mirror of
https://github.com/chromium/crashpad.git
synced 2025-01-15 10:07:56 +08:00
d8f60c8112
Chromium moved base::size() to base/cxx17_backports.h, so do the same in mini_chromium and update the users in Crashpad. Roll mini_chromium to 2f06f83f to make the new base header available. Bug: chromium:1210983 Change-Id: Ie3dc4c189dcdfcac030b95fe285f94abb29a27bf Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2917779 Commit-Queue: Lei Zhang <thestig@chromium.org> Commit-Queue: Mark Mentovai <mark@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org>
236 lines
8.2 KiB
C++
236 lines
8.2 KiB
C++
// Copyright 2018 The Crashpad Authors. All rights reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
#include "snapshot/fuchsia/memory_map_region_snapshot_fuchsia.h"
|
|
|
|
#include <dbghelp.h>
|
|
#include <zircon/syscalls.h>
|
|
|
|
#include "base/cxx17_backports.h"
|
|
#include "base/fuchsia/fuchsia_logging.h"
|
|
#include "base/logging.h"
|
|
#include "base/strings/stringprintf.h"
|
|
#include "gtest/gtest.h"
|
|
#include "snapshot/fuchsia/process_snapshot_fuchsia.h"
|
|
#include "test/multiprocess_exec.h"
|
|
#include "util/fuchsia/koid_utilities.h"
|
|
#include "util/fuchsia/scoped_task_suspend.h"
|
|
|
|
namespace crashpad {
|
|
namespace test {
|
|
namespace {
|
|
|
|
constexpr struct {
|
|
uint32_t zircon_perm;
|
|
size_t pages;
|
|
uint32_t minidump_perm;
|
|
} kTestMappingPermAndSizes[] = {
|
|
// Zircon doesn't currently allow write-only, execute-only, or
|
|
// write-execute-only, returning ZX_ERR_INVALID_ARGS on map.
|
|
{0, 5, PAGE_NOACCESS},
|
|
{ZX_VM_PERM_READ, 6, PAGE_READONLY},
|
|
// {ZX_VM_PERM_WRITE, 7, PAGE_WRITECOPY},
|
|
// {ZX_VM_PERM_EXECUTE, 8, PAGE_EXECUTE},
|
|
{ZX_VM_PERM_READ | ZX_VM_PERM_WRITE, 9, PAGE_READWRITE},
|
|
{ZX_VM_PERM_READ | ZX_VM_PERM_EXECUTE, 10, PAGE_EXECUTE_READ},
|
|
// {ZX_VM_PERM_WRITE | ZX_VM_PERM_EXECUTE, 11, PAGE_EXECUTE_WRITECOPY},
|
|
{ZX_VM_PERM_READ | ZX_VM_PERM_WRITE | ZX_VM_PERM_EXECUTE,
|
|
12,
|
|
PAGE_EXECUTE_READWRITE},
|
|
};
|
|
|
|
CRASHPAD_CHILD_TEST_MAIN(AddressSpaceChildTestMain) {
|
|
// Create specifically sized mappings/permissions and write the address in
|
|
// our address space to the parent so that the reader can check they're read
|
|
// correctly.
