The ProcessMemorySanitized implementation only allows reads to a given
process if it falls within a given whitelist of memory ranges. This
ensures that 'sanitized' snapshots only allow reading memory that was
explicitly allowed.
Bug: crashpad:263, chromium:973167
Change-Id: I72712d7ea3cabfd49cc91ffbe563cb349e6fcfdb
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1752593
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Explicitly check that mach_vm_read() successfully read the entire
requested region. This is a speculative fix for an infrequent crash that
occurs in the wild where only part of the region read by ReadMapped()
was actually mapped into memory.
Bug: chromium:918626
Change-Id: I4f4b3902d11480dc4a003608cfb1d371ec89425b
Reviewed-on: https://chromium-review.googlesource.com/c/1455170
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
This is a follow-up to c8a016b99d97, following the post-landing
discussion at
https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1393921/5#message-2058541d8c4505d20a990ab7734cd758e437a5f7
base::size, and std::size that will eventually replace it when C++17 is
assured, does not allow the size of non-static data members to be taken
in constant expression context. The remaining uses of ArraySize are in:
minidump/minidump_exception_writer.cc (×1)
minidump/minidump_system_info_writer.cc (×2, also uses base::size)
snapshot/cpu_context.cc (×4, also uses base::size)
util/misc/arraysize_test.cc (×10, of course)
The first of these occurs when initializing a constexpr variable. All
others are in expressions used with static_assert.
Includes:
Update mini_chromium to 737433ebade4d446643c6c07daae02a67e8deccao
f701716d9546 Add Windows ARM64 build target to mini_chromium
87a95a3d6ac2 Remove the arraysize macro
1f7255ead1f7 Placate MSVC in areas of base::size usage
737433ebade4 Add cast
Bug: chromium:837308
Change-Id: I6a5162654461b1bdd9b7b6864d0d71a734bcde19
Reviewed-on: https://chromium-review.googlesource.com/c/1396108
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
As Mark noted in [1] ProcessMemory should accept VMSize instead of
size_t, the two types can differ on platforms where a cross-bitness
handler could cause a 32-bit handler to inspect a 64-bit process. By
centralizing the checks in ProcessMemory, we can leave the individual
platform-specific implementations (in ProcessMemory*::ReadUpTo) to
accept size_ts.
[1] crrev.com/c/1388017/2/snapshot/crashpad_types/crashpad_info_reader.cc#70
Bug: crashpad:270
Change-Id: I3aab483221de36f3b1478cb9503101b142dae681
Reviewed-on: https://chromium-review.googlesource.com/c/1387756
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Didn't notice these until I hit presubmit in chromium.
Bug: crashpad:263
Change-Id: I7d86c508928c95a65b7972a19fbdf3bd19c9b29b
Reviewed-on: https://chromium-review.googlesource.com/c/1387885
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Currently TaskMemory re-implements a number of Read* routines that are
implemented in a platform-independent way in ProcessMemory with access
to a single platform-specific ReadUpTo method. Implement the ReadUpTo
method for TaskMemory and subclass it from ProcessMemory to inherit the
remaining methods.
The ProcessMemoryTests didn't work on macOS because MultiprocessExec
can not access the child process' task port without root privileges or
the task_for_pid entitlement. Create an adaptor class for those tests to
use MachMultiprocess so that the child process sends its task port to
the parent.
Bug: crashpad:263
Change-Id: Id8e1788a74fe957f05703a5eb569ca3bf9870369
Reviewed-on: https://chromium-review.googlesource.com/c/1387265
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Use platform independent helpers to simplify initializing a
ProcessMemory object in this test.
