The ProcessMemorySanitized implementation only allows reads to a given
process if it falls within a given whitelist of memory ranges. This
ensures that 'sanitized' snapshots only allow reading memory that was
explicitly allowed.
Bug: crashpad:263, chromium:973167
Change-Id: I72712d7ea3cabfd49cc91ffbe563cb349e6fcfdb
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1752593
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
generate_dump is not being used on Fuchsia (because only the system-reporter
version of Fuchsia Crashpad is actively used).
GetProcessFromKoid() is becoming increasingly difficult to implement, so simply
de-port generate_dump until we actually need it again in the future (if ever).
Removes GetRootJob().
Change-Id: Ib5e5d8e79177506da4b2e0e0382f3fdd2502840b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1726695
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Francois Rousseau <frousseau@google.com>
Most Crashpad builds use Microsoft's armasm64.exe macro assembler
for .asm source files. When building in Chromium, clang-cl is used
as the assembler instead. Since the two assemblers recognize different
assembly dialects, the same .asm file can't be used for each.
As a workaround, use a prebuilt .obj file when the Microsoft-dialect
assembler isn't available.
The obj file is generated from the capture_context_win_arm64.asm
by armasm64 macro assembler. If this asm file is modified,
the obj file needs to be updated.
Change-Id: Id5a4a949997a27b04815aeb79b2540d30a52d34c
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1632749
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Removes the remaining references to the old port-based exception APIs in
favor of the new channel-based APIs.
Bug: fuchsia:ZX-4031
Test: runtests on emulator and device
Change-Id: Ieac5b66c2f676966d1018d771cab6c8635f12a8f
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1700321
Reviewed-by: Francois Rousseau <frousseau@google.com>
Commit-Queue: Francois Rousseau <frousseau@google.com>
This patch also updates WorkerThread to execute DoWork() when
DoWorkNow() has been called, which is relevant when DoWorkNow() and
Stop() have both been called. This occurs regularly on Android where
the handler's current normal mode is to dump a single process and exit.
This change ensures the upload thread has a chance to upload the report
before the handler exits.
This change should not affect upload on Chrome/WebView/Chromecast which
don't pass Crashpad a --url option and are still responsible for their
own uploads.
Change-Id: Ie5553eafc13714f0438b4b133a92516f7abec153
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1643710
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Previously, both the invocation to mig and mig's internal code would use xcrun
to locate binaries. When we're using the hermetic toolchain, we want to
explicitly specify the binaries to use and we want to avoid calls to xcrun.
Bug: chromium:971452
Change-Id: I8527368e0846bc72789e6454fcd626b028d297ff
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1650147
Commit-Queue: Erik Chen <erikchen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
The ProcessInfo initialization fails on ARM on Windows with
'ReadProcessData failed'.
The 64-bit detection logic only checks whether it's on x64 and ignores
ARM64. On ARM64, the ReadProcessData template should be instantiated
with internal::Traits64 as it is on x64.
Test: Run crashpad_tests on ARM, 'ReadProcessData failed' is gone
Change-Id: I0f47d8601a39aaa1b8ba07d34d1f41b7739233e7
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1615024
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
This message type allows the browser to determine the handler's process
ID to be used with `prctl(PR_SET_PTRACER, ...)`.
Bug: crashpad:284
Change-Id: I2664f3e8aee269b159de9074e389397346c808f0
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1577704
Reviewed-by: Mark Mentovai <mark@chromium.org>
sendmsg() and recvmsg() are complicated to use. Refactor their usage
into functions with a simpler, tested interface and use those instead.
This also adds CreateCredentialSocketpair() to create a pair of
connected sockets with SO_PASSCRED set. This option should be set
before the possibility of any calls to sendmsg() with the socket pair
to avoid race conditions in properly setting credentials.
Also update the handler to use Strategy::kNoPtrace (which causes the
crash dump to fail without breaking the socket connection) if the
credentials were invalid, which can happen if SO_PASSCRED was set after
the call to sendmsg() or if the sending process does not exist in this
namespace.
