"); |
| if (kernel_stack.empty()) { |
| LOG(INFO) << piddir << "/stack empty comm=" << procp->getComm() |
| << " cmdline=" << procp->getCmdline(); |
| return false; |
| } |
| // A scheduling incident that should not reset count_stack |
| if (kernel_stack.find(" cpu_worker_pools+0x") != std::string::npos) return false; |
| char idx = -1; |
| char match = -1; |
| for (const auto& stack : llkCheckStackSymbols) { |
| if (++idx < 0) break; |
| if (kernel_stack.find(" "s + stack + "+0x") != std::string::npos) { |
| match = idx; |
| break; |
| } |
| } |
| if (procp->stack != match) { |
| procp->stack = match; |
| procp->count_stack = 0ms; |
| return false; |
| } |
| if (match == char(-1)) return false; |
| procp->count_stack += llkCycle; |
| return procp->count_stack >= llkStateTimeoutMs[llkStateStack]; |
| } |
| #endif |
| |
| // Primary ABA mitigation watching last time schedule activity happened |
| void llkCheckSchedUpdate(proc* procp, const std::string& piddir) { |
| // Audit finds /proc/<tid>/sched is just over 1K, and |
| // is rarely larger than 2K, even less on Android. |
| // For example, the "se.avg.lastUpdateTime" field we are |
| // interested in typically within the primary set in |
| // the first 1K. |
| // |
| // Proc entries can not be read >1K atomically via libbase, |
| // but if there are problems we assume at least a few |
| // samples of reads occur before we take any real action. |
| std::string schedString = ReadFile(piddir + "/sched"); |
| if (schedString.size() == 0) { |
| // /schedstat is not as standardized, but in 3.1+ |
| // Android devices, the third field is nr_switches |
| // from /sched: |
| schedString = ReadFile(piddir + "/schedstat"); |
| if (schedString.size() == 0) { |
| return; |
| } |
| auto val = static_cast<unsigned long long>(-1); |
| if (((::sscanf(schedString.c_str(), "%*d %*d %llu", &val)) == 1) && |
| (val != static_cast<unsigned long long>(-1)) && (val != 0) && |
| (val != procp->nrSwitches)) { |
| procp->nrSwitches = val; |
| procp->count = 0ms; |
| procp->killed = !llkTestWithKill; |
| } |
| return; |
| } |
| |
| auto val = getSchedValue(schedString, "\nse.avg.lastUpdateTime"); |
| if (val == -1) { |
| val = getSchedValue(schedString, "\nse.svg.last_update_time"); |
| } |
| if (val != -1) { |
| auto schedUpdate = nanoseconds(val); |
| if (schedUpdate != procp->schedUpdate) { |
| procp->schedUpdate = schedUpdate; |
| procp->count = 0ms; |
| procp->killed = !llkTestWithKill; |
| } |
| } |
| |
| val = getSchedValue(schedString, "\nnr_switches"); |
| if (val != -1) { |
| if (static_cast<uint64_t>(val) != procp->nrSwitches) { |
| procp->nrSwitches = val; |
| procp->count = 0ms; |
| procp->killed = !llkTestWithKill; |
| } |
| } |
| } |
| |
| void llkLogConfig(void) { |
| LOG(INFO) << "ro.config.low_ram=" << llkFormat(llkLowRam) << "\n" |
| << LLK_ENABLE_PROPERTY "=" << llkFormat(llkEnable) << "\n" |
| << KHT_ENABLE_PROPERTY "=" << llkFormat(khtEnable) << "\n" |
