win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
// Copyright 2015 The Crashpad Authors. All rights reserved.
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
#include "util/win/exception_handler_server.h"
|
|
|
|
|
2016-01-06 12:22:50 -05:00
|
|
|
#include <stdint.h>
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
#include <string.h>
|
2016-01-06 12:22:50 -05:00
|
|
|
#include <sys/types.h>
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
|
2015-12-09 17:36:32 -05:00
|
|
|
#include <utility>
|
|
|
|
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
#include "base/logging.h"
|
2015-09-21 10:51:15 -07:00
|
|
|
#include "base/numerics/safe_conversions.h"
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
#include "base/rand_util.h"
|
|
|
|
#include "base/strings/stringprintf.h"
|
|
|
|
#include "base/strings/utf_string_conversions.h"
|
|
|
|
#include "minidump/minidump_file_writer.h"
|
|
|
|
#include "snapshot/crashpad_info_client_options.h"
|
|
|
|
#include "snapshot/win/process_snapshot_win.h"
|
|
|
|
#include "util/file/file_writer.h"
|
|
|
|
#include "util/misc/tri_state.h"
|
|
|
|
#include "util/misc/uuid.h"
|
2015-10-19 14:32:07 -04:00
|
|
|
#include "util/win/get_function.h"
|
2015-11-05 14:00:26 -05:00
|
|
|
#include "util/win/handle.h"
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
#include "util/win/registration_protocol_win.h"
|
2015-09-11 13:16:06 -07:00
|
|
|
#include "util/win/xp_compat.h"
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
|
|
|
|
namespace crashpad {
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
|
|
|
|
decltype(GetNamedPipeClientProcessId)* GetNamedPipeClientProcessIdFunction() {
|
2015-10-19 14:32:07 -04:00
|
|
|
static const auto get_named_pipe_client_process_id =
|
|
|
|
GET_FUNCTION(L"kernel32.dll", ::GetNamedPipeClientProcessId);
|
|
|
|
return get_named_pipe_client_process_id;
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
HANDLE DuplicateEvent(HANDLE process, HANDLE event) {
|
|
|
|
HANDLE handle;
|
|
|
|
if (DuplicateHandle(GetCurrentProcess(),
|
|
|
|
event,
|
|
|
|
process,
|
|
|
|
&handle,
|
|
|
|
SYNCHRONIZE | EVENT_MODIFY_STATE,
|
|
|
|
false,
|
|
|
|
0)) {
|
|
|
|
return handle;
|
|
|
|
}
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
namespace internal {
|
|
|
|
|
|
|
|
//! \brief Context information for the named pipe handler threads.
|
|
|
|
class PipeServiceContext {
|
|
|
|
public:
|
|
|
|
PipeServiceContext(HANDLE port,
|
|
|
|
HANDLE pipe,
|
|
|
|
ExceptionHandlerServer::Delegate* delegate,
|
|
|
|
base::Lock* clients_lock,
|
|
|
|
std::set<internal::ClientData*>* clients,
|
|
|
|
uint64_t shutdown_token)
|
|
|
|
: port_(port),
|
|
|
|
pipe_(pipe),
|
|
|
|
delegate_(delegate),
|
|
|
|
clients_lock_(clients_lock),
|
|
|
|
clients_(clients),
|
|
|
|
shutdown_token_(shutdown_token) {}
|
|
|
|
|
|
|
|
HANDLE port() const { return port_; }
|
|
|
|
HANDLE pipe() const { return pipe_.get(); }
|
|
|
|
ExceptionHandlerServer::Delegate* delegate() const { return delegate_; }
|
|
|
|
base::Lock* clients_lock() const { return clients_lock_; }
|
|
|
|
std::set<internal::ClientData*>* clients() const { return clients_; }
|
|
|
|
uint64_t shutdown_token() const { return shutdown_token_; }
|
|
|
|
|
|
|
|
private:
|
|
|
|
HANDLE port_; // weak
|
|
|
|
ScopedKernelHANDLE pipe_;
|
|
|
|
ExceptionHandlerServer::Delegate* delegate_; // weak
|
|
|
|
base::Lock* clients_lock_; // weak
|
|
|
|
std::set<internal::ClientData*>* clients_; // weak
|
|
|
|
uint64_t shutdown_token_;
|
|
|
|
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(PipeServiceContext);
|
|
|
|
};
|
|
|
|
|
|
|
|
//! \brief The context data for registered threadpool waits.
|
|
|
|
//!
|
|
|
|
//! This object must be created and destroyed on the main thread. Access must be
|
|
|
|
//! guarded by use of the lock() with the exception of the threadpool wait
|
|
|
|
//! variables which are accessed only by the main thread.
