The memory region data saved in the intermediate dump is an address
offset by 128 bytes. However, the MemorySnapshot generated was using the
original address and not the offset address. The same data is being
captured in the minidump.
Change-Id: Ia34912c035319e79cf446a130e662084f4ab51ea
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5529059
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Rohit Rao <rohitrao@chromium.org>
There were two issues with the iOS implementation of CrashpadClient
which I reported in https://crbug.com/crashpad/481:
1) TSAN found a data race in ResetForTesting() when it modified the
ScopedMachReceiveRight while the Mach exception port thread was
reading it
2) The Mach port connected to the exception server was never deallocated
This CL fixes both issues.
Change-Id: I5bd4f79ae6d0eccca954d663be7a36f8ceb0a0e8
Bug: https://crbug.com/crashpad/481
Bug: b:332305593
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5410301
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Previously, Crashpad would only capture iOS thread context memory regions by iterating the task_threads->thread_get_state's. For Mach
exception this worked as intended. However, for signal exceptions this
missed the registers from the actual signal context. This change
correctly captures these regions and stores them in the exception
snapshot.
Change-Id: I494e753a25c2687e61b5183ed0135f520ca8bf52
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5380505
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
This CL make the iterators implemented by AnnotationList compliant to
the requirements imposed by the C++ standard on input iterators.
Change-Id: I263c94a97f5bcd7edd5ef4d8b65fa28b11876974
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5093147
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
There appears to be a change in dyld in macOS 14.3 that iOS 17
accounts for, but older simulators do not. This causes the main
binary to be listed twice when iterating modules, breaking some
tests.
Bug: crbug.com/328282286
Change-Id: I71909fbc13bee6de23b10ffd92a791067f8ea909
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5353754
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
This change adds a method to update a CrashpadInfo stream.
As part of this change, AddUserDataMinidumpStream() now returns a handle
to the added stream. This handle can be passed to
UpdateUserDataMinidumpStream() if a new version of the stream needs to
be attached to the crash report.
This method is needed for e.g., allowing Chrome's System Profile to
update, as it contains some data that takes a while to collect.
Bug: crashpad:474
Change-Id: I19e935a6904d8843215582e5606b189479ee338b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5260024
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Jesse McKenna <jessemckenna@google.com>
The change in macOS 14's dyld to insert new modules in the front of
`dyld_all_image_infos` means that if the any images are loaded
during an exception while iterating the modules list, the primary
executable will be missed. Instead, read the modules in reverse
order.
Change-Id: I49f6468173f18ef4bd0f326c84e4b48cfc696cd3
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5249275
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
This CL introduces a new crash key 'crashpad_uptime_ns' that records the
number of nanoseconds between when Crashpad was initialized and when a
snapshot is generated.
Crashpad minidumps record the MDRawMiscInfo process_create_time using a
sysctl(KERN_PROC).kp_proc.p_starttime. This time is used to display the
'uptime' of a process. However, iOS 15 and later has a feature that
'prewarms' the app to reduce the amount of time the user waits before
the app is usable. This mean crashes that may happen immediately on
startup would appear to happen minutes or hours after process creation
time.
While initial implementations of prewarming would include some parts of
main, since iOS16 prewarming is complete before main, and therefore
before Crashpad is typically initialized.
Bug: crashpad:472
Change-Id: Iff960e37ae40121bd5927d319a2767d1cafce846
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5171091
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
The real Chromium base/bit_cast.h is in the base namespace.
mini_chromium's version was just changed to be in the base namespace
as well. Roll to the latest mini_chromium and scope all calls to
bit_cast.
Bug: chromium:1506769
Change-Id: I7b25ee512f67694ef6ed3d0250e4f6a6db151eb3
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5116880
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
bit_cast should never be used on pointers, as it doesn't avoid UB and
can lose qualifiers.
Fortunately, the only use of bit_cast on a pointer was to cast
nullptr into a function pointer, and because nullptr will implicitly
behave as any kind of pointer, that cast isn't needed.