Bug: crashpad:263
Change-Id: Id0f9e006f6dbaca31453803b8c790a6832e855e5
Reviewed-on: https://chromium-review.googlesource.com/c/1387264
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
When building in Chromium:
../../third_party/crashpad/crashpad/util/process/process_memory_win.cc(95,74): error: format specifies type 'unsigned long long' but the argument has type 'size_t' (aka 'unsigned int') [-Werror,-Wformat]
"range at 0x%llx, size 0x%llx completely inaccessible", address, size);
~~~~ ^~~~
%zx
../../third_party/crashpad/crashpad/util/process/process_memory_win.cc(103,72): error: format specifies type 'unsigned long long' but the argument has type 'size_t' (aka 'unsigned int') [-Werror,-Wformat]
"start of range at 0x%llx, size 0x%llx inaccessible", address, size);
Change-Id: I820f0afee28d1220ca400780eac61de05bde10ef
Reviewed-on: https://chromium-review.googlesource.com/c/1323771
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Also update gyp to build it.
Change-Id: I859c552b9cfc41f531ffb04fe6d6730dbd0e8fed
Reviewed-on: https://chromium-review.googlesource.com/c/1319269
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Currently, ProcessMemory is only implemented for Linux and Fuchsia.
Implement the interface for Windows as well and re-factor tests to
support it, mostly this consists of using a new ScopedGuardedPage class
instead of ScopedMmap in the ProcessMemory tests.
BUG=crashpad:262
Change-Id: I1b42718972be5ad838d12356d09f764053f09e4f
Reviewed-on: https://chromium-review.googlesource.com/c/1278829
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Building Crashpad with GCC flagged a few potential issues. The issues
don't seem particularly severe, but they are easy enough to fix.
Note that even with these changes, Crashpad will not cleanly build with
GCC (additional patches would be needed to third_party/mini_chromium).
Bug: crashpad:
Change-Id: I9289d6c918da9a111aa3c2a078ad0dc1ba84749f
Reviewed-on: https://chromium-review.googlesource.com/1014280
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Leonard Mosescu <mosescu@chromium.org>
This change:
1. Updates the broker's memory reading protocol to enable short reads.
2. Updates Ptracer to allow short reads.
3. Updates the broker to allow reading from a memory file.
4. Updates the broker's default file root to be "/proc/[pid]/".
5. Adds PtraceConnection::Memory() to produce a suitable memory reader
for a connection type.
Bug: crashpad:30
Change-Id: I8c004016065d981acd1fa74ad1b8e51ce07c7c85
Reviewed-on: https://chromium-review.googlesource.com/991455
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Avoids using pointers shared between parent/child. Explicitly builds the
test strings in the child process, and then passes both the address and
the expected value of the string to the parent process for expectation
checking. This is necessary to have the test work on Fuchsia.
Also renames ...Forked to ...Child.
Bug: crashpad:196, crashpad:215
Change-Id: I7f22c134301a2806eb39549e371414e7ec9bf225
Reviewed-on: https://chromium-review.googlesource.com/896228
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
Avoids fork()ing as per previous tests in this file, necessary for
Fuchsia.
Unfortunately, I believe that mmap()/munmap() aren't actually working
correctly on Fuchsia as tested by the EXPECT_FALSE reads, and so these
tests incorrectly fail. Bug with repro filed upstream at ZX-1631.
Bug: crashpad:196, crashpad:215
Change-Id: Iec86f64fcee12097223326f2bf2d5a5348a8a610
Reviewed-on: https://chromium-review.googlesource.com/894124
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
Instead of using pointers shared between the parent/child due to fork,
explicitly builds and passes them between processes. This is
unfortunately a bit more verbose, but seems like it tests functionality
a little better, and is required to have the test work on Fuchsia.
Also renames the ...Forked to ...Child to be correct after the change
from Multiprocess to MultiprocessExec.
Bug: crashpad:196, crashpad:215
Change-Id: I610a7f1e35b6513805c27d9e610f7a9b9820cabc
Reviewed-on: https://chromium-review.googlesource.com/892286
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Instead of allocating test memory in the parent and then forking and
comparing against it, the child does the allocation and passes back the
region's size and address. Additionally, switch the memcmp()s to be
value-based comparisons instead because the region isn't available in
the parent.
