This is a reland of commit b1e66e322ddd07f4640ee8bad93397a0511cd313
Original change's description:
> Add SetLastChanceExceptionHandler to implement permissive MTE mode
>
> SetLastChanceExceptionHandler sets a callback to be called after a
> crash has been reported. Returning true from this callback will
> not reraise the signal so the execution can continue. This will be
> used to implement permissive MTE mode, which will continue execution
> after a MTE crash.
>
> Bug: chromium:1467915
> Change-Id: I93a28ceea921fe977805482cf47c07643ca6133c
> Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4707688
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Commit-Queue: Keishi Hattori <keishi@chromium.org>
Bug: chromium:1467915
Change-Id: Ibdc18084deb08bccf3c74f688b7d48ff24fe81f9
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4756235
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Keishi Hattori <keishi@chromium.org>
This reverts commit b1e66e322ddd07f4640ee8bad93397a0511cd313.
Reason for revert: test was flaky on Android bot
Original change's description:
> Add SetLastChanceExceptionHandler to implement permissive MTE mode
>
> SetLastChanceExceptionHandler sets a callback to be called after a
> crash has been reported. Returning true from this callback will
> not reraise the signal so the execution can continue. This will be
> used to implement permissive MTE mode, which will continue execution
> after a MTE crash.
>
> Bug: chromium:1467915
> Change-Id: I93a28ceea921fe977805482cf47c07643ca6133c
> Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4707688
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Commit-Queue: Keishi Hattori <keishi@chromium.org>
Bug: chromium:1467915
Change-Id: Id815a780b576088974101117a4587adec64cfe8c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4750459
Commit-Queue: Keishi Hattori <keishi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
SetLastChanceExceptionHandler sets a callback to be called after a
crash has been reported. Returning true from this callback will
not reraise the signal so the execution can continue. This will be
used to implement permissive MTE mode, which will continue execution
after a MTE crash.
Bug: chromium:1467915
Change-Id: I93a28ceea921fe977805482cf47c07643ca6133c
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4707688
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Keishi Hattori <keishi@chromium.org>
In the recent llvm upstream change, https://reviews.llvm.org/D148269,
clang becomes smarter and will remove the infinite recursion function.
Use the clang attribute __attribute__((optnone)) to disable optimization
for it.
Bug: chromium:1435016
Change-Id: I74e823bf64d0b03d81c0bda7a8338e2fa67033aa
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4456156
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Zequan Wu <zequanwu@google.com>
This is necessary to roll Crashpad in Chromium. Fixes the following:
[5984/6587] CXX obj/third_party/crashpad/crashpad/client/client_test/crashpad_client_linux_test.o
FAILED: obj/third_party/crashpad/crashpad/client/client_test/crashpad_client_linux_test.o
python3 ../../build/toolchain/clang_code_coverage_wrapper.py --target-os=linux --files-to-instrument...(too long)
../../third_party/crashpad/crashpad/client/crashpad_client_linux_test.cc:522:20: error: code will never be executed [-Werror,-Wunreachable-code]
struct utsname uname_info;
^~~~~~~~~~
1 error generated.
Bug: chromium:1260217
Change-Id: Ie63881ed82faec84e8d45bb30dfc8ef10cfdbd6d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4028794
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
SA_EXPOSE_TAGBITS is a Linux >= 5.11 feature that allows si_addr to
contain the upper tag bits. This is a feature that allows signal
handlers to see the full upper address bits on aarch64, which consist of
TBI and MTE nibbles. For MTE, preserving these bits is of significant
importance, as it allows for precise use-after-free and buffer-overflow
diagnosis that's impossible without seeing these bits in the fault
address.
We unconditionally enable this feature on all kernels, as it's ignored
when unsupported (even on older kernels).
