A ProcessSnapshotSanitized enables filtering possibly sensitive
information from a snapshot.
WebView has different privacy constraints than Chrome and needs to
avoid collecting data in annotations or from stack memory that may
contain PII. This CL enables:
1. Filtering annotations by name using a whitelist.
2. Filtering for crashes which reference a particular module.
3. Redacting non-essential information from stack memory.
This CL does not provide a client interface to enable sanitization.
Bug: crashpad:30
Change-Id: I8944c70fdcca6d6d4b7955d983320909bf871254
Reviewed-on: https://chromium-review.googlesource.com/1070472
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Scott Graham <scottmg@chromium.org>
Adds the build support for using libfuzzer controlled by setting
`crashpad_use_libfuzzer=true`.
Also adds a first fuzzer (for ElfImageReader). Currently only runs on
Linux, but should work on Fuchsia too with some minor fixes (not sure
yet whether the fixes required are toolchain or in our build setup).
Run as:
out/lin/elf_image_reader_fuzzer snapshot/elf/elf_image_reader_fuzzer_corpus/
hits an OOM pretty quickly in trying to allocate a giant buffer.
Bug: crashpad:30, crashpad:196, crashpad:233
Change-Id: Idd3ca11fe00319b8b29e029d5e13b17bfd518ea0
Reviewed-on: https://chromium-review.googlesource.com/1083451
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
SimulateCrash.ChildDumpWithoutCrashing needed a larger threshold due to
ASAN instrumentation.
These tests expect children to crash, but ASAN captures the exception
before letting Crashpad handle it:
CrashpadClient.HandlerLaunchFailureCrash
CrashpadClient.HandlerLaunchFailureDumpAndCrash
CrashpadHandler.ExtensibilityCalloutsWork
ExceptionSnapshotWinTest.ChildCrash
(which is an upstreaming of https://chromium-review.googlesource.com/1067151).
Additionally, because Chrome doesn't build all, I noticed a missing
dependency on a test binary which is added here.
Bug: chromium:845011
Change-Id: I5c3ae5673512be29edad21e7d20dd57b8b5ce2bf
Reviewed-on: https://chromium-review.googlesource.com/1075715
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
Change-Id: Ifcfe6c2d18045ce3a2e443ee84d4dd84bb3db373
Reviewed-on: https://chromium-review.googlesource.com/1073567
Reviewed-by: Scott Graham <scottmg@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
This is particularly a problem when the neighboring mapping is a
special mapping not readable from another process. For example:
7fff96aeb000-7fff96b0c000 rw-p 00000000 00:00 0 [stack]
7fff96b0c000-7fff96b0e000 r--p 00000000 00:00 0 [vvar]
[vvar] is a special mapping which makes some kernel data available
for virtual system calls. Attempting to read this region via the
/proc/<pid>/maps file returns an IO error which causes Crashpad to
abort capturing any of the thread's stack.
Neighboring mappings with empty names are eligible to be merged since
they result from changing permissions on existing named mappings.
Change-Id: I587bd2ec6f9759d284f1f9b1d93f2a44ddf61e92
Reviewed-on: https://chromium-review.googlesource.com/1072803
Reviewed-by: Scott Graham <scottmg@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Bug: crashpad:196
Change-Id: I82cf1c5384ebfc2fb7882e69145b211c4b24f7c5
Reviewed-on: https://chromium-review.googlesource.com/1054576
Reviewed-by: Scott Graham <scottmg@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
Annotations data structures may be dynamically allocated so could
appear outside a modules's address range. Let ImageAnnotationReader
use a ProcessMemoryRange for the process, rather than the module.
Also add a test for linux.
Bug: crashpad:30
Change-Id: Ibbf1d2fcb2e44b1b70c8a02e86c6f2fbd784535f
Reviewed-on: https://chromium-review.googlesource.com/1054705
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Scott Graham <scottmg@chromium.org>
Packaged test running seems to be a ways off, but with a bit of path
fiddling in test_paths.cc we can actually use the paths where the tests
are copied, so do that instead to get all the tests re-enabled. The
setup in BUILD.gn should be mostly-useful once packaging is working as
all helper/data files will need to specified there anyway.
Also, attempted fix to flaky behaviour in
ProcessReaderFuchsia.ChildThreads exposed because the tests are now
being run. zx_object_wait_many() waits on *any* of the objects, not
*all* of them. Derp!
And finally, for the same test, work around some unintuitive behaviour
in zx_task_suspend(), in particular that the thread will not be
suspended for the purpose of reading registers right away, but instead
only "sometime later", which appears in pratice to be after the next
context switch. Have ScopedTaskSuspend block for a while to try to
ensure the registers become readble, and if they don't, at least fail
noisily at that point.