Change-Id: Id09f87125540255687a3c35d5bed7fa01ec07cff
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1584639
Reviewed-by: Mark Mentovai <mark@chromium.org>
Multi client socket connections allow multiple clients to request crash
dumps from a handler process using a single, shared socket connection.
This connection mode does not support using a broker process which
requires a dedicated socket connection to ensure handler messages
aren't intercepted by the wrong clients.
The handler uses SIGCONT to indicate to the crasher when a crash dump
is complete (or has failed) and may continue.
Bug: crashpad:284
Change-Id: I2031029cd254f17497cbf7e7d8740c289581e8aa
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1559306
Reviewed-by: Mark Mentovai <mark@chromium.org>
This patch adds the class ExceptionHandlerProtocol to contain all the
relevant types, but should not make any functional changes.
Change-Id: I65ada239a6bf3195899fdd96f005c042cdd59749
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1575796
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Until now we've been stuffing ELF debug symbol link information into a
CodeViewPDB70. This has reached the limits of its usefulness. We now add
a CodeViewRecord that can contain a proper ELF build ID.
Change-Id: Ice52cb2a958a1b9031943f280d9054da02d2f17d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1574107
Commit-Queue: Casey Dahlin <sadmac@google.com>
Reviewed-by: Mark Mentovai <mark@chromium.org>
When a crashing process is in a different PID namespace than the
handler, the crasher doesn't have a way of knowing its own thread ID in
the handler's namespace and the kernel lacks mechanisms to perform this
translation before Linux 4.1 (where the information is present in
/proc/<pid>/status:NSPid).
This patch gives the handler a way of identifying the requesting thread
by sending a stack address along with the crash dump request, which
the handler can search for in each of the process' threads.
This information is useful both for attaching exception information
to the right thread and to allow the handler to send signals to the
correct thread when using a shared socket connection.
Bug: crashpad:284, crashpad:286
Change-Id: I4fa366c8fb17f932b056265cf71a4af160ba342f
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1558828
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
now that we import fuchsia-sysinfo and fdio, this isn't really just zx anymore
Change-Id: Ic42359ce3d230e214ebdbbefb880ccb021434a0f
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1555533
Reviewed-by: Scott Graham <scottmg@chromium.org>
Commit-Queue: Francois Rousseau <frousseau@google.com>
Writing directly into buf.tmp causes the nul-terminator to overflow
into buf.crlf, which upsets some overflow detectors.
Bug: crashpad:289
Change-Id: I241f1ae239ed8360ac5dfd245cb70e919ae73cd1
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1545014
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
* a thread blocked in an exception is technically not suspended on Fuchsia
* this will take care of the spurious error message "thread failed to suspend: ZX_ERR_TIMED_OUT (-21)" introduced in https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1536268
Bug: fuchsia/ZX-3772
Tested: `fx run-test crashpad_test` on Fuchsia; verified with `fx shell crasher` no error message
Change-Id: I5306732ef7c5a4f2c0fe84bc072506d57a43931e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1538558
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Francois Rousseau <frousseau@google.com>
Previously, we included lib/fdio/util.h, but that header is being
removed. The declarations we need are in lib/fdio/fdio.h now.
Change-Id: I094b328766f1c67571044f85717b788eded1d142
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1508635
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Adam Barth <abarth@chromium.org>
9d26012e9c73 relaxed the requirement on ScopedMmap such that the length
of the region supervised no longer needed to be provided as a round
number of pages. This was accomplished by internally rounding up the
provided length to a page length. Unfortunately, this made
ScopedMmap::len() return something other than the passed-in length,
which is undesirable. This change makes ScopedMmap store the passed-in
length internally, making it available unmodified via the accessor, and
rounding it up to page length at internal points of use.
Change-Id: I827925af68e38f33bfa3cee535db0f098884fc6b
Reviewed-on: https://chromium-review.googlesource.com/c/1492774
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
apple_cf is just a header, but we’ve got a BUILD.gn for
third_party/cpp-httplib, which is also just a header.
