SA_EXPOSE_TAGBITS is a Linux >= 5.11 feature that allows si_addr to
contain the upper tag bits. This is a feature that allows signal
handlers to see the full upper address bits on aarch64, which consist of
TBI and MTE nibbles. For MTE, preserving these bits is of significant
importance, as it allows for precise use-after-free and buffer-overflow
diagnosis that's impossible without seeing these bits in the fault
address.
We unconditionally enable this feature on all kernels, as it's ignored
when unsupported (even on older kernels).
Tested on:
1. Linux x86 host, which is a no-op.
2. Android device with Linux 4.14, which is a no-op.
3. Android device with Linux 5.15, which passes. For posterity, my
config was:
| $ gn args out_arm64
| target_os = "android"
| android_ndk_root = "~/Android.sdk/ndk/21.4.7075529"
| android_api_level = 26
| target_cpu = "arm64"
| # NDK builds push libc++_shared.so, which is not present on newer Android
| # versions, so I hacked the runner to push the file. Maybe this should be
| # upstreamed at some point as well.
| $ git diff
| diff --git a/build/run_tests.py b/build/run_tests.py
| index 8ad19e34..64269c90 100755
| --- a/build/run_tests.py
| +++ b/build/run_tests.py
| @@ -273,7 +273,8 @@ def _RunOnAndroidTarget(binary_dir, test, android_device, extra_command_line):
| _adb_shell(adb_mkdir_command)
|
| # Push the test binary and any other build output to the device.
| - local_test_build_artifacts = []
| + local_test_build_artifacts = [
| + '~/Android.sdk/ndk/21.4.7075529/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/aarch64-linux-android/libc++_shared.so']
| for artifact in test_build_artifacts:
| local_test_build_artifacts.append(os.path.join(
| binary_dir, artifact))
| @@ -294,6 +295,7 @@ def _RunOnAndroidTarget(binary_dir, test, android_device, extra_command_line):
| # The list of TERM values comes from Google Test’s
| # googletest/src/gtest.cc testing::internal::ShouldUseColor().
| env = {'CRASHPAD_TEST_DATA_ROOT': device_temp_dir}
| + env = {'LD_LIBRARY_PATH': device_out_dir}
| gtest_color = os.environ.get('GTEST_COLOR')
| if gtest_color in ('auto', None):
| if (sys.stdout.isatty() and
| $ ninja -C out_arm64 && python build/run_tests.py out_arm64/ \
| --gtest_filter=*StartHandlerForSelfTestSuite*
Change-Id: I293b36fcd08ffaca593dae8042299a39756defa0
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4024204
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mitch Phillips <mitchp@google.com>
sed -i '' -E -e 's/Copyright (.+) The Crashpad Authors\. All rights reserved\.$/Copyright \1 The Crashpad Authors/' $(git grep -El 'Copyright (.+) The Crashpad Authors\. All rights reserved\.$')
Bug: chromium:1098010
Change-Id: I8d6138469ddbe3d281a5d83f64cf918ec2491611
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3878262
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
CFI attempts to verify that the dynamic type of a function object
matches the static type of the function pointer used to call it.
https://clang.llvm.org/docs/ControlFlowIntegrity.html#indirect-function-call-checking
However, the analyzer does not have enough information to check
cross-dso calls. In these instances, CFI crashes upon calling the
function with an error like:
pthread_create_linux.cc:60:16: runtime error:
control flow integrity check for type
'int (unsigned long *, const pthread_attr_t *, void *(*)(void *), void *)'
failed during indirect function call
(/lib/x86_64-linux-gnu/libpthread.so.0+0x9200):
note: (unknown) defined here pthread_create_linux.cc:60:16:
note: check failed in crashpad_handler,
destination function located in /lib/x86_64-linux-gnu/libpthread.so.0
Change-Id: Ib29dabfe714f2ee9cc06a5d17e6899ff81a06df4
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2339332
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
On Android, the compat library built compat/android/sys/mman.cc, which
provides a fallback for mmap, and compat/linux/sys/mman.cc, which
provides a fallback for memfd_create. This can result in two object
files colliding in the library, which is flagged as a “gn analyze”
error:
> ERROR at //crashpad/compat/BUILD.gn:62:5: Duplicate object file
> static_library(target_name) {
> ^----------------------------
> The target //crashpad/compat:compat
> generates two object files with the same name:
> obj/crashpad/compat/compat/mman.o
>
> It could be you accidentally have a file listed twice in the
> sources. Or, depending on how your toolchain maps sources to
> object files, two source files with the same name in different
> directories could map to the same object file.
>
> In the latter case, either rename one of the files or move one of
> the sources to a separate source_set to avoid them both being in
> the same target.
The files are renamed to avoid this collision. The associated headers
cannot be renamed because they need to shadow the SDK’s copies. There is
no “gn analyze” conflict reported for headers with the same name.
Change-Id: Ia49ef5ff8375673395597e96555f72f7c69e3564
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2285965
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
PTRACE_GET_THREAD_AREA is only removed from the newer version of glibc (>=2.28)
for aarch64. Since ChromeOS uses 2.23 version of glibc currently,
so it should be handled in crashpad to avoid the redefinition.