Bug: crashpad:196
Change-Id: I01fb3590ede96301c941c2a88eba47fdbfe74ea7
Reviewed-on: https://chromium-review.googlesource.com/1053797
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
The package deployment/running is in flux at the moment. In order to get
all the other tests on to the main Fuchsia waterfall, disable the ~25
tests that require external files (for launching child processes,
loading modules, or data files) because those operations all fail on
Fuchsia-without-packages right now. Upstream this is PKG-46. Once test
packaging and running has been resolved, this can be reverted.
These tests are still run when building Crashpad standalone on Fuchsia
as the standalone build simply copies all the relevant data files to the
device in /tmp.
Bug: crashpad:196
Change-Id: I1677c394a2b9d709c59363ebeea8aff193d4c21d
Reviewed-on: https://chromium-review.googlesource.com/1045547
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Implements InitializeException() in ProcessSnapshot, and pulls it all
together writing the dump in crash handler. Sample output at crash
00163eff624e653e on the staging server.
Also adds a child-retrieve helper to koid_utilities.
Bug: crashpad:196
Change-Id: I4bee7655e81e3243ac0ae896ff0caea7ce4acdad
Reviewed-on: https://chromium-review.googlesource.com/1044771
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
- Endian-swaps the 3 integer fields of the build id when returning it
for use as the module id (see bug 229).
- Removes the "app:" prefix on the main binary, as this prevents the
crash server from matching the binary name (and it isn't particularly
useful anyway)
- Map "<vDSO>" to "libzircon.so" as that's what it actually is, so that
symbols for it can be found.
Bug: crashpad:196, crashpad:229
Change-Id: Ie4abc732b7696345b96c34dbb1a7d2cc2cfcf77f
Reviewed-on: https://chromium-review.googlesource.com/1035461
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
This "child" test was actually reading itself (whoops!). Instead, pass
the address of the string to be read back from the child and read that.
Bug: crashpad:196
Change-Id: I27aa4cd06c69cd492cb3387a5a773a56e9cb02a3
Reviewed-on: https://chromium-review.googlesource.com/1033712
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
Bug: 428099
Change-Id: If8818d02fd6315ad46d512357db2b70d011a52b0
Reviewed-on: https://chromium-review.googlesource.com/1031992
Reviewed-by: Scott Graham <scottmg@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
Conversion to CPUContext is currently only implemented for x64.
Bug: crashpad:196
Change-Id: I3fb8541f70a6f8d6f12c02e6b17c78e07e195056
Reviewed-on: https://chromium-review.googlesource.com/1007967
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This implementation has some limitations as documented in the header,
however, threads must be suspended in order to use the register capture
debug API so this is somewhat useful for now in the context of
generate_dump.
Also, refactor some child-object retrieval helpers used in a few places.
Bug: crashpad:196
Change-Id: I1fdae5fc3d4b43841e535724eac10c1e58af04c5
Reviewed-on: https://chromium-review.googlesource.com/1007966
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This allows clients to use the database to handle uploads themselves,
e.g. on Android, where Crashpad does not yet provide an uploader.
The handler does not launch an upload thread when no url is supplied.
Previously, the handler would move these reports to
completed and record the upload as skipped with kUploadsDisabled.
With this change, these reports would remain pending until pruned,
with no metrics recorded for them in regard to their upload.
Bug: crashpad:30
Change-Id: I4167ab1531634b10e91d03229018ae6aab4103aa
Reviewed-on: https://chromium-review.googlesource.com/1010970
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
uname() seems to hang, sometimes, perhaps when then network is in a bad
state. Additionally, this way allows getting a minimal amount of version
information via zx_system_get_version().
Bug: crashpad:196
Change-Id: I2c040ee38ae017a6e8e060de10039bae6d159058
Reviewed-on: https://chromium-review.googlesource.com/1007979
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
With this `generate_dump <somepid>` generates a valid and somewhat
plausible (but still quite incomplete) minidump.
As an example, on a running Fuchsia system, `ps` reported the pid of
"netstack" as 6062, followed by `generate_dump 6062`, copy minidump.6062
to host, and run Breakpad's minidump_dump on the generated dump file,
resulting in:
https://gist.github.com/sgraham/24e4ba1af968219d7c154bb0fba43925
This looks roughly correct in that it has a bunch of threads (without
much data) and a reasonable looking module list.
Bug: crashpad:196
Change-Id: I3f68cc015f74374624a5ce497d46ac90df17a22c
Reviewed-on: https://chromium-review.googlesource.com/1005978
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
- Implement ProcessID().