Change-Id: Ib42c25657b5964678d14682a0a802ebef0e4cb2f
Reviewed-on: https://chromium-review.googlesource.com/c/1489182
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
ScopedMmap was asserting that the length of a mapped region must be an
exact number of pages, but this is not required or useful.
Change-Id: I6141712a1980a217565e31ddcd4c23cf6a32503c
Reviewed-on: https://chromium-review.googlesource.com/c/1480440
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Explicitly check that mach_vm_read() successfully read the entire
requested region. This is a speculative fix for an infrequent crash that
occurs in the wild where only part of the region read by ReadMapped()
was actually mapped into memory.
Bug: chromium:918626
Change-Id: I4f4b3902d11480dc4a003608cfb1d371ec89425b
Reviewed-on: https://chromium-review.googlesource.com/c/1455170
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
-ftrivial-auto-var-init=pattern automatically initializes all variables
with a pattern. This revealed two issues:
1. Unitialized read of field from CrashpadInfoClientOptions.
2. The PC distance check in TestCaptureContext (due to additional
instrumentation, the distance is now 76 on x86-64 and 92 on aarch64).
Change-Id: I528e5f21c70d2849c9300776da783fde59411e9e
Reviewed-on: https://chromium-review.googlesource.com/c/1471691
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
This reverts commit 79f4a3970a6425ef0475263974bf9a012279ba4f.
Chromium’s test launcher is not prepared to handle GTEST_SKIP().
Bug: chromium:912138
Change-Id: Iaeffaedcd92093ec61b013f2a919dc4670094581
Reviewed-on: https://chromium-review.googlesource.com/c/1464099
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Since gtest 00938b2b228f3, gtest has built-in first-class support for
skipping tests, which is functionally identical (at least in Crashpad’s
usage) to the home-grown support for run-time dynamically disabled tests
introduced in Crashpad 5e9ed4cb9f69.
Use the new standard pattern, and remove all vestiges of the custom
local one.
Change-Id: Ia332136c356d523885fc5d86bc8f06fefbe6a792
Reviewed-on: https://chromium-review.googlesource.com/c/1427242
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
The test currently compile because of ADL (argument-dependent lookup). It
does not compile with a more recent googletest version. See associated
bug for linked to failed builds and compiler error messages.
Bug: crashpad:274
Change-Id: I7f2dd736453deb2a1af7bcacefc421961e1eb95e
Reviewed-on: https://chromium-review.googlesource.com/c/1422786
Commit-Queue: Victor Costan <pwnall@chromium.org>
Reviewed-by: Scott Graham <scottmg@chromium.org>
Use-after-return detection happens to currently be enabled on Linux and
Android but is not exclusive to those platforms. Disable tests
incompatible with ASan UAR detection on all platforms.
Bug: 915245
Change-Id: I40447c126dac9dc7d0f72e400136afb8c292324d
Reviewed-on: https://chromium-review.googlesource.com/c/1414614
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
zx_task_suspend() now supports suspending processes. This is somewhat
more reliable than suspending the constituent threads because after the
call returns and the token is being held, any subsequently started
threads will start in the the suspended state.
However, because the suspend is asynchronous the threads of the process
still need to be iterated to wait for them to assert ZX_THREAD_SUSPENDED
(and that can and does still fail to happen for a number of reasons). So
while improved, this class is still only best-effort.
Additionally, as the version of ScopedTaskSuspend that took a thread
wasn't being used, remove that.
Bug: crashpad:269
Change-Id: Ifb3f8e0d780a5e22af33613f92a61d25459f5139
Reviewed-on: https://chromium-review.googlesource.com/c/1377201
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
The prohibition on using Mach receive rights with kqueue() was lifted in
10.12. Add the source code reference that should have been here all
along, and explain how xnu has changed. When the minimum runtime target
is 10.12 or later, the port set in this code will be unnecessary, and it
will be possible to remove it.
Change-Id: I8fdf91a124efb081e4748ccf60680b12a38c4d18
Reviewed-on: https://chromium-review.googlesource.com/c/1406894
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
This was part of a change to delete base::ThreadLocalStorage::StaticSlot.