| << LLK_MLOCKALL_PROPERTY "=" << llkFormat(llkMlockall) << "\n" |
| << LLK_KILLTEST_PROPERTY "=" << llkFormat(llkTestWithKill) << "\n" |
| << KHT_TIMEOUT_PROPERTY "=" << llkFormat(khtTimeout) << "\n" |
| << LLK_TIMEOUT_MS_PROPERTY "=" << llkFormat(llkTimeoutMs) << "\n" |
| << LLK_D_TIMEOUT_MS_PROPERTY "=" << llkFormat(llkStateTimeoutMs[llkStateD]) << "\n" |
| << LLK_Z_TIMEOUT_MS_PROPERTY "=" << llkFormat(llkStateTimeoutMs[llkStateZ]) << "\n" |
| #ifdef __PTRACE_ENABLED__ |
| << LLK_STACK_TIMEOUT_MS_PROPERTY "=" << llkFormat(llkStateTimeoutMs[llkStateStack]) |
| << "\n" |
| #endif |
| << LLK_CHECK_MS_PROPERTY "=" << llkFormat(llkCheckMs) << "\n" |
| #ifdef __PTRACE_ENABLED__ |
| << LLK_CHECK_STACK_PROPERTY "=" << llkFormat(llkCheckStackSymbols) << "\n" |
| << LLK_BLACKLIST_STACK_PROPERTY "=" << llkFormat(llkBlacklistStack) << "\n" |
| #endif |
| << LLK_BLACKLIST_PROCESS_PROPERTY "=" << llkFormat(llkBlacklistProcess) << "\n" |
| << LLK_BLACKLIST_PARENT_PROPERTY "=" << llkFormat(llkBlacklistParent) << "\n" |
| << LLK_BLACKLIST_UID_PROPERTY "=" << llkFormat(llkBlacklistUid); |
| } |
| |
| void* llkThread(void* obj) { |
| prctl(PR_SET_DUMPABLE, 0); |
| |
| LOG(INFO) << "started"; |
| |
| std::string name = std::to_string(::gettid()); |
| if (!llkSkipName(name)) { |
| llkBlacklistProcess.emplace(name); |
| } |
| name = static_cast<const char*>(obj); |
| prctl(PR_SET_NAME, name.c_str()); |
| if (__predict_false(!llkSkipName(name))) { |
| llkBlacklistProcess.insert(name); |
| } |
| // No longer modifying llkBlacklistProcess. |
| llkRunning = true; |
| llkLogConfig(); |
| while (llkRunning) { |
| ::usleep(duration_cast<microseconds>(llkCheck(true)).count()); |
| } |
| // NOTREACHED |
| LOG(INFO) << "exiting"; |
| return nullptr; |
| } |
| |
| } // namespace |
| |
| milliseconds llkCheck(bool checkRunning) { |
| if (!llkEnable || (checkRunning != llkRunning)) { |
| return milliseconds::max(); |
| } |
| |
| // Reset internal watchdog, which is a healthy engineering margin of |
| // double the maximum wait or cycle time for the mainloop that calls us. |
| // |
| // This alarm is effectively the live lock detection of llkd, as |
| // we understandably can not monitor ourselves otherwise. |
| ::alarm(duration_cast<seconds>(llkTimeoutMs * 2).count()); |
| |
| // kernel jiffy precision fastest acquisition |
| static timespec last; |
| timespec now; |
| ::clock_gettime(CLOCK_MONOTONIC_COARSE, &now); |
| auto ms = llkGetTimespecDiffMs(&last, &now); |
| if (ms < llkCycle) { |
| return llkCycle - ms; |
| } |
| last = now; |
| |
| LOG(VERBOSE) << "opendir(\"" << procdir << "\")"; |
| if (__predict_false(!llkTopDirectory)) { |
| // gid containing AID_READPROC required |
| llkTopDirectory.reset(procdir); |
| if (__predict_false(!llkTopDirectory)) { |
| // Most likely reason we could be here is a resource limit. |
| // Keep our processing down to a minimum, but not so low that |
| // we do not recover in a timely manner should the issue be |
| // transitory. |
