6. 6
Crash Client - Samsung’s crash-work-sdk
• Crash process flow
Stage 1: in sys-assert.c (libsys-assert.so)
-> int sig_to_handle[] = { SIGILL, SIGABRT, SIGBUS, SIGFPE, SIGSEGV, };
-> sighandler notify system_server via /opt/share/crash/curbs.log pipeline.
Stage 2: in ss_bs.c (system-server)
-> ecore_file_monitor_add(CRASH_NOTI_PATH,(void *) __crash_file_cb, NULL);
-> __crash_file_cb:
-> launch_crash_worker()
......
launch /usr/bin/crash-worker to generate cs file
launch /usr/apps/org.tizen.crash-popup/bin/crash-popup to popup crash (only 1st)
7. 7
Crash Client - Samsung’s crash-work-sdk
• Crash process flow
Breakpoint 1, launch_app_with_nice (file=0xb46017b0 "/usr/bin/crash-worker", argv=0xbfe52624, pid=0x0, _nice=0)
at /usr/src/debug/system-server-0.1.65/ss_launch.c:140
140 {
(gdb) bt
#0 launch_app_with_nice (file=0xb46017b0 "/usr/bin/crash-worker",
argv=0xbfe52624, pid=0x0, _nice=0)
at /usr/src/debug/system-server-0.1.65/ss_launch.c:140
#1 0x0804d3c9 in launch_app_cmd_with_nice (
cmdline=0xb4601758 "/usr/bin/crash-worker S top 391655492 913 top",
_nice=0) at /usr/src/debug/system-server-0.1.65/ss_launch.c:196
#2 0x0804d744 in ss_launch_evenif_exist (
execpath=0x8060e71 "/usr/bin/crash-worker",
arg=0xbfe53d16 "S top 391655492 913 top")
at /usr/src/debug/system-server-0.1.65/ss_launch.c:289
#3 0x08058b73 in launch_crash_worker (
filename=0xbfe5823c "/opt/share/crash/curbs.log", popup_on=1)
at /usr/src/debug/system-server-0.1.65/ss_bs.c:327
#4 0x08058d47 in __crash_file_cb (data=0x0, em=0x8dabb10,
event=ECORE_FILE_EVENT_MODIFIED,
path=0xbfe5823c "/opt/share/crash/curbs.log")
at /usr/src/debug/system-server-0.1.65/ss_bs.c:374
#5 0xb782f345 in _ecore_file_monitor_inotify_handler ()
from /usr/lib/libecore_file.so.1
#6 0xb7840e5c in _ecore_main_loop_iterate_internal ()
from /usr/lib/libecore.so.1
#7 0xb784141f in ecore_main_loop_begin () from /usr/lib/libecore.so.1
#8 0x0804bd95 in system_main (argc=1, argv=0xbfe59404)
---Type <return> to continue, or q <return> to quit---
at /usr/src/debug/system-server-0.1.65/ss_main.c:102
#9 0x0804bdf1 in elm_main (argc=1, argv=0xbfe59404)
at /usr/src/debug/system-server-0.1.65/ss_main.c:112
#10 0x0804be4e in main (argc=1, argv=0xbfe59404)
at /usr/src/debug/system-server-0.1.65/ss_main.c:119
12. 12
Crash Client - Intel’s corewatcher
• Mechanism.
• How to upload crashes to server.
• Crash report file: /var/lib/corewatcher/processed/*.txt.
13. 13
Crash Client - Intel’s corewatcher
• Mechanism.
• Corewatcher as daemon
• Listen to /var/lib/corewatcher/
• When crash comes, invoke gdb to analysis
• Upload crashes to CrashDB server
• Environment about corewatcher
• /proc/sys/kernel/core_pattern=/var/lib/corewatcher/core_%e_%t
• core_uses_pid=1
bt full
info shared
14. 14
Crash Client - Intel’s corewatcher
• CrashDB server: https://tz.otcshare.org/crashdb/
• How to upload crash to server
• WWLAN(3G/2G)
• WiFi/SED
• crash_submit: http://otcqa.sh.intel.com/wiki/Crash_Submit
Even though tz.otcshare.org has security restriction(403 forbidden outside of
Intel), crash submit is allowed.
