android: initialize signal dispositions

Bionic installs signal handlers which request crash
dumps from Android's debuggerd, but there are errors
in how signals which aren't automatically re-raised
are handled on Marshmallow (API 23).

Before requesting a dump, Bionic acquires a lock to
communicate with debuggerd and expecting imminent
death, never releases it.

While handling the dump request, debuggerd allows
the dying process to continue before
ptrace-detaching it. So, when Bionic manually
re-raises a signal, it is intercepted by debuggerd
and the dying process is allowed to live.

Bionic restores SIG_DFL for the signal it's just
handled, but if a different crash signal is later
recieved, Bionic attempts to reacquire the lock to
communicate with debuggerd and blocks forever.

Disable Bionic's signal handlers for these signals
on Marshmallow.

Bug: chromium:1050178
Change-Id: Ia1fc5a24161a95931684d092ba8fee2f0dfbbdbb
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2134513
Reviewed-by: Mark Mentovai <mark@chromium.org>

test/BUILD.gn

@@ -245,6 +245,9 @@ static_library("gmock_main") {
     "../third_party/mini_chromium:base",
     "../third_party/mini_chromium:base_test_support",
   ]
+  if (crashpad_is_android) {
+    deps += [ "../util" ]
+  }
   if (crashpad_is_ios) {
     deps += [ "ios:google_test_setup" ]
   }
@@ -261,6 +264,9 @@ static_library("gtest_main") {
     "../third_party/mini_chromium:base",
     "../third_party/mini_chromium:base_test_support",
   ]
+  if (crashpad_is_android) {
+    deps += [ "../util" ]
+  }
   if (crashpad_is_ios) {
     deps += [ "ios:google_test_setup" ]
   }

test/gtest_main.cc

@@ -21,6 +21,10 @@
 #include "gmock/gmock.h"
 #endif  // CRASHPAD_TEST_LAUNCHER_GMOCK
 
+#if defined(OS_ANDROID)
+#include "util/linux/initial_signal_dispositions.h"
+#endif  // OS_ANDROID
+
 #if defined(OS_IOS)
 #include "test/ios/google_test_setup.h"
 #endif
@@ -55,6 +59,10 @@ bool GetChildTestFunctionName(std::string* child_func_name) {
 }  // namespace
 
 int main(int argc, char* argv[]) {
+#if defined(OS_ANDROID)
+  crashpad::InitializeSignalDispositions();
+#endif  // OS_ANDROID
+
   crashpad::test::InitializeMainArguments(argc, argv);
 
 #if !defined(OS_IOS)

util/BUILD.gn

@@ -324,6 +324,13 @@ static_library("util") {
     }
   }
 
+  if (crashpad_is_android) {
+    sources += [
+      "linux/initial_signal_dispositions.cc",
+      "linux/initial_signal_dispositions.h",
+    ]
+  }
+
   if (crashpad_is_linux || crashpad_is_android) {
     sources += [
       "linux/address_types.h",

util/linux/initial_signal_dispositions.cc

@@ -0,0 +1,78 @@
+// Copyright 2020 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "util/linux/initial_signal_dispositions.h"
+
+#include <android/api-level.h>
+#include <signal.h>
+
+#include "base/logging.h"
+#include "build/build_config.h"
+
+#if __ANDROID_API__ <= 23
+
+namespace crashpad {
+namespace {
+bool LoggingSignal(int signum, sighandler_t handler) {
+  sighandler_t previous = signal(signum, handler);
+  PLOG_IF(ERROR, previous == SIG_ERR) << "signal " << signum;
+  return previous != SIG_ERR;
+}
+}  // namespace
+
+#endif  // __ANDROID_API__ <= 23
+
+bool InitializeSignalDispositions() {
+#if __ANDROID_API__ <= 23
+  const int api_level = android_get_device_api_level();
+  if (api_level < 0) {
+    LOG(WARNING) << "bad api level";
+    return false;
+  }
+
+  // Bionic installs signal handlers which request crash dumps from Android's
+  // debuggerd, but there are errors in how signals which aren't automatically
+  // re-raised are handled on Marshmallow (API 23).
+  //
+  // Before requesting a dump, Bionic acquires a lock to communicate with
+  // debuggerd and expecting imminent death, never releases it.
+  //
+  // While handling the dump request, debuggerd allows the dying process to
+  // continue before ptrace-detaching it. So, when Bionic manually re-raises a
+  // signal, it is intercepted by debuggerd and the dying process is allowed to
+  // live.
+  //
+  // Bionic restores SIG_DFL for the signal it's just handled, but if a
+  // different crash signal is later recieved, Bionic attempts to reacquire the
+  // lock to communicate with debuggerd and blocks forever.
+  //
+  // Disable Bionic's signal handlers for these signals on Marshmallow.
+  bool success = true;
+  if (api_level == 23) {
+    success = LoggingSignal(SIGABRT, SIG_DFL);
+    success = LoggingSignal(SIGFPE, SIG_DFL) && success;
+    success = LoggingSignal(SIGPIPE, SIG_DFL) && success;
+#if defined(SIGSTKFLT)
+    success = LoggingSignal(SIGSTKFLT, SIG_DFL) && success;
+#endif
+    success = LoggingSignal(SIGTRAP, SIG_DFL) && success;
+  }
+
+  return success;
+#else
+  return true;
+#endif  // __ANDROID_API__ <= 23
+}
+
+}  // namespace crashpad

util/linux/initial_signal_dispositions.h

@@ -0,0 +1,41 @@
+// Copyright 2020 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef CRASHPAD_UTIL_LINUX_INITIAL_SIGNAL_DISPOSITIONS_H
+#define CRASHPAD_UTIL_LINUX_INITIAL_SIGNAL_DISPOSITIONS_H
+
+namespace crashpad {
+
+//! \brief Establishes signal dispositions for a process based on the platform.
+//!
+//! Default signal dispositions are normally configured by the kernel, but
+//! additional signal handlers might be installed by dependent or preloaded
+//! libraries, e.g. Bionic normally installs signal handlers which log stack
+//! traces to Android's logcat.
+//!
+//! This function initializes signal dispositions when the default dispositions
+//! provided by the platform are broken. This function must be called before any
+//! application level signal handlers have been installed and should be called
+//! early in the process lifetime to reduce the chance of any broken signal
+//! handlers being triggered.
+//!
+//! When running on Android M (API 23), this function installs `SIG_DFL` for
+//! signals: `SIGABRT`, `SIGFPE`, `SIGPIPE`, `SIGSTKFLT`, and `SIGTRAP`.
+//!
+//! \return `true` on success. Otherwise `false` with a message logged.
+bool InitializeSignalDispositions();
+
+}  // namespace crashpad
+
+#endif  // CRASHPAD_UTIL_LINUX_INITIAL_SIGNAL_DISPOSITIONS_H

util/util.gyp

@@ -67,6 +67,8 @@
         'linux/exception_handler_protocol.cc',
         'linux/exception_handler_protocol.h',
         'linux/exception_information.h',
+        'linux/initial_signal_dispositions.cc',
+        'linux/initial_signal_dispositions.h',
         'linux/memory_map.cc',
         'linux/memory_map.h',
         'linux/proc_stat_reader.cc',