| LOG(DEBUG) << "opendir(\"" << procdir << "\") failed"; |
| return llkTimeoutMs; |
| } |
| } |
| |
| for (auto& it : tids) { |
| it.second.updated = false; |
| } |
| |
| auto prevUpdate = llkUpdate; |
| llkUpdate += ms; |
| ms -= llkCycle; |
| auto myPid = ::getpid(); |
| auto myTid = ::gettid(); |
| for (auto dp = llkTopDirectory.read(); dp != nullptr; dp = llkTopDirectory.read()) { |
| std::string piddir; |
| |
| if (!getValidTidDir(dp, &piddir)) { |
| continue; |
| } |
| |
| // Get the process tasks |
| std::string taskdir = piddir + "/task/"; |
| int pid = -1; |
| LOG(VERBOSE) << "+opendir(\"" << taskdir << "\")"; |
| dir taskDirectory(taskdir); |
| if (__predict_false(!taskDirectory)) { |
| LOG(DEBUG) << "+opendir(\"" << taskdir << "\") failed"; |
| } |
| for (auto tp = taskDirectory.read(dir::task, dp); tp != nullptr; |
| tp = taskDirectory.read(dir::task)) { |
| if (!getValidTidDir(tp, &piddir)) { |
| continue; |
| } |
| |
| // Get the process stat |
| std::string stat = ReadFile(piddir + "/stat"); |
| if (stat.size() == 0) { |
| continue; |
| } |
| unsigned tid = -1; |
| char pdir[TASK_COMM_LEN + 1]; |
| char state = '?'; |
| unsigned ppid = -1; |
| unsigned utime = -1; |
| unsigned stime = -1; |
| int dummy; |
| pdir[0] = '\0'; |
| // tid should not change value |
| auto match = ::sscanf( |
| stat.c_str(), |
| "%u (%" ___STRING( |
| TASK_COMM_LEN) "[^)]) %c %u %*d %*d %*d %*d %*d %*d %*d %*d %*d %u %u %d", |
| &tid, pdir, &state, &ppid, &utime, &stime, &dummy); |
| if (pid == -1) { |
| pid = tid; |
| } |
| LOG(VERBOSE) << "match " << match << ' ' << tid << " (" << pdir << ") " << state << ' ' |
| << ppid << " ... " << utime << ' ' << stime << ' ' << dummy; |
| if (match != 7) { |
| continue; |
| } |
| |
| auto procp = llkTidLookup(tid); |
| if (procp == nullptr) { |
| procp = llkTidAlloc(tid, pid, ppid, pdir, utime + stime, state); |
| } else { |
| // comm can change ... |
| procp->setComm(pdir); |
| procp->updated = true; |
| // pid/ppid/tid wrap? |
| if (((procp->update != prevUpdate) && (procp->update != llkUpdate)) || |
| (procp->ppid != ppid) || (procp->pid != pid)) { |
| procp->reset(); |
| } else if (procp->time != (utime + stime)) { // secondary ABA. |
| // watching utime+stime granularity jiffy |
| procp->state = '?'; |
| } |
| procp->update = llkUpdate; |
| procp->pid = pid; |
| procp->ppid = ppid; |
| procp->time = utime + stime; |
| if (procp->state != state) { |
| procp->count = 0ms; |
| procp->killed = !llkTestWithKill; |
| procp->state = state; |
| } else { |
| procp->count += llkCycle; |
| } |
| } |
| |
| // Filter checks in intuitive order of CPU cost to evaluate |
| // If tid unique continue, if ppid or pid unique break |
| |
| if (pid == myPid) { |
| break; |
| } |
| #ifdef __PTRACE_ENABLED__ |
| // if no stack monitoring, we can quickly exit here |
| if (!llkIsMonitorState(state) && llkCheckStackSymbols.empty()) { |
| continue; |
| } |
| #else |
| if (!llkIsMonitorState(state)) continue; |
| #endif |