|
|
|
|
class ClientData {
|
|
|
|
public:
|
|
|
|
ClientData(HANDLE port,
|
|
|
|
ExceptionHandlerServer::Delegate* delegate,
|
|
|
|
ScopedKernelHANDLE process,
|
2016-10-21 13:08:18 -07:00
|
|
|
ScopedKernelHANDLE crash_dump_requested_event,
|
|
|
|
ScopedKernelHANDLE non_crash_dump_requested_event,
|
|
|
|
ScopedKernelHANDLE non_crash_dump_completed_event,
|
2015-09-25 13:45:32 -07:00
|
|
|
WinVMAddress crash_exception_information_address,
|
|
|
|
WinVMAddress non_crash_exception_information_address,
|
2015-10-15 13:18:08 -07:00
|
|
|
WinVMAddress debug_critical_section_address,
|
2015-09-25 13:45:32 -07:00
|
|
|
WAITORTIMERCALLBACK crash_dump_request_callback,
|
|
|
|
WAITORTIMERCALLBACK non_crash_dump_request_callback,
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
WAITORTIMERCALLBACK process_end_callback)
|
2015-09-25 13:45:32 -07:00
|
|
|
: crash_dump_request_thread_pool_wait_(INVALID_HANDLE_VALUE),
|
|
|
|
non_crash_dump_request_thread_pool_wait_(INVALID_HANDLE_VALUE),
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
process_end_thread_pool_wait_(INVALID_HANDLE_VALUE),
|
|
|
|
lock_(),
|
|
|
|
port_(port),
|
|
|
|
delegate_(delegate),
|
2016-10-21 13:08:18 -07:00
|
|
|
crash_dump_requested_event_(std::move(crash_dump_requested_event)),
|
2015-09-25 13:45:32 -07:00
|
|
|
non_crash_dump_requested_event_(
|
2016-10-21 13:08:18 -07:00
|
|
|
std::move(non_crash_dump_requested_event)),
|
2015-09-25 13:45:32 -07:00
|
|
|
non_crash_dump_completed_event_(
|
2016-10-21 13:08:18 -07:00
|
|
|
std::move(non_crash_dump_completed_event)),
|
2015-12-09 17:36:32 -05:00
|
|
|
process_(std::move(process)),
|
2015-09-25 13:45:32 -07:00
|
|
|
crash_exception_information_address_(
|
|
|
|
crash_exception_information_address),
|
|
|
|
non_crash_exception_information_address_(
|
2015-10-15 13:18:08 -07:00
|
|
|
non_crash_exception_information_address),
|
|
|
|
debug_critical_section_address_(debug_critical_section_address) {
|
2015-09-25 13:45:32 -07:00
|
|
|
RegisterThreadPoolWaits(crash_dump_request_callback,
|
|
|
|
non_crash_dump_request_callback,
|
|
|
|
process_end_callback);
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
~ClientData() {
|
|
|
|
// It is important that this only access the threadpool waits (it's called
|
|
|
|
// from the main thread) until the waits are unregistered, to ensure that
|
|
|
|
// any outstanding callbacks are complete.
|
|
|
|
UnregisterThreadPoolWaits();
|
|
|
|
}
|
|
|
|
|
|
|
|
base::Lock* lock() { return &lock_; }
|
|
|
|
HANDLE port() const { return port_; }
|
|
|
|
ExceptionHandlerServer::Delegate* delegate() const { return delegate_; }
|
2015-09-25 13:45:32 -07:00
|
|
|
HANDLE crash_dump_requested_event() const {
|
|
|
|
return crash_dump_requested_event_.get();
|
|
|
|
}
|
|
|
|
HANDLE non_crash_dump_requested_event() const {
|
|
|
|
return non_crash_dump_requested_event_.get();
|
|
|
|
}
|
|
|
|
HANDLE non_crash_dump_completed_event() const {
|
|
|
|
return non_crash_dump_completed_event_.get();
|
|
|
|
}
|
|
|
|
WinVMAddress crash_exception_information_address() const {
|
|
|
|
return crash_exception_information_address_;
|
|
|
|
}
|
|
|
|
WinVMAddress non_crash_exception_information_address() const {
|
|
|
|
return non_crash_exception_information_address_;
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
}
|
2015-10-15 13:18:08 -07:00
|
|
|
WinVMAddress debug_critical_section_address() const {
|
|
|
|
return debug_critical_section_address_;
|
|
|
|
}
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
HANDLE process() const { return process_.get(); }
|
|
|
|
|
|
|
|
private:
|
2015-09-25 13:45:32 -07:00
|
|
|
void RegisterThreadPoolWaits(
|
|
|
|
WAITORTIMERCALLBACK crash_dump_request_callback,
|
|
|
|
WAITORTIMERCALLBACK non_crash_dump_request_callback,
|
|
|
|
WAITORTIMERCALLBACK process_end_callback) {
|
|
|
|
if (!RegisterWaitForSingleObject(&crash_dump_request_thread_pool_wait_,
|
|
|
|
crash_dump_requested_event_.get(),
|
|
|
|
crash_dump_request_callback,
|
|
|
|
this,
|
|
|
|
INFINITE,
|
|
|
|
WT_EXECUTEDEFAULT)) {
|
|
|
|
LOG(ERROR) << "RegisterWaitForSingleObject crash dump requested";
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!RegisterWaitForSingleObject(&non_crash_dump_request_thread_pool_wait_,
|
|
|
|
non_crash_dump_requested_event_.get(),
|
|
|
|
non_crash_dump_request_callback,
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
this,
|
|
|
|
INFINITE,
|
|
|
|
WT_EXECUTEDEFAULT)) {
|
2015-09-25 13:45:32 -07:00
|
|
|
LOG(ERROR) << "RegisterWaitForSingleObject non-crash dump requested";
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!RegisterWaitForSingleObject(&process_end_thread_pool_wait_,
|
|
|
|
process_.get(),
|
|
|
|
process_end_callback,
|
|
|
|
this,
|
|
|
|
INFINITE,
|
|
|
|
WT_EXECUTEONLYONCE)) {
|
|
|
|
LOG(ERROR) << "RegisterWaitForSingleObject process end";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// This blocks until outstanding calls complete so that we know it's safe to
|
|
|
|
// delete this object. Because of this, it must be executed on the main
|
|
|
|
// thread, not a threadpool thread.