|
|
for (const auto& t : kTestMappingPermAndSizes) {
|
|
zx_handle_t vmo = ZX_HANDLE_INVALID;
|
|
const size_t size = t.pages * PAGE_SIZE;
|
|
zx_status_t status = zx_vmo_create(size, 0, &vmo);
|
|
ZX_CHECK(status == ZX_OK, status) << "zx_vmo_create";
|
|
status = zx_vmo_replace_as_executable(vmo, ZX_HANDLE_INVALID, &vmo);
|
|
ZX_CHECK(status == ZX_OK, status) << "zx_vmo_replace_as_executable";
|
|
uintptr_t mapping_addr = 0;
|
|
status = zx_vmar_map(
|
|
zx_vmar_root_self(), t.zircon_perm, 0, vmo, 0, size, &mapping_addr);
|
|
ZX_CHECK(status == ZX_OK, status) << "zx_vmar_map";
|
|
CheckedWriteFile(StdioFileHandle(StdioStream::kStandardOutput),
|
|
&mapping_addr,
|
|
sizeof(mapping_addr));
|
|
}
|
|
|
|
CheckedReadFileAtEOF(StdioFileHandle(StdioStream::kStandardInput));
|
|
return 0;
|
|
}
|
|
|
|
bool HasSingleMatchingMapping(
|
|
const std::vector<const MemoryMapRegionSnapshot*>& memory_map,
|
|
uintptr_t address,
|
|
size_t size,
|
|
uint32_t perm) {
|
|
const MemoryMapRegionSnapshot* matching = nullptr;
|
|
for (const auto* region : memory_map) {
|
|
const MINIDUMP_MEMORY_INFO& mmi = region->AsMinidumpMemoryInfo();
|
|
if (mmi.BaseAddress == address) {
|
|
if (matching) {
|
|
LOG(ERROR) << "multiple mappings matching address";
|
|
return false;
|
|
}
|
|
matching = region;
|
|
}
|
|
}
|
|
|
|
if (!matching)
|
|
return false;
|
|
|
|
const MINIDUMP_MEMORY_INFO& matching_mmi = matching->AsMinidumpMemoryInfo();
|
|
return matching_mmi.Protect == perm && matching_mmi.RegionSize == size;
|
|
}
|
|
|
|
class AddressSpaceTest : public MultiprocessExec {
|
|
public:
|
|
AddressSpaceTest() : MultiprocessExec() {
|
|
SetChildTestMainFunction("AddressSpaceChildTestMain");
|
|
}
|
|
~AddressSpaceTest() {}
|
|
|
|
private:
|
|
void MultiprocessParent() override {
|
|
uintptr_t test_addresses[base::size(kTestMappingPermAndSizes)];
|
|
for (size_t i = 0; i < base::size(test_addresses); ++i) {
|
|
ASSERT_TRUE(ReadFileExactly(
|
|
ReadPipeHandle(), &test_addresses[i], sizeof(test_addresses[i])));
|
|
}
|
|
|
|
ScopedTaskSuspend suspend(*ChildProcess());
|
|
|
|
ProcessSnapshotFuchsia process_snapshot;
|
|
ASSERT_TRUE(process_snapshot.Initialize(*ChildProcess()));
|
|
|
|
for (size_t i = 0; i < base::size(test_addresses); ++i) {
|
|
const auto& t = kTestMappingPermAndSizes[i];
|
|
EXPECT_TRUE(HasSingleMatchingMapping(process_snapshot.MemoryMap(),
|
|
test_addresses[i],
|
|
t.pages * PAGE_SIZE,
|
|
t.minidump_perm))
|
|
<< base::StringPrintf(
|
|
"index %zu, zircon_perm 0x%x, minidump_perm 0x%x",
|
|
i,
|
|
t.zircon_perm,
|
|
t.minidump_perm);
|
|
}
|
|
}
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(AddressSpaceTest);
|
|
};
|
|
|
|
TEST(ProcessSnapshotFuchsiaTest, AddressSpaceMapping) {
|
|
AddressSpaceTest test;
|
|
test.Run();
|
|
}
|
|
|
|
CRASHPAD_CHILD_TEST_MAIN(StackPointerIntoInvalidLocation) {
|
|
// Map a large block, output the base address of it, and block. The parent
|
|
// will artificially set the SP into this large block to confirm that a huge
|
|
// stack is not accidentally captured.