| if ((tid == myTid) || llkSkipPid(tid)) { |
| continue; |
| } |
| if (llkSkipPpid(ppid)) { |
| break; |
| } |
| |
| if (llkSkipName(procp->getComm())) { |
| continue; |
| } |
| if (llkSkipName(procp->getCmdline())) { |
| break; |
| } |
| if (llkSkipName(android::base::Basename(procp->getCmdline()))) { |
| break; |
| } |
| |
| auto pprocp = llkTidLookup(ppid); |
| if (pprocp == nullptr) { |
| pprocp = llkTidAlloc(ppid, ppid, 0, "", 0, '?'); |
| } |
| if ((pprocp != nullptr) && |
| (llkSkipName(pprocp->getComm(), llkBlacklistParent) || |
| llkSkipName(pprocp->getCmdline(), llkBlacklistParent) || |
| llkSkipName(android::base::Basename(pprocp->getCmdline()), llkBlacklistParent))) { |
| break; |
| } |
| |
| if ((llkBlacklistUid.size() != 0) && llkSkipUid(procp->getUid())) { |
| continue; |
| } |
| |
| // ABA mitigation watching last time schedule activity happened |
| llkCheckSchedUpdate(procp, piddir); |
| |
| #ifdef __PTRACE_ENABLED__ |
| auto stuck = llkCheckStack(procp, piddir); |
| if (llkIsMonitorState(state)) { |
| if (procp->count >= llkStateTimeoutMs[(state == 'Z') ? llkStateZ : llkStateD]) { |
| stuck = true; |
| } else if (procp->count != 0ms) { |
| LOG(VERBOSE) << state << ' ' << llkFormat(procp->count) << ' ' << ppid << "->" |
| << pid << "->" << tid << ' ' << procp->getComm(); |
| } |
| } |
| if (!stuck) continue; |
| #else |
| if (procp->count >= llkStateTimeoutMs[(state == 'Z') ? llkStateZ : llkStateD]) { |
| if (procp->count != 0ms) { |
| LOG(VERBOSE) << state << ' ' << llkFormat(procp->count) << ' ' << ppid << "->" |
| << pid << "->" << tid << ' ' << procp->getComm(); |
| } |
| continue; |
| } |
| #endif |
| |
| // We have to kill it to determine difference between live lock |
| // and persistent state blocked on a resource. Is there something |
| // wrong with a process that has no forward scheduling progress in |
| // Z or D? Yes, generally means improper accounting in the |
| // process, but not always ... |
| // |
| // Whomever we hit with a test kill must accept the Android |
| // Aphorism that everything can be burned to the ground and |
| // must survive. |
| if (procp->killed == false) { |
| procp->killed = true; |
| // confirm: re-read uid before committing to a panic. |
| procp->uid = -1; |
| switch (state) { |
| case 'Z': // kill ppid to free up a Zombie |
| // Killing init will kernel panic without diagnostics |
| // so skip right to controlled kernel panic with |
| // diagnostics. |
| if (ppid == initPid) { |
| break; |
| } |
| LOG(WARNING) << "Z " << llkFormat(procp->count) << ' ' << ppid << "->" |
| << pid << "->" << tid << ' ' << procp->getComm() << " [kill]"; |
| if ((llkKillOneProcess(pprocp, procp) >= 0) || |
| (llkKillOneProcess(ppid, procp) >= 0)) { |
| continue; |
| } |
| break; |
| |
| case 'D': // kill tid to free up an uninterruptible D |
| // If ABA is doing its job, we would not need or |
| // want the following. Test kill is a Hail Mary |
| // to make absolutely sure there is no forward |