15. 15
Crash Client - Intel’s corewatcher
• Crash report path: /var/lib/corewatcher/processed/*.txt
• Crash report content(without debug info):
cmdline: /usr/bin/mate-calc
version: 2.1.0
backtrace: |
#0 0x00007fd494c2db41 in g_logv () from /usr/lib64/libglib-2.0.so.0
#0 0x00007fd494c2db41 in g_logv () from /usr/lib64/libglib-2.0.so.0
#1 0x00007fd494c2dcfd in g_log () from /usr/lib64/libglib-2.0.so.0
#2 0x00007fd4959a10ee in g_settings_set_property () from /usr/lib64/libgio-2.0.so.0
#3 0x00007fd4956ae098 in g_object_constructor () from /usr/lib64/libgobject-2.0.so.0
#4 0x00007fd4956af562 in g_object_newv () from /usr/lib64/libgobject-2.0.so.0
26. 26
Crash Server – Guilty Function Location
https://bugs.tizen.org/jira/browse/TIVI-649
'Security-server has closed unexpectedly' popped up when playing videos or launching clock
(gdb) bt
#0 0xb4e9c999 in vfprintf () from /lib/libc.so.6
#1 0xb4f3e7b4 in __vsnprintf_chk () from /lib/libc.so.6
#2 0xb5560c00 in __dlog_print () from /usr/lib/libdlog.so.0
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
#4 0x08103b7e in security_server_thread (param=0xb451519c) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:923
#5 0xb554be19 in start_thread () from /lib/libpthread.so.0 #6 0xb4f2affe in clone () from
/lib/libc.so.6
27. 27
Crash Server – Guilty Function Location
https://bugs.tizen.org/jira/browse/TIVI-649
'Security-server has closed unexpectedly' popped up when playing videos or launching clock
(gdb) bt
#0 0xb4e9c999 in vfprintf () from /lib/libc.so.6
#1 0xb4f3e7b4 in __vsnprintf_chk () from /lib/libc.so.6
#2 0xb5560c00 in __dlog_print () from /usr/lib/libdlog.so.0
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
#4 0x08103b7e in security_server_thread (param=0xb451519c) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:923
#5 0xb554be19 in start_thread () from /lib/libpthread.so.0 #6 0xb4f2affe in clone () from
/lib/libc.so.6
28. 28
Crash Server – Guilty Function Location
https://bugs.tizen.org/jira/browse/TIVI-649
'Security-server has closed unexpectedly' popped up when playing videos or launching clock
(gdb) bt
#0 0xb4e9c999 in vfprintf () from /lib/libc.so.6
#1 0xb4f3e7b4 in __vsnprintf_chk () from /lib/libc.so.6
#2 0xb5560c00 in __dlog_print () from /usr/lib/libdlog.so.0
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
#4 0x08103b7e in security_server_thread (param=0xb451519c) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:923
#5 0xb554be19 in start_thread () from /lib/libpthread.so.0 #6 0xb4f2affe in clone () from
/lib/libc.so.6
Guilty Function
29. 29
Crash Server – Guilty Function Location
(gdb) f 3
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
367 SEC_SVR_DBG("Server: Cookie created for client PID %d LABEL >%s<",
(gdb) p created_cookie->smack_label
$2 = 0x1777 <Address 0x1777 out of bounds> (gdb) p *created_cookie $4 = {cookie =
"270217{257354063221 e筗Y370230~021024004244", path_len = 49, permission_len = 90, pid =
1562, path = 0x85e0ba8 "/usr/apps/org.tizen.video-player/bin/video-player", permissions = 0x85b6168,
smack_label = 0x1777 <Address 0x1777 out of bounds>, prev = 0x8589190, next = 0x0}
30. 30
Crash Server – Guilty Function Location
https://bugs.tizen.org/jira/browse/TIVI-649
'Security-server has closed unexpectedly' popped up when playing videos or launching clock
(gdb) bt
#0 0xb4e9c999 in vfprintf () from /lib/libc.so.6
#1 0xb4f3e7b4 in __vsnprintf_chk () from /lib/libc.so.6
#2 0xb5560c00 in __dlog_print () from /usr/lib/libdlog.so.0
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
#4 0x08103b7e in security_server_thread (param=0xb451519c) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:923
#5 0xb554be19 in start_thread () from /lib/libpthread.so.0 #6 0xb4f2affe in clone () from
/lib/libc.so.6
White list
• /lib/libc.so.6
• /usr/lib/libdlog.so.0
31. 31
Crash Server – Guilty Function Location
https://bugs.tizen.org/jira/browse/TIVI-649
'Security-server has closed unexpectedly' popped up when playing videos or launching clock
(gdb) bt
#0 0xb4e9c999 in vfprintf () from /lib/libc.so.6
#1 0xb4f3e7b4 in __vsnprintf_chk () from /lib/libc.so.6
#2 0xb5560c00 in __dlog_print () from /usr/lib/libdlog.so.0
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
#4 0x08103b7e in security_server_thread (param=0xb451519c) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:923
#5 0xb554be19 in start_thread () from /lib/libpthread.so.0 #6 0xb4f2affe in clone () from
/lib/libc.so.6
White list
• /lib/libc.so.6
• /usr/lib/libdlog.so.0
Guilty Function