|
|
|
|
void UnregisterThreadPoolWaits() {
|
2015-09-25 13:45:32 -07:00
|
|
|
UnregisterWaitEx(crash_dump_request_thread_pool_wait_,
|
|
|
|
INVALID_HANDLE_VALUE);
|
|
|
|
crash_dump_request_thread_pool_wait_ = INVALID_HANDLE_VALUE;
|
|
|
|
UnregisterWaitEx(non_crash_dump_request_thread_pool_wait_,
|
|
|
|
INVALID_HANDLE_VALUE);
|
|
|
|
non_crash_dump_request_thread_pool_wait_ = INVALID_HANDLE_VALUE;
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
UnregisterWaitEx(process_end_thread_pool_wait_, INVALID_HANDLE_VALUE);
|
|
|
|
process_end_thread_pool_wait_ = INVALID_HANDLE_VALUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
// These are only accessed on the main thread.
|
2015-09-25 13:45:32 -07:00
|
|
|
HANDLE crash_dump_request_thread_pool_wait_;
|
|
|
|
HANDLE non_crash_dump_request_thread_pool_wait_;
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
HANDLE process_end_thread_pool_wait_;
|
|
|
|
|
|
|
|
base::Lock lock_;
|
|
|
|
// Access to these fields must be guarded by lock_.
|
|
|
|
HANDLE port_; // weak
|
|
|
|
ExceptionHandlerServer::Delegate* delegate_; // weak
|
2015-09-25 13:45:32 -07:00
|
|
|
ScopedKernelHANDLE crash_dump_requested_event_;
|
|
|
|
ScopedKernelHANDLE non_crash_dump_requested_event_;
|
|
|
|
ScopedKernelHANDLE non_crash_dump_completed_event_;
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
ScopedKernelHANDLE process_;
|
2015-09-25 13:45:32 -07:00
|
|
|
WinVMAddress crash_exception_information_address_;
|
|
|
|
WinVMAddress non_crash_exception_information_address_;
|
2015-10-15 13:18:08 -07:00
|
|
|
WinVMAddress debug_critical_section_address_;
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(ClientData);
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace internal
|
|
|
|
|
|
|
|
ExceptionHandlerServer::Delegate::~Delegate() {
|
|
|
|
}
|
|
|
|
|
2015-11-03 19:26:18 -05:00
|
|
|
ExceptionHandlerServer::ExceptionHandlerServer(bool persistent)
|
|
|
|
: pipe_name_(),
|
2015-10-29 18:19:37 -04:00
|
|
|
port_(CreateIoCompletionPort(INVALID_HANDLE_VALUE, nullptr, 0, 1)),
|
2015-11-03 19:26:18 -05:00
|
|
|
first_pipe_instance_(),
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
clients_lock_(),
|
2015-11-02 13:59:36 -05:00
|
|
|
clients_(),
|
|
|
|
persistent_(persistent) {
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
ExceptionHandlerServer::~ExceptionHandlerServer() {
|
|
|
|
}
|
|
|
|
|
2015-11-03 19:26:18 -05:00
|
|
|
void ExceptionHandlerServer::SetPipeName(const std::wstring& pipe_name) {
|
|
|
|
DCHECK(pipe_name_.empty());
|
|
|
|
DCHECK(!pipe_name.empty());
|
|
|
|
|
|
|
|
pipe_name_ = pipe_name;
|
|
|
|
}
|
|
|
|
|
2016-10-21 13:08:18 -07:00
|
|
|
void ExceptionHandlerServer::InitializeWithInheritedDataForInitialClient(
|
|
|
|
const InitialClientData& initial_client_data,
|
|
|
|
Delegate* delegate) {
|
|
|
|
DCHECK(pipe_name_.empty());
|
2015-11-03 19:26:18 -05:00
|
|
|
DCHECK(!first_pipe_instance_.is_valid());
|
|
|
|
|
2016-10-21 13:08:18 -07:00
|
|
|
first_pipe_instance_.reset(initial_client_data.first_pipe_instance());
|
|
|
|
|
|
|
|
// TODO(scottmg): Vista+. Might need to pass through or possibly find an Nt*.
|
|
|
|
size_t bytes = sizeof(wchar_t) * _MAX_PATH + sizeof(FILE_NAME_INFO);
|
|
|
|
std::unique_ptr<uint8_t[]> data(new uint8_t[bytes]);
|
win: Address failure-to-start-handler case for async startup
Second follow up to https://chromium-review.googlesource.com/c/400015/
The ideal would be that if we fail to start the handler, then we don't
end up passing through our unhandled exception filter at all.