| // scheduling progress. The cost when ABA is |
| // not working is we kill a process that likes to |
| // stay in 'D' state, instead of panicing the |
| // kernel (worse). |
| default: |
| LOG(WARNING) << state << ' ' << llkFormat(procp->count) << ' ' << pid |
| << "->" << tid << ' ' << procp->getComm() << " [kill]"; |
| if ((llkKillOneProcess(llkTidLookup(pid), procp) >= 0) || |
| (llkKillOneProcess(pid, state, tid) >= 0) || |
| (llkKillOneProcess(procp, procp) >= 0) || |
| (llkKillOneProcess(tid, state, tid) >= 0)) { |
| continue; |
| } |
| break; |
| } |
| } |
| // We are here because we have confirmed kernel live-lock |
| LOG(ERROR) << state << ' ' << llkFormat(procp->count) << ' ' << ppid << "->" << pid |
| << "->" << tid << ' ' << procp->getComm() << " [panic]"; |
| llkPanicKernel(true, tid, |
| (state == 'Z') ? "zombie" : (state == 'D') ? "driver" : "sleeping"); |
| } |
| LOG(VERBOSE) << "+closedir()"; |
| } |
| llkTopDirectory.rewind(); |
| LOG(VERBOSE) << "closedir()"; |
| |
| // garbage collection of old process references |
| for (auto p = tids.begin(); p != tids.end();) { |
| if (!p->second.updated) { |
| IF_ALOG(LOG_VERBOSE, LOG_TAG) { |
| std::string ppidCmdline = llkProcGetName(p->second.ppid, nullptr, nullptr); |
| if (ppidCmdline.size()) { |
| ppidCmdline = "(" + ppidCmdline + ")"; |
| } |
| std::string pidCmdline; |
| if (p->second.pid != p->second.tid) { |
| pidCmdline = llkProcGetName(p->second.pid, nullptr, p->second.getCmdline()); |
| if (pidCmdline.size()) { |
| pidCmdline = "(" + pidCmdline + ")"; |
| } |
| } |
| std::string tidCmdline = |
| llkProcGetName(p->second.tid, p->second.getComm(), p->second.getCmdline()); |
| if (tidCmdline.size()) { |
| tidCmdline = "(" + tidCmdline + ")"; |
| } |
| LOG(VERBOSE) << "thread " << p->second.ppid << ppidCmdline << "->" << p->second.pid |
| << pidCmdline << "->" << p->second.tid << tidCmdline << " removed"; |
| } |
| p = tids.erase(p); |
| } else { |
| ++p; |
| } |
| } |
| if (__predict_false(tids.empty())) { |
| llkTopDirectory.reset(); |
| } |
| |
| llkCycle = llkCheckMs; |
| |
| timespec end; |
| ::clock_gettime(CLOCK_MONOTONIC_COARSE, &end); |
| auto milli = llkGetTimespecDiffMs(&now, &end); |
| LOG((milli > 10s) ? ERROR : (milli > 1s) ? WARNING : VERBOSE) << "sample " << llkFormat(milli); |
| |
| // cap to minimum sleep for 1 second since last cycle |
| if (llkCycle < (ms + 1s)) { |
| return 1s; |
| } |
| return llkCycle - ms; |
| } |
| |
| unsigned llkCheckMilliseconds() { |
| return duration_cast<milliseconds>(llkCheck()).count(); |
| } |
| |
| bool llkInit(const char* threadname) { |
| auto debuggable = android::base::GetBoolProperty("ro.debuggable", false); |
| llkLowRam = android::base::GetBoolProperty("ro.config.low_ram", false); |
| if (!LLK_ENABLE_DEFAULT && debuggable) { |
| llkEnable = android::base::GetProperty(LLK_ENABLE_PROPERTY, "eng") == "eng"; |
| khtEnable = android::base::GetProperty(KHT_ENABLE_PROPERTY, "eng") == "eng"; |
| } |