Also renames ProcessMemory.ReadForked to .ReadChild to be correct after
the change from Multiprocess to MultiprocessExec.
This is necessary to have the tests work on Fuchsia.
Bug: crashpad:196, crashpad:215
Change-Id: Id996a21180d87c7f2556283e9f54f6128726f9b8
Reviewed-on: https://chromium-review.googlesource.com/892102
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
(Still need to avoid fork()-dependence for the non-self tests.)
Bug: crashpad:196
Change-Id: Ib34fe33c7ec295881c1f555995072d9ff742647f
Reviewed-on: https://chromium-review.googlesource.com/876650
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
ProcessMemory::ReadCStringInternal needs to be able to perform short
reads.
Change-Id: I2b2e1c2e6603d01235d8d2dbd15494375cd7f3f6
Reviewed-on: https://chromium-review.googlesource.com/874776
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Scott Graham <scottmg@chromium.org>
There’s no reason for ProcessReader to own its ProcessMemoryLinux via
std::unique_ptr<>.
This was discovered in a trunk Clang build, during which a
-Wdelete-non-virtual-dtor warning was produced (since Clang r312167).
The warning is not produced by earlier Clang versions or by GCC because
the “delete” happens in a system header, <memory>, when performed by
std::unique_ptr<>. Although ownership via std::unique_ptr<> is no longer
used, ProcessMemoryLinux is marked “final” because it ought to be.
In file included from ../../snapshot/linux/process_reader.cc:15:
In file included from ../../snapshot/linux/process_reader.h:21:
In file included from /usr/bin/../lib/gcc/x86_64-linux-gnu/7.2.0/../../include/c++/7.2.0/memory:80:
/usr/bin/../lib/gcc/x86_64-linux-gnu/7.2.0/../../include/c++/7.2.0/bits/unique_ptr.h:78:2: error: delete called on non-final 'crashpad::ProcessMemoryLinux' that has virtual functions but non-virtual destructor [-Werror,-Wdelete-non-virtual-dtor]
delete __ptr;
^
/usr/bin/../lib/gcc/x86_64-linux-gnu/7.2.0/../../include/c++/7.2.0/bits/unique_ptr.h:268:4: note: in instantiation of member function 'std::default_delete<crashpad::ProcessMemoryLinux>::operator()' requested here
get_deleter()(__ptr);
^
../../snapshot/linux/process_reader.cc:169:16: note: in instantiation of member function 'std::unique_ptr<crashpad::ProcessMemoryLinux, std::default_delete<crashpad::ProcessMemoryLinux> >::~unique_ptr' requested here
ProcessReader::ProcessReader()
^
1 error generated.
Change-Id: Ibe9671db429262aca12bbfdf457c8f72cad2f358
Reviewed-on: https://chromium-review.googlesource.com/738530
Reviewed-by: Dave Bort <dbort@google.com>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Only a Linux implementation for now, but similar code for other
OSes can move behind it in the future.
Bug: crashpad:196
Change-Id: I05966db1599a9cac3146d2a3d964e7ad8629d616
Reviewed-on: https://chromium-review.googlesource.com/685408
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Dave Bort <dbort@google.com>
A step towards making these files usable by non-Linux systems.
Bug: crashpad:196
Change-Id: Iaa8bfae1c325735c320e502698a61e4851777649
Reviewed-on: https://chromium-review.googlesource.com/685407
Commit-Queue: Dave Bort <dbort@google.com>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
A step towards making these files usable by non-Linux systems.
Bug: crashpad:196
Change-Id: I71323b29e46208b3992055722e4622d79409c44c
Reviewed-on: https://chromium-review.googlesource.com/685406
Commit-Queue: Dave Bort <dbort@google.com>
Reviewed-by: Mark Mentovai <mark@chromium.org>