Bug: none
Change-Id: I3ad79b36b7fb5ab53d4b4b6dfc82dea883ec8b53
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5106728
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
This CL implements a const iterator to allow for iteration over a const
AnnotationList. This way, the annotation list can passed as a const
reference in search only situations.
Change-Id: I53bd7871f3d914e7e7e627b6b464aa7fa79597f4
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4984053
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Andre Kempe <andre.kempe@arm.com>
memcpy and memchr on NULL, 0 is UB due to a C language bug. Instead, use
the C++ functions, which do not have this bug.
Bug: chromium:1394755
Change-Id: I82023aa038c53905f9867c635b26f3b26d9994f5
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4987148
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
This reverts commit e17518a9e879f63b578db6c184c6bb17f1b13a06.
Reason for revert:
When trying to roll Crashpad into Chromium, all the new tests in
this CL fail; https://crrev.com/c/4984643?checksRunsSelected=win-rel&tab=checks
Original change's description:
> Add an option to start a Windows client with global hooks disabled.
>
> Change-Id: I645d6136788ca4ccebfc73005c8c2455dc4b2cee
> Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4949671
> Reviewed-by: Mark Mentovai <mark@chromium.org>
> Commit-Queue: Rich Mckeever <mckeever@google.com>
Change-Id: I3a41238cf0960899fac19d1e6d0ed0e527dfe13f
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4985124
Reviewed-by: Mark Mentovai <mark@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Avi Drissman <avi@chromium.org>
Fixes a pending issue when we eventually move to C++20.
Original author: Dean Sturtevant
Change-Id: I7bb0648c73df6b6a28a3a4debdb4524d3cd27b38
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4979733
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Commit-Queue: Eric Astor <epastor@google.com>
Include check_op.h directly, instead of relying on the transitive
include from logging.h. This transitive include does not exist in
Chromium's //base.
Change-Id: I15962a9cdc26ac206032157b8d2659cf263ad695
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4950200
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
f145b54e8378c8e2bd1fbb427684ca9b4c54ea9c put the only reference to this
in a non-ASAN block, so we're hitting an unused function warning rolling
into Chromium
Bug: crashpad:464
Change-Id: I225debd48a255aa5214e02a6821dcd72c618f141
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4939552
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Leonard Grey <lgrey@chromium.org>
ASAN injects a bad de-reference in HandleHeapCorruption() that causes it to be recursively invoked.
Bug: crashpad:464
Change-Id: I5e8db5555462166b963e0e43c6eb8ac0b327219e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4935953
Reviewed-by: Alex Gough <ajgo@chromium.org>
Commit-Queue: Rich Mckeever <mckeever@google.com>
Some users of crashpad load and unload the dll that hosts
crashpad code. crashpad registers a vectored exception handler
to help collect heap corruption crashes. If the dll is
unloaded this handler might still be called.
This CL adds a scoped handler for such registrations and
uses it on Windows crashpad client. To allow this to
be stored, RegisterHandler() on the client needs to move
onto the client object from being a helper function.
Bug: crashpad:462
Change-Id: I5d77c056e2a9a61ddcfa9d0186ab4bfd85a19bff
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4898263
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
This is a reland of commit b1e66e322ddd07f4640ee8bad93397a0511cd313
Original change's description:
> Add SetLastChanceExceptionHandler to implement permissive MTE mode
>
> SetLastChanceExceptionHandler sets a callback to be called after a
> crash has been reported. Returning true from this callback will
> not reraise the signal so the execution can continue. This will be
> used to implement permissive MTE mode, which will continue execution
> after a MTE crash.
>
> Bug: chromium:1467915
> Change-Id: I93a28ceea921fe977805482cf47c07643ca6133c
> Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4707688
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Commit-Queue: Keishi Hattori <keishi@chromium.org>
Bug: chromium:1467915
Change-Id: Ibdc18084deb08bccf3c74f688b7d48ff24fe81f9
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4756235
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Keishi Hattori <keishi@chromium.org>
This CL rolls mini_chromium to pick up the move of a bunch of files
to base/apple, and makes changes to adjust.
Bug: chromium:1444927
Change-Id: Ib692e2a1628e2c0c8228795eaecdb7f35b1c09fa
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4786387
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
ARC is now enabled by default, so there’s no need to enforce it
against files being put into non-ARC targets.