Bug: crashpad:271
Change-Id: I0df76318aef05cbaecab660253cb388e3929f693
Reviewed-on: https://chromium-review.googlesource.com/c/1405788
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
offsets in the MemoryMap are expressed as two's complement while
Crashpad's and mini_chromium's string conversion functions expect
negative numbers to be expressed with a '-' character.
Convert the string as unsigned and then re-interpret to signed when
necessary.
Bug: 914246
Change-Id: I76aaf092ea7ad98806be7a3f380dab4ca0425ed6
Reviewed-on: https://chromium-review.googlesource.com/c/1399372
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Fixes a -Wunused-value warning found by the latest version of clang.
R=mark@chromium.org
Bug: 917419
Change-Id: I6178c1534adc7e25e5b75f6a6ab90497a86de23f
Reviewed-on: https://chromium-review.googlesource.com/c/1395945
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Reid Kleckner <rnk@chromium.org>
This is a follow-up to c8a016b99d97, following the post-landing
discussion at
https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1393921/5#message-2058541d8c4505d20a990ab7734cd758e437a5f7
base::size, and std::size that will eventually replace it when C++17 is
assured, does not allow the size of non-static data members to be taken
in constant expression context. The remaining uses of ArraySize are in:
minidump/minidump_exception_writer.cc (×1)
minidump/minidump_system_info_writer.cc (×2, also uses base::size)
snapshot/cpu_context.cc (×4, also uses base::size)
util/misc/arraysize_test.cc (×10, of course)
The first of these occurs when initializing a constexpr variable. All
others are in expressions used with static_assert.
Includes:
Update mini_chromium to 737433ebade4d446643c6c07daae02a67e8deccao
f701716d9546 Add Windows ARM64 build target to mini_chromium
87a95a3d6ac2 Remove the arraysize macro
1f7255ead1f7 Placate MSVC in areas of base::size usage
737433ebade4 Add cast
Bug: chromium:837308
Change-Id: I6a5162654461b1bdd9b7b6864d0d71a734bcde19
Reviewed-on: https://chromium-review.googlesource.com/c/1396108
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Adds new scripts: mig_gen.py for using MIG to generate a Mach interface, mig_fix.py for fixing the resulting interface. mig.py now wraps both into the same user interface.
mig_fix.py also has the option to write its fixed output to new files, rather than overwriting the existing output. This should increase compatibility with certain build configurations.
Change-Id: I743ea1bab3f63c5b92f361948b544d498ed01cbc
Reviewed-on: https://chromium-review.googlesource.com/c/1389095
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
As Mark noted in [1] ProcessMemory should accept VMSize instead of
size_t, the two types can differ on platforms where a cross-bitness
handler could cause a 32-bit handler to inspect a 64-bit process. By
centralizing the checks in ProcessMemory, we can leave the individual
platform-specific implementations (in ProcessMemory*::ReadUpTo) to
accept size_ts.
[1] crrev.com/c/1388017/2/snapshot/crashpad_types/crashpad_info_reader.cc#70
Bug: crashpad:270
Change-Id: I3aab483221de36f3b1478cb9503101b142dae681
Reviewed-on: https://chromium-review.googlesource.com/c/1387756
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Didn't notice these until I hit presubmit in chromium.
Bug: crashpad:263
Change-Id: I7d86c508928c95a65b7972a19fbdf3bd19c9b29b
Reviewed-on: https://chromium-review.googlesource.com/c/1387885
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Delete TaskMemory tests made redundant by equivalent
ProcessMemoryTests. Some TaskMemory tests are still not redundant
because they test TaskMemory::ReadMapped() or they exercise platform-
specific behavior like TaskMemory::Read() not being able to read a
VM_PROT_NONE page.
Bug: crashpad:263
Change-Id: I72a56b4f3564444b02943f11a0069749bf1b074b
Reviewed-on: https://chromium-review.googlesource.com/c/1387270
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