BUG=chromium:873168
Change-Id: I8da6bc0595b814b0490b38da6f4a68e6803bb5b9
Reviewed-on: https://chromium-review.googlesource.com/1188309
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
__aarch64__ should always be defined for 64-bit ARM, while __arm64__
only sometimes is.
Change-Id: I46a6469d8f5e74ad79b6ded51a809fbf88e5170a
Reviewed-on: https://chromium-review.googlesource.com/1151541
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
The pre-processor attempts to parse an entire expression before
evaluating sub-expressions, so undefined macros result in a syntax
error.
Change-Id: Ie950867897a1befd221bdbe4719f2365f5cc75ee
Reviewed-on: https://chromium-review.googlesource.com/1132328
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
This is a followup to [1] which fixed the x86 build for glibc 2.27. But there
was a similar block of code that was only present on arm, which was causing the
arm build to fail. This CL makes the equivalent change to [1].
[1] 3a20d34ac3
BUG=chromium:843240
R=mark@chromium.org
Change-Id: I4b2786ddcdd0d9920aca25b3ad00c5ba716ca30a
Reviewed-on: https://chromium-review.googlesource.com/1060155
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Scott Graham <scottmg@chromium.org>
Glibc now defines PTRACE_GET_THREAD_AREA as an enum value. Trying to define our
own will result in an error:
../../third_party/crashpad/crashpad/compat/linux/sys/ptrace.h:25:35: error: redefinition of 'PTRACE_GET_THREAD_AREA' as different kind of symbol
static constexpr __ptrace_request PTRACE_GET_THREAD_AREA =
^
../../build/linux/debian_sid_amd64-sysroot/usr/include/x86_64-linux-gnu/sys/ptrace.h:110:3: note: previous definition is here
PTRACE_GET_THREAD_AREA = 25,
However, glibc also defines a new macro for the corresponding value, so it's
possible to detect this case:
----- ptrace.h -----
/* Get a TLS entry in the GDT. */
PTRACE_GET_THREAD_AREA = 25,
#define PT_GET_THREAD_AREA PTRACE_GET_THREAD_AREA
----- ptrace.h -----
This CL prevents defining our own PTRACE_GET_THREAD_AREA when PT_GET_THREAD_AREA
is defined.
Bug: None
Change-Id: Idf931e54dadd57788f04da47f12f0f0588a255cc
Reviewed-on: https://chromium-review.googlesource.com/999161
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
user_vfp is not declared anymore in sys/user.h, but in specific
internal kernel asm user.h in GLIBC. So building crashpad on ARMEL
with such a GLIBC will fail to build.
Also, sys/ptrace.h will not include the declarations for
PTRACE_GET_THREAD_AREA and PTRACE_GETVFPREG in arm (they are in
asm/ptrace.h and not included from sys/ptrace.h). So provide
compatibility declarations accordingly for arm architecture.
Change-Id: I58ab5274a66d84c0cbc9e9e9b23e0abc37bf67e5
Reviewed-on: https://chromium-review.googlesource.com/996073
Reviewed-by: Mark Mentovai <mark@chromium.org>
glibc’s own <sys/ptrace.h> should provide this but doesn’t. See
https://sourceware.org/bugzilla/show_bug.cgi?id=22433.
The copy in compat provided it when targeting x86-64 and using glibc.
util/linux/ptracer.cc uses it when targeting both 32-bit x86 and x86-64,
so the compat definition must be made to apply to 32-bit x86 too.
This also provides a #define using the same name as the constant, which
is what glibc’s <sys/ptrace.h> does for other constants.
Bug: crashpad:30
Change-Id: I5a0734a236d1c25398fb69e66f58dfe118658b68
Reviewed-on: https://chromium-review.googlesource.com/765257
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Linux supports TLS on x86 by allocating slots in the GDT, accessible
via the system calls get/set_thread_area. This allows segment
registers (%gs on x86) to be used to quickly access the TLS.
Previously, we used PTRACE_GETREGSET with the NT_386_TLS regset. This
"register set" provides access to the subarray of the GDT used for TLS.
However, there are multiple slots provided and we don't know which one
is being used by the threading library for the current thread's TLS.
Previously, we were just using the first one, which worked for x86 on
64-bit kernels, but not 32-bit kernels. On 32-bit kernels, the first
slot ended up pointing to the TLS of the main thread.
The authoritative index of the current thread's TLS in the GDT is
given by bits 3-15 of %gs. However, this index cannot be used with
PTRACE_GETREGSET+NT386_TLS because we don't know the location of the
TLS slots in the GDT. PTRACE_GET_THREAD_AREA, however, accepts an
index from the start of the GDT similarly to get/set_thread_area.
Bug: crashpad:30
Change-Id: Ie6dfbdd088c6816fad409812a1a97037d4b38fd7
Reviewed-on: https://chromium-review.googlesource.com/575318
Reviewed-by: Mark Mentovai <mark@chromium.org>