In the case of the non-initial client (i.e. renderers) we can do this by
not setting our UnhandledExceptionFilter until after we know we've
connected successfully (because those connections are synchronous from
its point of view). We also change WaitForNamedPipe in the connection
message to block forever, so as long as the precreated pipe exists,
they'll wait to connect. After the initial client has passed the server
side of that pipe to the handler, the handler has the only handle to it.
So, if the handler has disappeared for whatever reason, pipe-connecting
clients will fail with FILE_NOT_FOUND, and will not stick around in the
connection loop. This means non-initial clients do not need additional
logic to avoid getting stuck in our UnhandledExceptionFilter.
For the initial client, it would be ideal to avoid passing through our
UEF too, but none of the 3 options are great:
1. Block until we find out if we started, and then install the filter.
We don't want to do that, because we don't want to wait.
2. Restore the old filter if it turns out we failed to start. We can't
do that because Chrome disables ::SetUnhandledExceptionFilter()
immediately after StartHandler/SetHandlerIPCPipe returns.
3. Don't install our filter until we've successfully started. We don't
want to do that because we'd miss early crashes, negating the benefit
of deferred startup.
So, we do need to pass through our UnhandledExceptionFilter. I don't
want more Win32 API calls during the vulnerable filter function. So, at
any point during async startup where there's a failure, set a global
atomic that allows the filter function to abort without trying to signal
a handler that's known to not exist.
One further improvement we might want to look at is unexpected
termination of the handler (as opposed to a failure to start) which
would still result in a useless Sleep(60s). This isn't new behaviour,
but now we have a clear thing to do if we detect the handler is gone.
(Also a missing DWORD/size_t cast for the _x64 bots.)
R=mark@chromium.org
BUG=chromium:567850,chromium:656800
Change-Id: I5be831ca39bd8b2e5c962b9647c8bd469e2be878
Reviewed-on: https://chromium-review.googlesource.com/400985
Reviewed-by: Mark Mentovai <mark@chromium.org>
2016-11-02 14:24:21 -07:00
|
|
|
if (!GetFileInformationByHandleEx(first_pipe_instance_.get(),
|
|
|
|
FileNameInfo,
|
|
|
|
data.get(),
|
|
|
|
static_cast<DWORD>(bytes))) {
|
2016-10-21 13:08:18 -07:00
|
|
|
PLOG(FATAL) << "GetFileInformationByHandleEx";
|
|
|
|
}
|
|
|
|
FILE_NAME_INFO* file_name_info =
|
|
|
|
reinterpret_cast<FILE_NAME_INFO*>(data.get());
|
|
|
|
pipe_name_ =
|
|
|
|
L"\\\\.\\pipe" + std::wstring(file_name_info->FileName,
|
|
|
|
file_name_info->FileNameLength /
|
|
|
|
sizeof(file_name_info->FileName[0]));
|
|
|
|
|
|
|
|
{
|
|
|
|
base::AutoLock lock(clients_lock_);
|
|
|
|
internal::ClientData* client = new internal::ClientData(
|
|
|
|
port_.get(),
|
|
|
|
delegate,
|
|
|
|
ScopedKernelHANDLE(initial_client_data.client_process()),
|
|
|
|
ScopedKernelHANDLE(initial_client_data.request_crash_dump()),
|
|
|
|
ScopedKernelHANDLE(initial_client_data.request_non_crash_dump()),
|
|
|
|
ScopedKernelHANDLE(initial_client_data.non_crash_dump_completed()),
|
|
|
|
initial_client_data.crash_exception_information(),
|
|
|
|
initial_client_data.non_crash_exception_information(),
|
|
|
|
initial_client_data.debug_critical_section_address(),
|
|
|
|
&OnCrashDumpEvent,
|
|
|
|
&OnNonCrashDumpEvent,
|
|
|
|
&OnProcessEnd);
|
|
|
|
clients_.insert(client);
|
|
|
|
}
|
2015-11-03 19:26:18 -05:00
|
|
|
}
|
|
|
|
|
2015-10-29 18:19:37 -04:00
|
|
|
void ExceptionHandlerServer::Run(Delegate* delegate) {
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
uint64_t shutdown_token = base::RandUint64();
|
2015-11-03 19:26:18 -05:00
|
|
|
ScopedKernelHANDLE thread_handles[kPipeInstances];
|
2015-12-08 14:21:29 -08:00
|
|
|
for (size_t i = 0; i < arraysize(thread_handles); ++i) {
|
2015-11-03 19:26:18 -05:00
|
|
|
HANDLE pipe;
|
|
|
|
if (first_pipe_instance_.is_valid()) {
|
|
|
|
pipe = first_pipe_instance_.release();
|
|
|
|
} else {
|
2015-11-06 10:43:39 -08:00
|
|
|
pipe = CreateNamedPipeInstance(pipe_name_, i == 0);
|
2015-11-03 19:26:18 -05:00
|
|
|
PCHECK(pipe != INVALID_HANDLE_VALUE) << "CreateNamedPipe";
|
|
|
|
}
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
|
|
|
|
// Ownership of this object (and the pipe instance) is given to the new
|
|
|
|
// thread. We close the thread handles at the end of the scope. They clean
|
|
|
|
// up the context object and the pipe instance on termination.