Bug: chromium:1468376
Change-Id: I58bbb4d1736293a6e9977954ce932dcfe2bafa54
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4750419
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
This reverts commit b1e66e322ddd07f4640ee8bad93397a0511cd313.
Reason for revert: test was flaky on Android bot
Original change's description:
> Add SetLastChanceExceptionHandler to implement permissive MTE mode
>
> SetLastChanceExceptionHandler sets a callback to be called after a
> crash has been reported. Returning true from this callback will
> not reraise the signal so the execution can continue. This will be
> used to implement permissive MTE mode, which will continue execution
> after a MTE crash.
>
> Bug: chromium:1467915
> Change-Id: I93a28ceea921fe977805482cf47c07643ca6133c
> Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4707688
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Commit-Queue: Keishi Hattori <keishi@chromium.org>
Bug: chromium:1467915
Change-Id: Id815a780b576088974101117a4587adec64cfe8c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4750459
Commit-Queue: Keishi Hattori <keishi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
SetLastChanceExceptionHandler sets a callback to be called after a
crash has been reported. Returning true from this callback will
not reraise the signal so the execution can continue. This will be
used to implement permissive MTE mode, which will continue execution
after a MTE crash.
Bug: chromium:1467915
Change-Id: I93a28ceea921fe977805482cf47c07643ca6133c
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4707688
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Keishi Hattori <keishi@chromium.org>
CaptureContext isn't actually used on Fuchsia and there is a desire to
remove `ucontext_t` from Fuchsia as it isn't a real concept on Fuchsia
and was only added as a placeholder. Moreover, `ucontext_t` won't ever
be added to Fuchsia for RISC-V.
Bug: fuchsia:123052
Fixed: fuchsia:131112
Fixed: fuchsia:127655
Tested: `fx test crashpad` on core.x64 emulator
Tested: `fx test crashpad` on ARM64 device
Tested: `fx shell crasher` @ 16b19a9891978487 on ARM64 device, ran
through Breakpad stackwalker locally as well
Tested: `fx build crashpad_tests` for minimal.riscv64
Change-Id: I4695054426df78a9deff8c9ea9c478b5bf9701b1
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4717085
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Thomas Gales <tgales@google.com>
Windows claims that heap corruption crashes are passed
to Windows Error Reporting but they are not, they are
swallowed and the process is simply terminated. WerFault.exe
does not run.
We can however intercept these crashes using a vectored
exception handler which forwards STATUS_HEAP_CORRUPTION
to the normal crash handler.
Adds an end-to-end test.
Bug: 2515
Change-Id: I2e1361dacef6fd03ea0f00327fee0b05a0c4899e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4637533
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Remove the reference to `base/cxx17_backports.h` from the code.
Bug: chromium:1373621
Change-Id: I84dd5fc1b069b168e4558316344c1f1c5377a68b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4471860
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
In the recent llvm upstream change, https://reviews.llvm.org/D148269,
clang becomes smarter and will remove the infinite recursion function.
Use the clang attribute __attribute__((optnone)) to disable optimization
for it.
Bug: chromium:1435016
Change-Id: I74e823bf64d0b03d81c0bda7a8338e2fa67033aa
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4456156
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Zequan Wu <zequanwu@google.com>
ObjcExceptionPreprocessor is a 'reasonable effort' attempt to catch an
NSException minidump at time the exception is thrown as opposed to when the application terminates due to the exception. If multiple
exceptions are thrown at the same time, Crashpad should correctly
report the final uncaught exception, but the minidump may not
represent the full `caught-at-thrown` minidump.
- Don't assume ObjcExceptionPreprocessor throws an NSException.
- Don't retain/release the exception. Instead of calling isEqual,
just use a simple pointer comparison.
- Make last_exception atomic.
Bug: crashpad: 445, 446
Change-Id: I9f2f2041e96aa9818c63937025e507487ae9d03d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4317110
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
StringToInt(string_piece) works because base::StringPiece is in
namespace base, but when it is switched to std::string_view, this won't
work anymore. Use the idiomatic spelling.