| llkEnable = android::base::GetBoolProperty(LLK_ENABLE_PROPERTY, llkEnable); |
| if (llkEnable && !llkTopDirectory.reset(procdir)) { |
| // Most likely reason we could be here is llkd was started |
| // incorrectly without the readproc permissions. Keep our |
| // processing down to a minimum. |
| llkEnable = false; |
| } |
| khtEnable = android::base::GetBoolProperty(KHT_ENABLE_PROPERTY, khtEnable); |
| llkMlockall = android::base::GetBoolProperty(LLK_MLOCKALL_PROPERTY, llkMlockall); |
| llkTestWithKill = android::base::GetBoolProperty(LLK_KILLTEST_PROPERTY, llkTestWithKill); |
| // if LLK_TIMOUT_MS_PROPERTY was not set, we will use a set |
| // KHT_TIMEOUT_PROPERTY as co-operative guidance for the default value. |
| khtTimeout = GetUintProperty(KHT_TIMEOUT_PROPERTY, khtTimeout); |
| if (khtTimeout == 0s) { |
| khtTimeout = duration_cast<seconds>(llkTimeoutMs * (1 + LLK_CHECKS_PER_TIMEOUT_DEFAULT) / |
| LLK_CHECKS_PER_TIMEOUT_DEFAULT); |
| } |
| llkTimeoutMs = |
| khtTimeout * LLK_CHECKS_PER_TIMEOUT_DEFAULT / (1 + LLK_CHECKS_PER_TIMEOUT_DEFAULT); |
| llkTimeoutMs = GetUintProperty(LLK_TIMEOUT_MS_PROPERTY, llkTimeoutMs); |
| llkValidate(); // validate llkTimeoutMs, llkCheckMs and llkCycle |
| llkStateTimeoutMs[llkStateD] = GetUintProperty(LLK_D_TIMEOUT_MS_PROPERTY, llkTimeoutMs); |
| llkStateTimeoutMs[llkStateZ] = GetUintProperty(LLK_Z_TIMEOUT_MS_PROPERTY, llkTimeoutMs); |
| #ifdef __PTRACE_ENABLED__ |
| llkStateTimeoutMs[llkStateStack] = GetUintProperty(LLK_STACK_TIMEOUT_MS_PROPERTY, llkTimeoutMs); |
| #endif |
| llkCheckMs = GetUintProperty(LLK_CHECK_MS_PROPERTY, llkCheckMs); |
| llkValidate(); // validate all (effectively minus llkTimeoutMs) |
| #ifdef __PTRACE_ENABLED__ |
| if (debuggable) { |
| llkCheckStackSymbols = llkSplit( |
| android::base::GetProperty(LLK_CHECK_STACK_PROPERTY, LLK_CHECK_STACK_DEFAULT)); |
| } |
| std::string defaultBlacklistStack(LLK_BLACKLIST_STACK_DEFAULT); |
| if (!debuggable) defaultBlacklistStack += ",logd,/system/bin/logd"; |
| llkBlacklistStack = llkSplit( |
| android::base::GetProperty(LLK_BLACKLIST_STACK_PROPERTY, defaultBlacklistStack)); |
| #endif |
| std::string defaultBlacklistProcess( |
| std::to_string(kernelPid) + "," + std::to_string(initPid) + "," + |
| std::to_string(kthreaddPid) + "," + std::to_string(::getpid()) + "," + |
| std::to_string(::gettid()) + "," LLK_BLACKLIST_PROCESS_DEFAULT); |
| if (threadname) { |
| defaultBlacklistProcess += ","s + threadname; |
| } |
| for (int cpu = 1; cpu < get_nprocs_conf(); ++cpu) { |
| defaultBlacklistProcess += ",[watchdog/" + std::to_string(cpu) + "]"; |
| } |
| defaultBlacklistProcess = |
| android::base::GetProperty(LLK_BLACKLIST_PROCESS_PROPERTY, defaultBlacklistProcess); |
| llkBlacklistProcess = llkSplit(defaultBlacklistProcess); |
| if (!llkSkipName("[khungtaskd]")) { // ALWAYS ignore as special |
| llkBlacklistProcess.emplace("[khungtaskd]"); |
| } |
| llkBlacklistParent = llkSplit(android::base::GetProperty( |