Tested on:
1. Linux x86 host, which is a no-op.
2. Android device with Linux 4.14, which is a no-op.
3. Android device with Linux 5.15, which passes. For posterity, my
config was:
| $ gn args out_arm64
| target_os = "android"
| android_ndk_root = "~/Android.sdk/ndk/21.4.7075529"
| android_api_level = 26
| target_cpu = "arm64"
| # NDK builds push libc++_shared.so, which is not present on newer Android
| # versions, so I hacked the runner to push the file. Maybe this should be
| # upstreamed at some point as well.
| $ git diff
| diff --git a/build/run_tests.py b/build/run_tests.py
| index 8ad19e34..64269c90 100755
| --- a/build/run_tests.py
| +++ b/build/run_tests.py
| @@ -273,7 +273,8 @@ def _RunOnAndroidTarget(binary_dir, test, android_device, extra_command_line):
| _adb_shell(adb_mkdir_command)
|
| # Push the test binary and any other build output to the device.
| - local_test_build_artifacts = []
| + local_test_build_artifacts = [
| + '~/Android.sdk/ndk/21.4.7075529/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/lib/aarch64-linux-android/libc++_shared.so']
| for artifact in test_build_artifacts:
| local_test_build_artifacts.append(os.path.join(
| binary_dir, artifact))
| @@ -294,6 +295,7 @@ def _RunOnAndroidTarget(binary_dir, test, android_device, extra_command_line):
| # The list of TERM values comes from Google Test’s
| # googletest/src/gtest.cc testing::internal::ShouldUseColor().
| env = {'CRASHPAD_TEST_DATA_ROOT': device_temp_dir}
| + env = {'LD_LIBRARY_PATH': device_out_dir}
| gtest_color = os.environ.get('GTEST_COLOR')
| if gtest_color in ('auto', None):
| if (sys.stdout.isatty() and
| $ ninja -C out_arm64 && python build/run_tests.py out_arm64/ \
| --gtest_filter=*StartHandlerForSelfTestSuite*
Change-Id: I293b36fcd08ffaca593dae8042299a39756defa0
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4024204
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mitch Phillips <mitchp@google.com>
On gLinux, tests don't pass in the default configuration (empty GN
args), because the infinite recursion test doesn't crash
anymore. Locally, forcing the function to stay out of line is sufficient
to fix it. This is inherently brittle, and may need to be revisited at a
later point.
Change-Id: Ica88a0b3a2151af95c64c490b5afcdc05cf3be4e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4020321
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Benoit Lize <lizeb@chromium.org>
sed -i '' -E -e 's/Copyright (.+) The Crashpad Authors\. All rights reserved\.$/Copyright \1 The Crashpad Authors/' $(git grep -El 'Copyright (.+) The Crashpad Authors\. All rights reserved\.$')
Bug: chromium:1098010
Change-Id: I8d6138469ddbe3d281a5d83f64cf918ec2491611
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3878262
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Both running first chance handlers and checking for disabled signal
handlers should no longer interact with DumpWithoutCrashing().
First-chance-handlers should also run even with disabled crashpad
signal handlers or else those signals would be reported by the next
chained signal handlers as crashes.
Change-Id: I64b3da42c400a1c431c6228d4da181ed56bfda89
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3403413
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Use BUILDFLAG(IS_*) instead of defined(OS_*).
This was generated mostly mechnically by performing the following steps:
- sed -i '' -E -e 's/defined\(OS_/BUILDFLAG(IS_/g' \
-e 's%([ !])OS_([A-Z]+)%\1BUILDFLAG(IS_\2)%g' \
$(git grep -l 'OS_'
'**/*.c' '**/*.cc' '**/*.h' '**/*.m' '**/*.mm')
- sed -i '' -e 's/#ifdef BUILDFLAG(/#if BUILDFLAG(/' \
$(git grep -l '#ifdef BUILDFLAG('
'**/*.c' '**/*.cc' '**/*.h' '**/*.m' '**/*.mm')
- gsed -i -z -E -e \
's%(.*)#include "%\1#include "build/buildflag.h"\n#include "%' \
$(git grep -l 'BUILDFLAG(IS_'
'**/*.c' '**/*.cc' '**/*.h' '**/*.m' '**/*.mm')
- Spot checks to move #include "build/buildflag.h" to the correct parts
of files.