|
|
|
|
internal::PipeServiceContext* context =
|
|
|
|
new internal::PipeServiceContext(port_.get(),
|
|
|
|
pipe,
|
2015-09-03 13:31:19 -07:00
|
|
|
delegate,
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
&clients_lock_,
|
|
|
|
&clients_,
|
|
|
|
shutdown_token);
|
|
|
|
thread_handles[i].reset(
|
|
|
|
CreateThread(nullptr, 0, &PipeServiceProc, context, 0, nullptr));
|
2015-09-11 15:34:35 -07:00
|
|
|
PCHECK(thread_handles[i].is_valid()) << "CreateThread";
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
}
|
|
|
|
|
2015-09-03 13:31:19 -07:00
|
|
|
delegate->ExceptionHandlerServerStarted();
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
|
|
|
|
// This is the main loop of the server. Most work is done on the threadpool,
|
|
|
|
// other than process end handling which is posted back to this main thread,
|
|
|
|
// as we must unregister the threadpool waits here.
|
|
|
|
for (;;) {
|
|
|
|
OVERLAPPED* ov = nullptr;
|
|
|
|
ULONG_PTR key = 0;
|
|
|
|
DWORD bytes = 0;
|
|
|
|
GetQueuedCompletionStatus(port_.get(), &bytes, &key, &ov, INFINITE);
|
|
|
|
if (!key) {
|
|
|
|
// Shutting down.
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Otherwise, this is a request to unregister and destroy the given client.
|
|
|
|
// delete'ing the ClientData blocks in UnregisterWaitEx to ensure all
|
|
|
|
// outstanding threadpool waits are complete. This is important because the
|
|
|
|
// process handle can be signalled *before* the dump request is signalled.
|
|
|
|
internal::ClientData* client = reinterpret_cast<internal::ClientData*>(key);
|
2015-11-02 13:59:36 -05:00
|
|
|
base::AutoLock lock(clients_lock_);
|
|
|
|
clients_.erase(client);
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
delete client;
|
2015-11-02 13:59:36 -05:00
|
|
|
if (!persistent_ && clients_.empty())
|
|
|
|
break;
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
// Signal to the named pipe instances that they should terminate.
|
2015-12-08 14:21:29 -08:00
|
|
|
for (size_t i = 0; i < arraysize(thread_handles); ++i) {
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
ClientToServerMessage message;
|
|
|
|
memset(&message, 0, sizeof(message));
|
|
|
|
message.type = ClientToServerMessage::kShutdown;
|
|
|
|
message.shutdown.token = shutdown_token;
|
|
|
|
ServerToClientMessage response;
|
2015-11-03 19:26:18 -05:00
|
|
|
SendToCrashHandlerServer(pipe_name_,
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
reinterpret_cast<ClientToServerMessage&>(message),
|
|
|
|
&response);
|
|
|
|
}
|
|
|
|
|
|
|
|
for (auto& handle : thread_handles)
|
|
|
|
WaitForSingleObject(handle.get(), INFINITE);
|
|
|
|
|
|
|
|
// Deleting ClientData does a blocking wait until the threadpool executions
|
|
|
|
// have terminated when unregistering them.
|
|
|
|
{
|
|
|
|
base::AutoLock lock(clients_lock_);
|
|
|
|
for (auto* client : clients_)
|
|
|
|
delete client;
|
|
|
|
clients_.clear();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void ExceptionHandlerServer::Stop() {
|
|
|
|
// Post a null key (third argument) to trigger shutdown.
|
|
|
|
PostQueuedCompletionStatus(port_.get(), 0, 0, nullptr);
|
|
|
|
}
|
|
|
|
|
|
|
|
// This function must be called with service_context.pipe() already connected to
|
|
|
|
// a client pipe. It exchanges data with the client and adds a ClientData record
|
|
|
|
// to service_context->clients().
|
|
|
|
//
|
|
|
|
// static
|
|
|
|
bool ExceptionHandlerServer::ServiceClientConnection(
|
|
|
|
const internal::PipeServiceContext& service_context) {
|
|
|
|
ClientToServerMessage message;
|
|
|
|
|
Make file_io reads more rational and predictable
ReadFile() attempted to continue reading after a short read. In most
cases, this is fine. However, ReadFile() would keep trying to fill a
partially-filled buffer until experiencing a 0-length read(), signaling
end-of-file. For certain weird file descriptors like terminal input, EOF
is an ephemeral condition, and attempting to read beyond EOF doesn’t
actually return 0 (EOF) provided that they remain open, it will block
waiting for more input. Consequently, ReadFile() and anything based on
ReadFile() had an undocumented and quirky interface, which was that any
short read that it returned (not an underlying short read) actually
indicated EOF.