|
|
zx_handle_t large_vmo;
|
|
constexpr uint64_t kSize = 1 << 30u;
|
|
zx_status_t status = zx_vmo_create(kSize, 0, &large_vmo);
|
|
ZX_CHECK(status == ZX_OK, status) << "zx_vmo_create";
|
|
zx_vaddr_t mapped_addr;
|
|
status = zx_vmar_map(zx_vmar_root_self(),
|
|
ZX_VM_PERM_READ | ZX_VM_PERM_WRITE,
|
|
0,
|
|
large_vmo,
|
|
0,
|
|
kSize,
|
|
&mapped_addr);
|
|
ZX_CHECK(status == ZX_OK, status) << "zx_vmar_map";
|
|
CheckedWriteFile(StdioFileHandle(StdioStream::kStandardOutput),
|
|
&mapped_addr,
|
|
sizeof(mapped_addr));
|
|
zx_nanosleep(ZX_TIME_INFINITE);
|
|
return 0;
|
|
}
|
|
|
|
class InvalidStackPointerTest : public MultiprocessExec {
|
|
public:
|
|
InvalidStackPointerTest() : MultiprocessExec() {
|
|
SetChildTestMainFunction("StackPointerIntoInvalidLocation");
|
|
SetExpectedChildTermination(kTerminationNormal,
|
|
ZX_TASK_RETCODE_SYSCALL_KILL);
|
|
}
|
|
~InvalidStackPointerTest() {}
|
|
|
|
private:
|
|
void MultiprocessParent() override {
|
|
uint64_t address_of_large_mapping;
|
|
ASSERT_TRUE(ReadFileExactly(ReadPipeHandle(),
|
|
&address_of_large_mapping,
|
|
sizeof(address_of_large_mapping)));
|
|
|
|
ScopedTaskSuspend suspend(*ChildProcess());
|
|
|
|
std::vector<zx::thread> threads = GetThreadHandles(*ChildProcess());
|
|
ASSERT_EQ(threads.size(), 1u);
|
|
|
|
zx_thread_state_general_regs_t regs;
|
|
ASSERT_EQ(threads[0].read_state(
|
|
ZX_THREAD_STATE_GENERAL_REGS, ®s, sizeof(regs)),
|
|
ZX_OK);
|
|
|
|
constexpr uint64_t kOffsetIntoMapping = 1024;
|
|
#if defined(ARCH_CPU_X86_64)
|
|
regs.rsp = address_of_large_mapping + kOffsetIntoMapping;
|
|
#elif defined(ARCH_CPU_ARM64)
|
|
regs.sp = address_of_large_mapping + kOffsetIntoMapping;
|
|
#else
|
|
#error
|
|
#endif
|
|
|
|
ASSERT_EQ(threads[0].write_state(
|
|
ZX_THREAD_STATE_GENERAL_REGS, ®s, sizeof(regs)),
|
|
ZX_OK);
|
|
|
|
ProcessSnapshotFuchsia process_snapshot;
|
|
ASSERT_TRUE(process_snapshot.Initialize(*ChildProcess()));
|
|
|
|
ASSERT_EQ(process_snapshot.Threads().size(), 1u);
|
|
const MemorySnapshot* stack = process_snapshot.Threads()[0]->Stack();
|
|
ASSERT_TRUE(stack);
|
|
// Ensure the stack capture isn't unreasonably large.
|
|
EXPECT_LT(stack->Size(), 10 * 1048576u);
|
|
|
|
// As we've corrupted the child, don't let it run again.
|
|
ASSERT_EQ(ChildProcess()->kill(), ZX_OK);
|
|
}
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(InvalidStackPointerTest);
|
|
};
|
|
|
|
// This is a test for a specific failure detailed in
|
|
// https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=41212. A test of stack
|
|
// behavior that was intentionally overflowing the stack, and so when Crashpad
|
|
// received the exception the SP did not point into the actual stack. This
|
|
// caused Crashpad to erronously capture the "stack" from the next mapping in
|
|
// the address space (which could be very large, cause OOM, etc.).
|
|
TEST(ProcessSnapshotFuchsiaTest, InvalidStackPointer) {
|
|
InvalidStackPointerTest test;
|
|
test.Run();
|
|
}
|
|
|
|
} // namespace
|
|
} // namespace test
|
|
} // namespace crashpad
|