- Return empty ProcessStartTime() and ProcessCPUTimes() as there's
nothing available.
- Return the Threads that were collected in Initialize().
- Return empty MachineDescription() plus upstream bug link.
Bug: crashpad:196
Change-Id: I77b33c18ed3844464bb5b9f238406191c221b17e
Reviewed-on: https://chromium-review.googlesource.com/1005889
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
Mostly sensible implementation for x64 via cpuid. It's too early for
Fuchsia to have a version number, so nothing is reported for those
fields. ARM64 isn't implemented at all and would hit a lot of
NOTREACHED()s.
Bug: crashpad:196
Change-Id: I6ca8b12e16fe0cf773a17c88ca9d407b028a501c
Reviewed-on: https://chromium-review.googlesource.com/1005906
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Floating-point content may not begin at the start of __fpregs_mem and
should be located via mcontext.fpptr, which may be `nullptr`.
Bug: crashpad:30
Change-Id: Ie3116339d79f6669d757618e9e592f8480dcdcba
Reviewed-on: https://chromium-review.googlesource.com/1001332
Reviewed-by: Scott Graham <scottmg@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
This may be a bug in the target program or loader, but doesn't seem
like something worth dying over. If a link_entry name is empty,
ProcessReaderLinux::InitializeModules() will fall back to using the
name of the module's mapping. In this case, the main executable's
link entry name pointed into unmapped memory, but the memory map was
able to identify it as app_process32.
Bug: crashpad:30
Change-Id: Ic6df08132271efb809bf0bc28f23a333deb20a67
Reviewed-on: https://chromium-review.googlesource.com/999301
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
This change:
1. Updates the broker's memory reading protocol to enable short reads.
2. Updates Ptracer to allow short reads.
3. Updates the broker to allow reading from a memory file.
4. Updates the broker's default file root to be "/proc/[pid]/".
5. Adds PtraceConnection::Memory() to produce a suitable memory reader
for a connection type.
Bug: crashpad:30
Change-Id: I8c004016065d981acd1fa74ad1b8e51ce07c7c85
Reviewed-on: https://chromium-review.googlesource.com/991455
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Some files, such as /proc/[pid]/maps, may not be accessible to the
handler. This enables the handler access to the contents of those files
via the broker.
This change reads maps and auxv using ReadFileContents.
Bug: crashpad:30
Change-Id: Ia19b498bae473c616ea794ab51c3f22afd5795be
Reviewed-on: https://chromium-review.googlesource.com/989406
Reviewed-by: Mark Mentovai <mark@chromium.org>
The crashpad_{executable, loadable_module} templates won't have
pre-existing configs lists to modify. Use configs and remove_configs
to merge changes into default configs when using the templates.
Change-Id: Id7c0b1991c9d0ac55022b427feb59df28668b959
Reviewed-on: https://chromium-review.googlesource.com/981778
Reviewed-by: Mark Mentovai <mark@chromium.org>
When building in chromium, executables and loadable_modules should
depend on:
//build/config:exe_and_shlib_deps
which, among other things, may be needed to introduce a
dependency on a custom libc++.
Bug: crashpad:30
Change-Id: Ic46a3cf5b46bdac09cca22950f9236e0776ba44a
Reviewed-on: https://chromium-review.googlesource.com/974713
Reviewed-by: Mark Mentovai <mark@chromium.org>
Don't attempt to read data if the note isn't in an allocated segment.
See investigation starting at
https://bugs.chromium.org/p/crashpad/issues/detail?id=220#c27 for
details.
Bug: crashpad:220, crashpad:30, crashpad:196
Change-Id: I60eaacb83ad00ef33bde9079d25cc23a59bdf2c8
Reviewed-on: https://chromium-review.googlesource.com/941507
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
This is mostly empty except for the ID, until I concoct a way to get the
stack out of Fuchsia, and implement context capture.
Bug: crashpad:196
Change-Id: I26d0622d44aefba88750f7ec6feb1a6e95467208
Reviewed-on: https://chromium-review.googlesource.com/932941
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
This fills out Threads() in ProcessReader, gathering some information
for which there's system calls, and adds some basic tests for
ProcessReader on Fuchsia.
Bug: crashpad:196
Change-Id: I0738e77121c90a8b883267c1df0fcfc6621674d7
Reviewed-on: https://chromium-review.googlesource.com/929350
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Pulls the concrete non-test implementations of MemorySnapshot out into a
template. They were effectively identical on Mac and Linux/Android, and
I was going to have to add another identical one for Fuchsia.
Unfortunately it needs to be a template because of the snapshot merging
template it calls that needs the platform-specific ProcessReader (so it
can't just pass in a base ProcessMemory in initialization instead).