Bug: chromium:691162
Change-Id: Ic45e0d2729fa5fc7c3e7a56fe159957b1bdcdf94
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4298113
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
The test BaseAnnotationShouldNotSupportSpinGuard assumed NDEBUG builds
always disabled DCHECK()s, but DCHECK_ALWAYS_ON overrides this.
This CL fixes the test for NDEDBUG + DCHECK_ALWAYS_ON builds by using
the DCHECK_IS_ON() macro to skip the test when DCHECKs are enabled.
Change-Id: I7b64729568c5d3139ca777e27462d81eba931834
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4255429
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Ben Hamilton <benhamilton@google.com>
Since iOS reads Annotations in-process, this CL updates the iOS
intermediate dump handler to check each Annotation to see if it supports
guarding concurrent reads and writes using ScopedSpinGuard.
For any such Annotation, the in-process dump handler now tries (without
spinning) to obtain the ScopedSpinGuard for the Annotation before
reading its memory.
If the ScopedSpinGuard cannot immediately be obtained, the in-process
dump handler just skips writing the memory of the Annotation to the
intermediate dump. (I'd like to follow up and thread down a Params
object so we can experiment with adding an optional timeout to make
this more reliable.)
Change-Id: Ie6c9849fac94ab89b36364b07aea62326cabe552
Bug: crashpad:437
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4031730
Commit-Queue: Ben Hamilton <benhamilton@google.com>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
This CL integrates the new ScopedSpinGuard with the new
LengthDelimitedRingBuffer into a new class, RingBufferAnnotation.
RingBufferAnnotation is thread-safe both for reading and writing, and is
suitable for streaming logs, trace events, and other high-throughput
data streams.
I included a load test (ring_buffer_annotation_load_test) which launches
two threads which simultaneously write to and read from the
RingBufferAnnotation.
By default, reads and writes are serialized using ScopedSpinGuard, but
passing the flag "--disable_spin_guard" to the test disables the spin
guard on the reading side (which is expected to make the test fail).
Change-Id: Ic8e28866d085d57e778c4f86bcb7492ef0638ab9
Bug: crashpad:437
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4023619
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Ben Hamilton <benhamilton@google.com>
This CL optionally integrates ScopedSpinGuard (an atomic boolean) with
crashpad::Annotation.
Subclasses of Annotation can choose to integrate ScopedSpinGuard into
their Set(...) methods to ensure reads and writes are serialized.
I didn't integrate this into StringAnnotation in this CL, but it'd be
pretty trivial to do in a follow-up.
Change-Id: I1c5b8982576b03f9780a57acb7627c9194f8f0ff
Bug: crashpad:437
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4022484
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Ben Hamilton <benhamilton@google.com>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
This CL cleans up types and code style comments from post-submit code
review comments on https://crrev.com/c/4023618 .
I also added fixes for potential overflows in varint length decoding
and included new tests.
Bug: crashpad:437
Change-Id: I0a3585036028d81f42d0d36e87cce4264f4ed9ad
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4199705
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
ARM64 supports storing pointer authentication codes in the upper bits of
a pointer. This mask can be used by LLDB to mimic ptrauth_strip and
strip the pointer authentication codes. To recover an address from
pointer with an authentication code, `AND` this mask with the pointer.
If the platform does not support pointer authentication, or the range of
valid addressees for a pointer was unaccessible, this field will be 0
and should be ignored.
Change-Id: Ie5cef90802dd1e892d456195ab8874223eac6a1b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2773358
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
This CL implements LengthDelimitedRingBuffer, a general-purpose
ringbuffer suitable for use as a Crashpad Annotation.
This ringbuffer supports writing variably-sized data delimited by a Base
128 varint-encoded length separator.
LengthDelimitedRingBuffer is backed by a std::array, so it has a fixed
maximum size. It supports reading via RingBufferReader as well as
writing via RingBufferWriter.
