DropPrivileges() is used in exception_port_tool, so that when it is
installed as a setuid executable, it only uses elevated privileges to
obtain a task port for its -p option, and then relinquishes those
privileges.
It is difficult to provide a test for this function, because it must be
running setuid or setgid in order to do anything interesting. However,
the function contains its own CHECKs to verify that it behaves properly.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727053002
This also transitions exception_port_tool to use TaskForPID(), so that
it can be safely used as a setuid executable without giving permission
to operate on any process on the system.
It is difficult to provide a test for this function, because it must be
running setuid root in order to do anything interesting.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/728973002
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
MinidumpLocationDescriptorListWriter and MinidumpRVAListWriter are
implementation details and should be in the crashpad::internal
namespace.
MinidumpUTF16StringListWriter and MinidumpUTF8StringListWriter are
accessible to outside code and should not be in this namespace.
TEST=minidump_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/699313007
This will be used as the foundation for writing a list of
MinidumpUTF8String objects. MinidumpUTF8String (and UTF-16
MINIDUMP_STRING) objects are never referenced by
MINIDUMP_LOCATION_DESCRIPTOR because they carry their own lengths.
Instead, they are always referenced by RVA.
The list of MinidumpUTF8String objects will be used for the module
annotations vector.
TEST=minidump_test MinidumpRVAListWriter.*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/704333002
MinidumpLocationDescriptorListWriter. This allows easier construction of
minidump structures that are lists of MINIDUMP_LOCATION_DESCRIPTOR
structures in the future.
TEST=minidump_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/707543002
MinidumpWritableAtRVA<>() now checks that the object of the requested
type is actually in the range of the minidump file’s size, rather than
just checking that the beginning of the object is in range.
TEST=minidump_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/708803002
implicit_cast<> only performs a cast in cases where an implicit
conversion would be possible. It’s even safer than static_cast<> It’s an
“explicit implicit” cast, which is not normally necsesary, but is
frequently required when working with the ?: operator, functions like
std::min() and std::max(), and logging and testing macros.
The public style guide does not mention implicit_cast<> only because it
is not part of the standard library, but would otherwise require it in
these situations. Since base does provide implicit_cast<>, it should be
used whenever possible.
The only uses of static_cast<> not converted to implicit_cast<> are
those that require static_cast<>, such as those that assign an integer
constant to a variable of an enum type.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/700383007
This only came up in one location, PointerVector.
A template alias is superior to inheritance, which doesn’t provide full
type equivalence and doesn’t automatically inherit non-default
constructors.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/683753005
and its test.
Minidump context structures now interoperate more easily with snapshot
CPUContext structures, while maintaining identical layout to before.
This is facilitated by reusing the Fxsave types for the substructures
which were completely identical, and by using compatible logic to
initialize the minidump and snapshot structures for testing.
TEST=minidump_test, snapshot_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/686353004
Not doing this causes gtest to issue these warnings:
[WARNING] ../../third_party/gtest/gtest/src/gtest-death-test.cc:825::
Death tests use fork(), which is unsafe particularly in a threaded
context. For this test, Google Test detected 4 threads.
The gtest documentation recommends giving the test case a name ending in
DeathTest. Test cases named according to this convention run before all
other tests. Other death tests in Crashpad also follow this convention.
https://code.google.com/p/googletest/wiki/AdvancedGuide#Death_Tests_And_Threads
TEST=util_test HTTPMultipartBuilderDeathTest.*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/694963002
All minidump objects now own their all of their children, rather than
having them maintain weak pointers and requiring callers to maintain
ownership.
The only weak object in the entire tree now is the “extra memory” added
to a MinidumpMemoryListWriter by its AddExtraMemory() method. Extra
memory aliases objects owned elsewhere in the tree, typically by a
MinidumpThreadWriter as stack memory. Non-“extra” memory added to a
MinidumpMemoryListWriter by its AddMemory() method is strongly owned.
Many objects are now deleted through base pointers, and in those cases,
the base classes now have public virtual destructors. The ultimate base,
MinidumpWritable, is still protected to guard against direct
instantiation and deletion, and thus its destructor does not need to be
virtual.
This updates mini_chromium to eeb3b6a4f020 specifically for that
revision, which includes necessary updates to scoped_ptr. It also picks
up:
eeb3b6a4f020 Update base/move.h and base/memory/scoped_ptr.h to match
67ad2efafaba More porting to Windows
be27a006421e AUTHORS: Fix link post-git migration flag day.
05f5b1503230 Add codereview.settings to mini_chromium.
a32c2b199811 Beginnings of Windows support in mini_chromium
TEST=minidump_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/674153002
test.
Move SimpleAnnotations from being a property of the minidump to being a
property of the module, matching the Snapshot interface.
TEST=minidump_test MinidumpCrashpadInfo.*:MinidumpCrashpadModule.*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/675803002
This change was generated mechanically by running:
find . \( -name \*.cc -or -name \*.mm -or -name \*.h \) \
-and -not -path ./third_party/\* -and -not -path ./out/\* \
-exec sed -i '' -E -e 's/(^|[^_])NULL/\1nullptr/g' {} +
Further manual fix-ups were applied to remove casts of nullptr to other
pointer types where possible, to preserve the intentional use of NULL
(as a short form of MACH_PORT_NULL) in exception_port_tool, and to fix
80-column violations.
https://groups.google.com/a/chromium.org/d/topic/chromium-dev/4mijeJHzxLg/discussion
TEST=*_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/656703002
This uses THREAD_NULL, TASK_NULL, and HOST_NULL in preference to
MACH_PORT_NULL and kMachPortNull. These constants are correctly-typed
(thread_t, task_t, and host_t) and result in more readable source code,
especially where thread and task parameters appear together as they do
in exc_*_variants.