This is used on Mac, Linux, Android, and Fuchsia, but there is still a
Windows implementation (different because its ProcessReader is a bit
different) and a test implementation.
Bug: crashpad:196
Change-Id: I4b5575fee0749e96b08e756be1f8380a2c994d7c
Reviewed-on: https://chromium-review.googlesource.com/929308
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
And document that UnloadedModules() isn't applicable on Fuchsia.
Bug: crashpad:196
Change-Id: Ic2c5f26fbc9cbd908ec0b941797c63f88caeec9c
Reviewed-on: https://chromium-review.googlesource.com/929302
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
They were largely the same after recent changes, so with a bit at
initialization time the whole class can be de-duplicated.
Bug: crashpad:196, crashpad:30
Change-Id: I2f5df797dfe36e120090e570273b48ee03f660a5
Reviewed-on: https://chromium-review.googlesource.com/927611
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
Includes mini_chromium DEPS roll of one change:
4e3b2c0 fuchsia: Make target flag apply to asm too
After this, the Fuchsia ARM64 build compiles.
Bug: crashpad:196
Change-Id: I1b749a2b2443303ad86122fbe5c9750300474d79
Reviewed-on: https://chromium-review.googlesource.com/925454
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
These tests needed to be updated to expose CrashpadInfo in the same way
as the main CrashpadInfo g_crashpad_info is found on
Linux/Android/Fuchsia.
Unfortunately, while the tests pass on Fuchsia when run in isolation,
the implementation of dlclose() on Fuchsia currently does nothing. So,
if the full test suite is run, there's interference between the test
modules (i.e. the values in _small vs. the values in _large), so the
tests fail.
I filed ZX-1728 upstream about this to see if it might be implemented,
or if the test will need to spawn a clean child to do the module load
tests in.
Bug: crashpad:196
Change-Id: I9ee01b142a29c508c6967dc83da824afa254d379
Reviewed-on: https://chromium-review.googlesource.com/923182
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
In preference to (the reverted)
https://chromium-review.googlesource.com/c/crashpad/crashpad/+/923178
this does not share implementation with the tests in
snapshot/crashpad_info_client_options_test.cc. This is not done because
those tests use faked CrashpadInfo structures that are intentionally
differently sized than the current defintion of CrashpadInfo, meaning
that the scoped reset could overwrite past the end of the structure.
Not resetting these was causing CrashpadInfoClientOptions tests to fail
on Fuchsia, because dlclose() [legally] doesn't do anything, so
modifying the current binaries CrashpadInfo caused the expected values
from child .sos to be ignored. That could be worked around in that test
too, but it's probably better to clean up the global state in this test
anyway.
Bug: crashpad:196
Change-Id: Ia3f81f1d5872b5ef7d543fcc68b56af4c0b6ca0a
Reviewed-on: https://chromium-review.googlesource.com/923561
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
This reverts commit 4717300fa4cefadeabef64346ba65aa8759d43b8.
Reason for revert: When used in with the size-testing fake CrashpadInfo's, this can overwrite past the end of them.
Original change's description:
> Reset CrashpadInfo after CrashpadInfoReader tests
>
> Not resetting these was causing CrashpadInfoClientOptions tests to fail
> on Fuchsia, because dlclose() [legally] doesn't do anything, so
> modifying the current binaries CrashpadInfo caused the expected values
> from child .sos to be ignored. That could be worked around in that test
> too, but it's probably better to clean up the global state in this test
> anyway.
>
> Bug: crashpad:196
> Change-Id: Ia8119ac7c554bea81e8373e2547faf192c629122
> Reviewed-on: https://chromium-review.googlesource.com/923178
> Commit-Queue: Scott Graham <scottmg@chromium.org>
> Reviewed-by: Joshua Peraza <jperaza@chromium.org>
TBR=scottmg@chromium.org,jperaza@chromium.org
Change-Id: Ia6d8db1ba24c82bb9346210ac8b66d80f42a6925
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: crashpad:196
Reviewed-on: https://chromium-review.googlesource.com/923541
Reviewed-by: Scott Graham <scottmg@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
Not resetting these was causing CrashpadInfoClientOptions tests to fail
on Fuchsia, because dlclose() [legally] doesn't do anything, so
modifying the current binaries CrashpadInfo caused the expected values
from child .sos to be ignored. That could be worked around in that test
too, but it's probably better to clean up the global state in this test
anyway.
Bug: crashpad:196
Change-Id: Ia8119ac7c554bea81e8373e2547faf192c629122
Reviewed-on: https://chromium-review.googlesource.com/923178
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