This facet of ReadFile() was unexpected, so it’s being removed. The new
behavior is that ReadFile() will return an underlying short read. The
behavior of FileReaderInterface::Read() is updated in accordance with
this change.
Upon experiencing a short read, the caller can determine the best
action. Most callers were already prepared for this behavior. Outside of
util/file, only crashpad_database_util properly implemented EOF
detection according to previous semantics, and adapting it to new
semantics is trivial.
Callers who require an exact-length read can use the new
ReadFileExactly(), or the newly renamed LoggingReadFileExactly() or
CheckedReadFileExactly(). These functions will retry following a short
read. The renamed functions were previously called LoggingReadFile() and
CheckedReadFile(), but those names implied that they were simply
wrapping ReadFile(), which is not the case. They wrapped ReadFile() and
further, insisted on a full read. Since ReadFile()’s semantics are now
changing but these functions’ are not, they’re now even more distinct
from ReadFile(), and must be renamed to avoid confusion.
Test: *
Change-Id: I06b77e0d6ad8719bd2eb67dab93a8740542dd908
Reviewed-on: https://chromium-review.googlesource.com/456676
Reviewed-by: Robert Sesek <rsesek@chromium.org>
2017-03-16 13:36:38 -04:00
|
|
|
if (!LoggingReadFileExactly(
|
|
|
|
service_context.pipe(), &message, sizeof(message)))
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
return false;
|
|
|
|
|
|
|
|
switch (message.type) {
|
|
|
|
case ClientToServerMessage::kShutdown: {
|
|
|
|
if (message.shutdown.token != service_context.shutdown_token()) {
|
|
|
|
LOG(ERROR) << "forged shutdown request, got: "
|
|
|
|
<< message.shutdown.token;
|
|
|
|
return false;
|
|
|
|
}
|
2015-11-19 15:09:59 -08:00
|
|
|
ServerToClientMessage shutdown_response = {};
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
LoggingWriteFile(service_context.pipe(),
|
|
|
|
&shutdown_response,
|
|
|
|
sizeof(shutdown_response));
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
win: Address failure-to-start-handler case for async startup
Second follow up to https://chromium-review.googlesource.com/c/400015/
The ideal would be that if we fail to start the handler, then we don't
end up passing through our unhandled exception filter at all.
In the case of the non-initial client (i.e. renderers) we can do this by
not setting our UnhandledExceptionFilter until after we know we've
connected successfully (because those connections are synchronous from
its point of view). We also change WaitForNamedPipe in the connection
message to block forever, so as long as the precreated pipe exists,
they'll wait to connect. After the initial client has passed the server
side of that pipe to the handler, the handler has the only handle to it.
So, if the handler has disappeared for whatever reason, pipe-connecting
clients will fail with FILE_NOT_FOUND, and will not stick around in the
connection loop. This means non-initial clients do not need additional
logic to avoid getting stuck in our UnhandledExceptionFilter.
For the initial client, it would be ideal to avoid passing through our
UEF too, but none of the 3 options are great:
1. Block until we find out if we started, and then install the filter.
We don't want to do that, because we don't want to wait.
2. Restore the old filter if it turns out we failed to start. We can't
do that because Chrome disables ::SetUnhandledExceptionFilter()
immediately after StartHandler/SetHandlerIPCPipe returns.
3. Don't install our filter until we've successfully started. We don't
want to do that because we'd miss early crashes, negating the benefit
of deferred startup.
So, we do need to pass through our UnhandledExceptionFilter. I don't
want more Win32 API calls during the vulnerable filter function. So, at
any point during async startup where there's a failure, set a global
atomic that allows the filter function to abort without trying to signal
a handler that's known to not exist.
One further improvement we might want to look at is unexpected
termination of the handler (as opposed to a failure to start) which
would still result in a useless Sleep(60s). This isn't new behaviour,
but now we have a clear thing to do if we detect the handler is gone.
(Also a missing DWORD/size_t cast for the _x64 bots.)
R=mark@chromium.org
BUG=chromium:567850,chromium:656800
Change-Id: I5be831ca39bd8b2e5c962b9647c8bd469e2be878
Reviewed-on: https://chromium-review.googlesource.com/400985
Reviewed-by: Mark Mentovai <mark@chromium.org>
2016-11-02 14:24:21 -07:00
|
|
|
case ClientToServerMessage::kPing: {
|
|
|
|
// No action required, the fact that the message was processed is
|
|
|
|
// sufficient.
|
|
|
|
ServerToClientMessage shutdown_response = {};
|
|
|
|
LoggingWriteFile(service_context.pipe(),
|
|
|
|
&shutdown_response,
|
|
|
|
sizeof(shutdown_response));
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
case ClientToServerMessage::kRegister:
|
|
|
|
// Handled below.