- sed -i '' -E -e \
's%^(#include "build/buildflag.h")$%#include "build/build_config.h"\n\1%' \
$(grep -L '^#include "build/build_config.h"$'
$(git grep -l 'BUILDFLAG(IS_'
'**/*.c' '**/*.cc' '**/*.h' '**/*.m' '**/*.mm'))
- Add “clang-format off” around tool usage messages.
- git cl format
- Update mini_chromium to 85ba51f98278 (intermediate step).
TESTING ONLY).
- for f in $(git grep -l '^#include "build/buildflag.h"$'
'**/*.c' '**/*.cc' '**/*.h' '**/*.m' '**/*.mm'); do \
grep -v '^#include "build/buildflag.h"$' "${f}" > /tmp/z; \
cp /tmp/z "${f}"; done
- git cl format
- Update mini_chromium to 735143774c5f (intermediate step).
- Update mini_chromium to f41420eb45fa (as checked in).
- Update mini_chromium to 6e2f204b4ae1 (as checked in).
For ease of review and inspection, each of these steps is uploaded as a
new patch set in a review series.
This includes an update of mini_chromium to 6e2f204b4ae1:
f41420eb45fa Use BUILDFLAG for OS checking
6e2f204b4ae1 Include what you use: string_util.h uses build_config.h
Bug: chromium:1234043
Change-Id: Ieef86186f094c64e59b853729737e36982f8cf69
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3400258
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
And implement ExtraMemory() for ProcessSnapshotMinidump for this purpose.
Bug: crashpad:10,crashpad:30
Change-Id: I889c42c7e91358336671ae8d00154af820725e7b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3279301
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
This change was partially scripted and partially done manually with vim
regex + manually placing the deleted constructors.
The script change looked for destructors in the public: section of a
class, if that existed the deleted constructors would go before the
destructor.
For manual placement I looked for any constructor in the public: section
of the corresponding class. If there wasn't one, then it would ideally
have gone as the first entry except below enums, classes and typedefs.
This may not have been perfect, but is hopefully good enough. Fingers
crossed.
#include "base/macros.h" is removed from files that don't use
ignore_result, which is the only other thing defined in base/macros.h.
Bug: chromium:1010217
Change-Id: I099526255a40b1ac1264904b4ece2f3f503c9418
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3171034
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Disable the stack-overrun test since ASAN will detect the
stack corruption and kill the process.
Also allocate extra alt-stack space when ASAN is enabled.
Change-Id: Id8711d2aaa31c90c78b7feceec2877c18dc9be00
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2303591
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
This prevents errors creating the attachment if a previous test
failed to delete it for some reason.
Change-Id: I2622d86e08987ad3ff201da84dc9ae210acf776d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2302722
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Implemented the AddAttachment(), InitializeAttachments(), CleanDatabase() functions
on Windows.
Added attachment=FILE_NAME option to the handler, and
"attachments" argument for Windows and Linux to StartHandler function.
On crash it will create the corresponding attachments in the database
and copy content of the specified files to the database.
Bug: b/157144387
Change-Id: Ia238de39028e07112a7b971b5b7d5e71a5864f53
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2248099
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
If the file just needs the CHECK/CHECK_OP/NOTREACHED
macros, use the appropriate header for that instead.
Or if logging.h is not needed at all, remove it.
This is both a nice cleanup (logging.h is a big header,
and including it unnecessarily has compile-time costs),
and part of the final step towards making logging.h no
longer include check.h and the others.
Bug: chromium:1031540
Change-Id: Ia46806bd95fe498bcf3cf6d2c13ffa4081678043
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2255361
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Hans Wennborg <hans@chromium.org>
This CL adds a RequestCrashDumpHandler to request a crash dump over a
socket. Common functionality with LaunchAtCrashHandler is factored out
into a SignalHandler base class.