TEST=util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/649713002
amount of time spent sleeping.
Even with the slop, this wound up being flaky, specifically on virtual
machines. And guess what our automated test infrastructure runs on?
TEST=util_test Clock.SleepNanoseconds
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/640373003
ExpectProcessIsRunning() goes to a lot of trouble to deal with the flaky
{CTL_KERN, KERN_PROCARGS2} API exposed by ProcessArgumentsForPID(). It
retries that call inside an inner loop until it succeeds, because it may
fail while a process is mid-exec(). Once it succeeds, it should use the
argv it obtained. Waiting for success and then attempting to call
ProcessArgumentsForPID() again to get argv can be flaky when the first
attempt succeeds because it’s pre-exec(), and the second one catches the
process in the middle of the exec() and fails.
The existence of the inner loop was intended to protect against this
problem, and the subsequent call outside of the inner loop appears to be
left behind from before the inner loop existed. It should have been
removed when the inner loop was added.
TEST=util_test ServiceManagement.SubmitRemoveJob
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/644473005
This is in line with the other new minidump_*_test_util files, namely,
the “context” and “memory” ones. minidump_file_writer_test_util.*
provides VerifyMinidumpHeader(), which is used to validate the
MINIDUMP_HEADER at the beginning of a minidump file, as written by
MinidumpFileWriter.
TEST=minidump_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/643643003
In locations that observe daylight saving time, this method now probes
different times to determine the offset when DST observance is (or is
not) in effect. This replaces a hard-coded one-hour offset, accounting
for Lord Howe Island, Australia, which is at a 30-minute offset.
TEST=snapshot_test SystemSnapshotMacTest.TimeZone
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/626093005
7dda7b322881 accidentally moved the libbsm.dylib dependency from
util_test_lib to util_test. It is only used by
test/mac/mach_multiprocess.cc in util_test_lib.
Meanwhile, util_test should link against Foundation.framework, which is
used by three tests in util/mac: launchd_test.mm, mac_util_test.mm, and
service_management_test.mm.
R=scottmg@chromium.org
Review URL: https://codereview.chromium.org/612923004
This fixes a sloppy compliation error: “Redefinition of enumerator
'kMinidumpContextX86Xstate'”. It also fixes CONTEXT_FULL, which should
contain floating-point registers but not segment registers unlike the
its 32-bit x86 equivalent.
Some comments are revised to provide better, um, context.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/620663002
This includes ClockMonotonicNanoseconds() and SleepNanoseconds().
SleepNanoseconds() is like base::PlatformThread::Sleep(), but
PlatformThread is not in mini_chromium and I’m not keen on adding it
because I’m not sold on the interface. I’m not convinced Sleep() belongs
there, and I don’t want to have to bring all of base::Time* along for
the ride.
TEST=util_test Clock.*:MachMessageServer.*:ServiceManagement.*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/597533002
This will be used in the upcoming Minidump context structures.
This also updates mini_chromium to ba9b15f1b6a7 to pick up:
ba9b15f1b6a7 Make bit_cast available in C++11 mode.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/583283003
Update mini_chromium to 313bd83d6d9d, picking up:
313bd83d6d9d Use close$NOCANCEL on Mac, as in Chrome r23369.
15a69caf735f Add some things from base/synchronization:
ConditionVariable and Lock.
Also, udpate GYP to 46282cedf40f (r1977), picking up:
r1977 android: Add a way to override build system variables.
r1976 android: Don't emit useless info into generated makefiles.
r1975 Fix indentation for emacs and add missing keyword.
r1974 Changes ninja generator to only output empty names if not already
output
r1973 Changes the ninja generator to output phony targets for
uninteresting targets
r1972 Makes matching of build files work when absolute
r1971 Support for custom NM/readelf binaries in your toolchain.
r1970 android: Support host multilib builds.
r1969 Makes analyzer output names of all executable target types
r1968 android: Make buildbot able to use a custom manifest.
r1967 ninja win: don't expect pdb to be generated when
GenerateDebugInformation: false
r1966 Makes the analyzer output the set of targets needing a build
r1965 Removes old way to specify files to look for
r1964 Provide a way to suppress implicit MIDL generation rules for
actions
r1963 Style changes for analyzer __ -> _ and lots of single newlines to
double newlines.
r1962 Changes for analyzer
r1961 Pull in relevant targets when using xcode-ninja
r1960 Guard against configurations without 'xcode_settings'
r1959 Updates analyzer to output to a file
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/590033002
The queue length of a new receive port appears to be 2 on Mac OS X 10.10
DP8 14A361c. The value of MACH_PORT_QLIMIT_DEFAULT in the 10.10 SDK is
still 5, so a read of the kernel source should be interesting, if we
ever get to see it.
In the meantime, mach_port_set_attributes() can be used to set a
traditional queue length.
TEST=util_test MachMessageServer.PersistentNonblockingFourMessages
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/584293003
