As documented, MACH_SEND_TRAILER would allow a sender to provide its own
message trailer instead of having the kernel append its own
kernel-generated trailer. This is a Mach feature that supports a network
of multiple Mach hosts, but even in that environment, the option is
restricted to use by privileged callers. In reality, MACH_SEND_TRAILER
has never been implemented in OS X.
The system’s mach_msg_server() family does consider the value of
MACH_SEND_TRAILER, but this is pointless. Any purported trailer set by a
server function would be ignored.
Maintaining this code gives the illusion that it’s functional, so it’s
being removed.
TEST=util_test MachMessageServer.*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/736493007
ChildPortHandshake is the most generic system yet to allow child
processes to provide their parents with Mach rights. These are
ordinarily expected to be send rights to the children’s own task ports,
or send rights to servers that the children hold receive rights to.
This updates DEPS to pull mini_chromium 1d3523dbda93, which includes
base::mac::ScopedMachPortSet.
TEST=util_test ChildPortHandshake.*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/756603003
Previously, MachMessageServer::Run() only provided two strategies for
dealing with large messages, indicated by mach_msg() returning
MACH_RCV_TOO_LARGE: the receive buffer could be reallocated and the
message received, or the entire function could return MACH_RCV_TOO_LARGE
to the caller. There are situations where an intermediate behavior might
be desirable. This intermediate behavior would allow the function to
continue waiting for another message without returning an error to the
caller or attempting to receive the large message. This is desirable
when dealing with fixed-sized messages and a receiver that might be sent
messages by unknown, possibly-malicious callers. This can happen when
the corresponding send right is published with the bootstrap server, for
example.
Existing users continue to request their existing behavior, typically
receiving an error when encountering a large message.
catch_exception_tool will use the new “ignore” behavior when running in
persistent mode.
TEST=util_test MachMessageServer.*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/756803002
the child_port subsystem.
Common routines shared with the ExcServer family of classes have been
moved to a new file, where they can be shared between different
MachMessageServer::Interface implementations.
TEST=util_test ChildPortServer.*:MachMessageUtil.*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/754123002
In b6a0183ccec7, gtest and gmock were held back at older versions with
limited C++11 support, because the then-current heads of each did not
work well in environments with C++11 language support but pre-C++11
library support. This is the environment that Chrome code for Mac builds
in. All necessary patches for this have been merged upstream, and this
has been corrected in the current released versions of gtest and gmock.
TEST=*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/731473007
DropPrivileges() is used in exception_port_tool, so that when it is
installed as a setuid executable, it only uses elevated privileges to
obtain a task port for its -p option, and then relinquishes those
privileges.
It is difficult to provide a test for this function, because it must be
running setuid or setgid in order to do anything interesting. However,
the function contains its own CHECKs to verify that it behaves properly.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727053002
This also transitions exception_port_tool to use TaskForPID(), so that
it can be safely used as a setuid executable without giving permission
to operate on any process on the system.
It is difficult to provide a test for this function, because it must be
running setuid root in order to do anything interesting.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/728973002
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
MinidumpLocationDescriptorListWriter and MinidumpRVAListWriter are
implementation details and should be in the crashpad::internal
namespace.
MinidumpUTF16StringListWriter and MinidumpUTF8StringListWriter are
accessible to outside code and should not be in this namespace.
TEST=minidump_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/699313007
This will be used as the foundation for writing a list of
MinidumpUTF8String objects. MinidumpUTF8String (and UTF-16
MINIDUMP_STRING) objects are never referenced by
MINIDUMP_LOCATION_DESCRIPTOR because they carry their own lengths.
Instead, they are always referenced by RVA.
The list of MinidumpUTF8String objects will be used for the module
annotations vector.
TEST=minidump_test MinidumpRVAListWriter.*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/704333002
MinidumpLocationDescriptorListWriter. This allows easier construction of
minidump structures that are lists of MINIDUMP_LOCATION_DESCRIPTOR
structures in the future.
TEST=minidump_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/707543002
MinidumpWritableAtRVA<>() now checks that the object of the requested
type is actually in the range of the minidump file’s size, rather than
just checking that the beginning of the object is in range.
TEST=minidump_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/708803002
implicit_cast<> only performs a cast in cases where an implicit
conversion would be possible. It’s even safer than static_cast<> It’s an
“explicit implicit” cast, which is not normally necsesary, but is
frequently required when working with the ?: operator, functions like
std::min() and std::max(), and logging and testing macros.
The public style guide does not mention implicit_cast<> only because it
is not part of the standard library, but would otherwise require it in
these situations. Since base does provide implicit_cast<>, it should be
used whenever possible.
The only uses of static_cast<> not converted to implicit_cast<> are
those that require static_cast<>, such as those that assign an integer
constant to a variable of an enum type.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/700383007
This only came up in one location, PointerVector.
A template alias is superior to inheritance, which doesn’t provide full
type equivalence and doesn’t automatically inherit non-default
constructors.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/683753005
and its test.
Minidump context structures now interoperate more easily with snapshot
CPUContext structures, while maintaining identical layout to before.
This is facilitated by reusing the Fxsave types for the substructures
which were completely identical, and by using compatible logic to
initialize the minidump and snapshot structures for testing.
TEST=minidump_test, snapshot_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/686353004
Not doing this causes gtest to issue these warnings:
[WARNING] ../../third_party/gtest/gtest/src/gtest-death-test.cc:825::
Death tests use fork(), which is unsafe particularly in a threaded
context. For this test, Google Test detected 4 threads.
The gtest documentation recommends giving the test case a name ending in
DeathTest. Test cases named according to this convention run before all
other tests. Other death tests in Crashpad also follow this convention.
https://code.google.com/p/googletest/wiki/AdvancedGuide#Death_Tests_And_Threads
TEST=util_test HTTPMultipartBuilderDeathTest.*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/694963002
All minidump objects now own their all of their children, rather than
having them maintain weak pointers and requiring callers to maintain
ownership.
The only weak object in the entire tree now is the “extra memory” added
to a MinidumpMemoryListWriter by its AddExtraMemory() method. Extra
memory aliases objects owned elsewhere in the tree, typically by a
MinidumpThreadWriter as stack memory. Non-“extra” memory added to a
MinidumpMemoryListWriter by its AddMemory() method is strongly owned.
Many objects are now deleted through base pointers, and in those cases,
the base classes now have public virtual destructors. The ultimate base,
MinidumpWritable, is still protected to guard against direct
instantiation and deletion, and thus its destructor does not need to be
virtual.
This updates mini_chromium to eeb3b6a4f020 specifically for that
revision, which includes necessary updates to scoped_ptr. It also picks
up:
eeb3b6a4f020 Update base/move.h and base/memory/scoped_ptr.h to match
67ad2efafaba More porting to Windows
be27a006421e AUTHORS: Fix link post-git migration flag day.
05f5b1503230 Add codereview.settings to mini_chromium.
a32c2b199811 Beginnings of Windows support in mini_chromium
TEST=minidump_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/674153002
test.
Move SimpleAnnotations from being a property of the minidump to being a
property of the module, matching the Snapshot interface.
TEST=minidump_test MinidumpCrashpadInfo.*:MinidumpCrashpadModule.*
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/675803002