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
LOG(ERROR) << "unhandled message type: " << message.type;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-09-04 11:52:07 -07:00
|
|
|
if (message.registration.version != RegistrationRequest::kMessageVersion) {
|
|
|
|
LOG(ERROR) << "unexpected version. got: " << message.registration.version
|
|
|
|
<< " expecting: " << RegistrationRequest::kMessageVersion;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
decltype(GetNamedPipeClientProcessId)* get_named_pipe_client_process_id =
|
|
|
|
GetNamedPipeClientProcessIdFunction();
|
|
|
|
if (get_named_pipe_client_process_id) {
|
|
|
|
// GetNamedPipeClientProcessId is only available on Vista+.
|
|
|
|
DWORD real_pid = 0;
|
|
|
|
if (get_named_pipe_client_process_id(service_context.pipe(), &real_pid) &&
|
|
|
|
message.registration.client_process_id != real_pid) {
|
|
|
|
LOG(ERROR) << "forged client pid, real pid: " << real_pid
|
|
|
|
<< ", got: " << message.registration.client_process_id;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// We attempt to open the process as us. This is the main case that should
|
|
|
|
// almost always succeed as the server will generally be more privileged. If
|
|
|
|
// we're running as a different user, it may be that we will fail to open
|
|
|
|
// the process, but the client will be able to, so we make a second attempt
|
|
|
|
// having impersonated the client.
|
|
|
|
HANDLE client_process = OpenProcess(
|
2015-09-11 13:16:06 -07:00
|
|
|
kXPProcessAllAccess, false, message.registration.client_process_id);
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
if (!client_process) {
|
|
|
|
if (!ImpersonateNamedPipeClient(service_context.pipe())) {
|
|
|
|
PLOG(ERROR) << "ImpersonateNamedPipeClient";
|
|
|
|
return false;
|
|
|
|
}
|
2015-09-21 10:51:15 -07:00
|
|
|
client_process = OpenProcess(
|
2015-09-11 13:16:06 -07:00
|
|
|
kXPProcessAllAccess, false, message.registration.client_process_id);
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
PCHECK(RevertToSelf());
|
|
|
|
if (!client_process) {
|
|
|
|
LOG(ERROR) << "failed to open " << message.registration.client_process_id;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
internal::ClientData* client;
|
|
|
|
{
|
|
|
|
base::AutoLock lock(*service_context.clients_lock());
|
2015-09-25 13:45:32 -07:00
|
|
|
client = new internal::ClientData(
|
|
|
|
service_context.port(),
|
|
|
|
service_context.delegate(),
|
|
|
|
ScopedKernelHANDLE(client_process),
|
2016-10-21 13:08:18 -07:00
|
|
|
ScopedKernelHANDLE(
|
|
|
|
CreateEvent(nullptr, false /* auto reset */, false, nullptr)),
|
|
|
|
ScopedKernelHANDLE(
|
|
|
|
CreateEvent(nullptr, false /* auto reset */, false, nullptr)),
|
|
|
|
ScopedKernelHANDLE(
|
|
|
|
CreateEvent(nullptr, false /* auto reset */, false, nullptr)),
|
2015-09-25 13:45:32 -07:00
|
|
|
message.registration.crash_exception_information,
|
|
|
|
message.registration.non_crash_exception_information,
|
2015-10-15 13:18:08 -07:00
|
|
|
message.registration.critical_section_address,
|
2015-09-25 13:45:32 -07:00
|
|
|
&OnCrashDumpEvent,
|
|
|
|
&OnNonCrashDumpEvent,
|
|
|
|
&OnProcessEnd);
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
service_context.clients()->insert(client);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Duplicate the events back to the client so they can request a dump.