Change-Id: I23ecb4a85ee8e846e1efc6937a5cb089a494d50a
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4023618
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Ben Hamilton <benhamilton@google.com>
This is necessary to roll Crashpad in Chromium. Fixes the following:
[5984/6587] CXX obj/third_party/crashpad/crashpad/client/client_test/crashpad_client_linux_test.o
FAILED: obj/third_party/crashpad/crashpad/client/client_test/crashpad_client_linux_test.o
python3 ../../build/toolchain/clang_code_coverage_wrapper.py --target-os=linux --files-to-instrument...(too long)
../../third_party/crashpad/crashpad/client/crashpad_client_linux_test.cc:522:20: error: code will never be executed [-Werror,-Wunreachable-code]
struct utsname uname_info;
^~~~~~~~~~
1 error generated.
Bug: chromium:1260217
Change-Id: Ie63881ed82faec84e8d45bb30dfc8ef10cfdbd6d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4028794
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
SA_EXPOSE_TAGBITS is a Linux >= 5.11 feature that allows si_addr to
contain the upper tag bits. This is a feature that allows signal
handlers to see the full upper address bits on aarch64, which consist of
TBI and MTE nibbles. For MTE, preserving these bits is of significant
importance, as it allows for precise use-after-free and buffer-overflow
diagnosis that's impossible without seeing these bits in the fault
address.
We unconditionally enable this feature on all kernels, as it's ignored
when unsupported (even on older kernels).
Tested on:
1. Linux x86 host, which is a no-op.
2. Android device with Linux 4.14, which is a no-op.
3. Android device with Linux 5.15, which passes. For posterity, my
config was:
| $ gn args out_arm64
| target_os = "android"
| android_ndk_root = "~/Android.sdk/ndk/21.4.7075529"
| android_api_level = 26
| target_cpu = "arm64"
| # NDK builds push libc++_shared.so, which is not present on newer Android
| # versions, so I hacked the runner to push the file. Maybe this should be
| # upstreamed at some point as well.
| $ git diff
| diff --git a/build/run_tests.py b/build/run_tests.py
| index 8ad19e34..64269c90 100755
| --- a/build/run_tests.py
| +++ b/build/run_tests.py
| @@ -273,7 +273,8 @@ def _RunOnAndroidTarget(binary_dir, test, android_device, extra_command_line):
| _adb_shell(adb_mkdir_command)
|
| # Push the test binary and any other build output to the device.
| - local_test_build_artifacts = []
| + local_test_build_artifacts = [
| + '~/Android.sdk/ndk/21.4.7075529/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/aarch64-linux-android/libc++_shared.so']
| for artifact in test_build_artifacts:
| local_test_build_artifacts.append(os.path.join(
| binary_dir, artifact))
| @@ -294,6 +295,7 @@ def _RunOnAndroidTarget(binary_dir, test, android_device, extra_command_line):
| # The list of TERM values comes from Google Test’s
| # googletest/src/gtest.cc testing::internal::ShouldUseColor().
| env = {'CRASHPAD_TEST_DATA_ROOT': device_temp_dir}
| + env = {'LD_LIBRARY_PATH': device_out_dir}
| gtest_color = os.environ.get('GTEST_COLOR')
| if gtest_color in ('auto', None):
| if (sys.stdout.isatty() and
| $ ninja -C out_arm64 && python build/run_tests.py out_arm64/ \
| --gtest_filter=*StartHandlerForSelfTestSuite*
Change-Id: I293b36fcd08ffaca593dae8042299a39756defa0
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4024204
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mitch Phillips <mitchp@google.com>
On gLinux, tests don't pass in the default configuration (empty GN
args), because the infinite recursion test doesn't crash
anymore. Locally, forcing the function to stay out of line is sufficient
to fix it. This is inherently brittle, and may need to be revisited at a
later point.
Change-Id: Ica88a0b3a2151af95c64c490b5afcdc05cf3be4e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4020321
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Benoit Lize <lizeb@chromium.org>
Fixes NOTREACHED not being available in client/settings.cc. This was
available when compiling Crashpad standalone, but not as part of
Chromium.
Bug: chromium:1358240
Change-Id: Ie61d3beabf9ab953369f8fd25556d6a602c0c043
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4009734
Commit-Queue: Brian Sheedy <bsheedy@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