| LLK_BLACKLIST_PARENT_PROPERTY, std::to_string(kernelPid) + "," + std::to_string(kthreaddPid) + |
| "," LLK_BLACKLIST_PARENT_DEFAULT)); |
| llkBlacklistUid = |
| llkSplit(android::base::GetProperty(LLK_BLACKLIST_UID_PROPERTY, LLK_BLACKLIST_UID_DEFAULT)); |
| |
| // internal watchdog |
| ::signal(SIGALRM, llkAlarmHandler); |
| |
| // kernel hung task configuration? Otherwise leave it as-is |
| if (khtEnable) { |
| // EUID must be AID_ROOT to write to /proc/sys/kernel/ nodes, there |
| // are no capability overrides. For security reasons we do not want |
| // to run as AID_ROOT. We may not be able to write them successfully, |
| // we will try, but the least we can do is read the values back to |
| // confirm expectations and report whether configured or not. |
| auto configured = llkWriteStringToFileConfirm(std::to_string(khtTimeout.count()), |
| "/proc/sys/kernel/hung_task_timeout_secs"); |
| if (configured) { |
| llkWriteStringToFile("65535", "/proc/sys/kernel/hung_task_warnings"); |
| llkWriteStringToFile("65535", "/proc/sys/kernel/hung_task_check_count"); |
| configured = llkWriteStringToFileConfirm("1", "/proc/sys/kernel/hung_task_panic"); |
| } |
| if (configured) { |
| LOG(INFO) << "[khungtaskd] configured"; |
| } else { |
| LOG(WARNING) << "[khungtaskd] not configurable"; |
| } |
| } |
| |
| bool logConfig = true; |
| if (llkEnable) { |
| if (llkMlockall && |
| // MCL_ONFAULT pins pages as they fault instead of loading |
| // everything immediately all at once. (Which would be bad, |
| // because as of this writing, we have a lot of mapped pages we |
| // never use.) Old kernels will see MCL_ONFAULT and fail with |
| // EINVAL; we ignore this failure. |
| // |
| // N.B. read the man page for mlockall. MCL_CURRENT | MCL_ONFAULT |
| // pins ⊆ MCL_CURRENT, converging to just MCL_CURRENT as we fault |
| // in pages. |
| |
| // CAP_IPC_LOCK required |
| mlockall(MCL_CURRENT | MCL_FUTURE | MCL_ONFAULT) && (errno != EINVAL)) { |
| PLOG(WARNING) << "mlockall failed "; |
| } |
| |
| if (threadname) { |
| pthread_attr_t attr; |
| |
| if (!pthread_attr_init(&attr)) { |
| sched_param param; |
| |
| memset(¶m, 0, sizeof(param)); |
| pthread_attr_setschedparam(&attr, ¶m); |
| pthread_attr_setschedpolicy(&attr, SCHED_BATCH); |
| if (!pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED)) { |
| pthread_t thread; |
| if (!pthread_create(&thread, &attr, llkThread, const_cast<char*>(threadname))) { |
| // wait a second for thread to start |
| for (auto retry = 50; retry && !llkRunning; --retry) { |
| ::usleep(20000); |
| } |
| logConfig = !llkRunning; // printed in llkd context? |
| } else { |
| LOG(ERROR) << "failed to spawn llkd thread"; |
| } |
| } else { |
| LOG(ERROR) << "failed to detach llkd thread"; |
| } |
| pthread_attr_destroy(&attr); |
| } else { |
| LOG(ERROR) << "failed to allocate attibutes for llkd thread"; |
| } |
| } |
| } else { |
| LOG(DEBUG) << "[khungtaskd] left unconfigured"; |
| } |
| if (logConfig) { |
| llkLogConfig(); |
| } |
| |
| return llkEnable; |
| } |