Bug: crashpad:284
Change-Id: I86293ef599a0dd6eea63c096a5c931c620c05ecc
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1568985
Reviewed-by: Mark Mentovai <mark@chromium.org>
sendmsg() and recvmsg() are complicated to use. Refactor their usage
into functions with a simpler, tested interface and use those instead.
This also adds CreateCredentialSocketpair() to create a pair of
connected sockets with SO_PASSCRED set. This option should be set
before the possibility of any calls to sendmsg() with the socket pair
to avoid race conditions in properly setting credentials.
Also update the handler to use Strategy::kNoPtrace (which causes the
crash dump to fail without breaking the socket connection) if the
credentials were invalid, which can happen if SO_PASSCRED was set after
the call to sendmsg() or if the sending process does not exist in this
namespace.
Change-Id: Id09f87125540255687a3c35d5bed7fa01ec07cff
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1584639
Reviewed-by: Mark Mentovai <mark@chromium.org>
Multi client socket connections allow multiple clients to request crash
dumps from a handler process using a single, shared socket connection.
This connection mode does not support using a broker process which
requires a dedicated socket connection to ensure handler messages
aren't intercepted by the wrong clients.
The handler uses SIGCONT to indicate to the crasher when a crash dump
is complete (or has failed) and may continue.
Bug: crashpad:284
Change-Id: I2031029cd254f17497cbf7e7d8740c289581e8aa
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1559306
Reviewed-by: Mark Mentovai <mark@chromium.org>
This patch adds the class ExceptionHandlerProtocol to contain all the
relevant types, but should not make any functional changes.
Change-Id: I65ada239a6bf3195899fdd96f005c042cdd59749
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1575796
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
As of Android Q, the android_set_abort_message() function copies the
abort message into a mapping with a specific name that starts with a magic
number. This makes it possible for Crashpad to collect the abort message
by looking for the mapping with this name in procmaps and checking for the
magic number. The abort message is stored in a process annotation named
"abort_message".
Test: No regressions in build/run_tests.py on devices running P and Q
Test: Patched into Chromium; manually verified that HWASAN crash report appears in minidump
Bug: crashpad:287
Change-Id: I23c4d9e11015c84341de2d2e47e38a1eec508a36
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1544875
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Crashpad client testing no longer addresses an element of a possibly-
empty array.
Change-Id: I434b4b8c462894d8241b810973e1b4a87d1851ba
Reviewed-on: https://chromium-review.googlesource.com/c/1376375
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Sanitization is controlled by a SanitizationInformation struct to be
read from the client's memory. The address of this struct is either
passed in a ClientInformation when the client requests a crash dump,
or as a flag to the handler --sanitization_information.
Bug: crashpad:30
Change-Id: I2744f8fb85b4fea7362b2b88faa4bef1da74e36b
Reviewed-on: https://chromium-review.googlesource.com/1083143
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Scott Graham <scottmg@chromium.org>
Annotations data structures may be dynamically allocated so could
appear outside a modules's address range. Let ImageAnnotationReader
use a ProcessMemoryRange for the process, rather than the module.
Also add a test for linux.
Bug: crashpad:30
Change-Id: Ibbf1d2fcb2e44b1b70c8a02e86c6f2fbd784535f
Reviewed-on: https://chromium-review.googlesource.com/1054705
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Scott Graham <scottmg@chromium.org>
This allows clients to use the database to handle uploads themselves,
e.g. on Android, where Crashpad does not yet provide an uploader.
The handler does not launch an upload thread when no url is supplied.
Previously, the handler would move these reports to
completed and record the upload as skipped with kUploadsDisabled.
With this change, these reports would remain pending until pruned,
with no metrics recorded for them in regard to their upload.
Bug: crashpad:30
Change-Id: I4167ab1531634b10e91d03229018ae6aab4103aa
Reviewed-on: https://chromium-review.googlesource.com/1010970
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