|
|
|
|
ServerToClientMessage response;
|
2015-09-25 13:45:32 -07:00
|
|
|
response.registration.request_crash_dump_event =
|
2015-11-05 14:00:26 -05:00
|
|
|
HandleToInt(DuplicateEvent(
|
|
|
|
client->process(), client->crash_dump_requested_event()));
|
2015-09-25 13:45:32 -07:00
|
|
|
response.registration.request_non_crash_dump_event =
|
2015-11-05 14:00:26 -05:00
|
|
|
HandleToInt(DuplicateEvent(
|
|
|
|
client->process(), client->non_crash_dump_requested_event()));
|
2015-09-25 13:45:32 -07:00
|
|
|
response.registration.non_crash_dump_completed_event =
|
2015-11-05 14:00:26 -05:00
|
|
|
HandleToInt(DuplicateEvent(
|
|
|
|
client->process(), client->non_crash_dump_completed_event()));
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
|
|
|
|
if (!LoggingWriteFile(service_context.pipe(), &response, sizeof(response)))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// static
|
|
|
|
DWORD __stdcall ExceptionHandlerServer::PipeServiceProc(void* ctx) {
|
|
|
|
internal::PipeServiceContext* service_context =
|
|
|
|
reinterpret_cast<internal::PipeServiceContext*>(ctx);
|
|
|
|
DCHECK(service_context);
|
|
|
|
|
|
|
|
for (;;) {
|
2015-10-22 14:32:13 -07:00
|
|
|
bool ret = !!ConnectNamedPipe(service_context->pipe(), nullptr);
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
if (!ret && GetLastError() != ERROR_PIPE_CONNECTED) {
|
|
|
|
PLOG(ERROR) << "ConnectNamedPipe";
|
|
|
|
} else if (ServiceClientConnection(*service_context)) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
DisconnectNamedPipe(service_context->pipe());
|
|
|
|
}
|
|
|
|
|
|
|
|
delete service_context;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
// static
|
2015-09-25 13:45:32 -07:00
|
|
|
void __stdcall ExceptionHandlerServer::OnCrashDumpEvent(void* ctx, BOOLEAN) {
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
// This function is executed on the thread pool.
|
|
|
|
internal::ClientData* client = reinterpret_cast<internal::ClientData*>(ctx);
|
|
|
|
base::AutoLock lock(*client->lock());
|
|
|
|
|
|
|
|
// Capture the exception.
|
|
|
|
unsigned int exit_code = client->delegate()->ExceptionHandlerServerException(
|
2015-10-15 13:18:08 -07:00
|
|
|
client->process(),
|
|
|
|
client->crash_exception_information_address(),
|
|
|
|
client->debug_critical_section_address());
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
|
|
|
|
TerminateProcess(client->process(), exit_code);
|
|
|
|
}
|
|
|
|
|
2015-09-25 13:45:32 -07:00
|
|
|
// static
|
|
|
|
void __stdcall ExceptionHandlerServer::OnNonCrashDumpEvent(void* ctx, BOOLEAN) {
|
|
|
|
// This function is executed on the thread pool.
|
|
|
|
internal::ClientData* client = reinterpret_cast<internal::ClientData*>(ctx);
|
|
|
|
base::AutoLock lock(*client->lock());
|
|
|
|
|
|
|
|
// Capture the exception.
|
|
|
|
client->delegate()->ExceptionHandlerServerException(
|
2015-10-15 13:18:08 -07:00
|
|
|
client->process(),
|
|
|
|
client->non_crash_exception_information_address(),
|
|
|
|
client->debug_critical_section_address());
|
2015-09-25 13:45:32 -07:00
|
|
|
|
2015-10-22 14:32:13 -07:00
|
|
|
bool result = !!SetEvent(client->non_crash_dump_completed_event());
|
2015-09-25 13:45:32 -07:00
|
|
|
PLOG_IF(ERROR, !result) << "SetEvent";
|
|
|
|
}
|
|
|
|
|
win: Crash handler server
This replaces the registration server, and adds dispatch to a delegate
on crash requests.
(As you are already aware) we went around in circles on trying to come
up with a slightly-too-fancy threading design. All of them seemed to
have problems when it comes to out of order events, and orderly
shutdown, so I've gone back to something not-too-fancy.
Two named pipe instances (that clients connect to) are created. These
are used only for registration (which should take <1ms), so 2 should be
sufficient to avoid any waits. When a client registers, we duplicate
an event to it, which is used to signal when it wants a dump taken.
The server registers threadpool waits on that event, and also on the
process handle (which will be signalled when the client process exits).
These requests (in particular the taking of the dump) are serviced
on the threadpool, which avoids us needing to manage those threads,
but still allows parallelism in taking dumps. On process termination,
we use an IO Completion Port to post a message back to the main thread
to request cleanup. This complexity is necessary so that we can
unregister the threadpool waits without being on the threadpool, which
we need to do synchronously so that we can be sure that no further
callbacks will execute (and expect to have the client data around
still).
In a followup, I will readd support for DumpWithoutCrashing -- I don't
think it will be too difficult now that we have an orderly way to
clean up client records in the server.
R=cpu@chromium.org, mark@chromium.org, jschuh@chromium.org
BUG=crashpad:1,crashpad:45
Review URL: https://codereview.chromium.org/1301853002 .
2015-09-03 11:06:17 -07:00
|
|
|
// static
|
|
|
|
void __stdcall ExceptionHandlerServer::OnProcessEnd(void* ctx, BOOLEAN) {
|
|
|
|
// This function is executed on the thread pool.
|
|
|
|
internal::ClientData* client = reinterpret_cast<internal::ClientData*>(ctx);
|
|
|
|
base::AutoLock lock(*client->lock());
|
|
|
|
|
|
|
|
// Post back to the main thread to have it delete this client record.
|
|
|
|
PostQueuedCompletionStatus(client->port(), 0, ULONG_PTR(client), nullptr);
|
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace crashpad
|