1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // For linux_syscall_support.h. This makes it safe to call embedded system
6 // calls when in seccomp mode.
7
8 #include "components/breakpad/app/breakpad_linux.h"
9
10 #include <fcntl.h>
11 #include <poll.h>
12 #include <signal.h>
13 #include <stdlib.h>
14 #include <sys/socket.h>
15 #include <sys/time.h>
16 #include <sys/types.h>
17 #include <sys/uio.h>
18 #include <sys/wait.h>
19 #include <time.h>
20 #include <unistd.h>
21
22 #include <algorithm>
23 #include <string>
24
25 #include "base/base_switches.h"
26 #include "base/command_line.h"
27 #include "base/debug/crash_logging.h"
28 #include "base/files/file_path.h"
29 #include "base/linux_util.h"
30 #include "base/path_service.h"
31 #include "base/platform_file.h"
32 #include "base/posix/eintr_wrapper.h"
33 #include "base/posix/global_descriptors.h"
34 #include "base/process/memory.h"
35 #include "base/strings/string_util.h"
36 #include "breakpad/src/client/linux/handler/exception_handler.h"
37 #include "breakpad/src/client/linux/minidump_writer/directory_reader.h"
38 #include "breakpad/src/common/linux/linux_libc_support.h"
39 #include "breakpad/src/common/memory.h"
40 #include "components/breakpad/app/breakpad_client.h"
41 #include "components/breakpad/app/breakpad_linux_impl.h"
42 #include "content/public/common/content_descriptors.h"
43
44 #if defined(OS_ANDROID)
45 #include <android/log.h>
46 #include <sys/stat.h>
47
48 #include "base/android/build_info.h"
49 #include "base/android/path_utils.h"
50 #endif
51 #include "third_party/lss/linux_syscall_support.h"
52
53 #if defined(ADDRESS_SANITIZER)
54 #include <ucontext.h> // for getcontext().
55 #endif
56
57 #if defined(OS_ANDROID)
58 #define STAT_STRUCT struct stat
59 #define FSTAT_FUNC fstat
60 #else
61 #define STAT_STRUCT struct kernel_stat
62 #define FSTAT_FUNC sys_fstat
63 #endif
64
65 // Some versions of gcc are prone to warn about unused return values. In cases
66 // where we either a) know the call cannot fail, or b) there is nothing we
67 // can do when a call fails, we mark the return code as ignored. This avoids
68 // spurious compiler warnings.
69 #define IGNORE_RET(x) do { if (x); } while (0)
70
71 using google_breakpad::ExceptionHandler;
72 using google_breakpad::MinidumpDescriptor;
73
74 namespace breakpad {
75
76 namespace {
77
78 #if !defined(OS_CHROMEOS)
79 const char kUploadURL[] = "https://clients2.google.com/cr/report";
80 #endif
81
82 bool g_is_crash_reporter_enabled = false;
83 uint64_t g_process_start_time = 0;
84 pid_t g_pid = 0;
85 char* g_crash_log_path = NULL;
86 ExceptionHandler* g_breakpad = NULL;
87
88 #if defined(ADDRESS_SANITIZER)
89 const char* g_asan_report_str = NULL;
90 #endif
91 #if defined(OS_ANDROID)
92 char* g_process_type = NULL;
93 #endif
94
95 CrashKeyStorage* g_crash_keys = NULL;
96
97 // Writes the value |v| as 16 hex characters to the memory pointed at by
98 // |output|.
write_uint64_hex(char * output,uint64_t v)99 void write_uint64_hex(char* output, uint64_t v) {
100 static const char hextable[] = "0123456789abcdef";
101
102 for (int i = 15; i >= 0; --i) {
103 output[i] = hextable[v & 15];
104 v >>= 4;
105 }
106 }
107
108 // The following helper functions are for calculating uptime.
109
110 // Converts a struct timeval to milliseconds.
timeval_to_ms(struct timeval * tv)111 uint64_t timeval_to_ms(struct timeval *tv) {
112 uint64_t ret = tv->tv_sec; // Avoid overflow by explicitly using a uint64_t.
113 ret *= 1000;
114 ret += tv->tv_usec / 1000;
115 return ret;
116 }
117
118 // Converts a struct timeval to milliseconds.
kernel_timeval_to_ms(struct kernel_timeval * tv)119 uint64_t kernel_timeval_to_ms(struct kernel_timeval *tv) {
120 uint64_t ret = tv->tv_sec; // Avoid overflow by explicitly using a uint64_t.
121 ret *= 1000;
122 ret += tv->tv_usec / 1000;
123 return ret;
124 }
125
126 // String buffer size to use to convert a uint64_t to string.
127 const size_t kUint64StringSize = 21;
128
SetProcessStartTime()129 void SetProcessStartTime() {
130 // Set the base process start time value.
131 struct timeval tv;
132 if (!gettimeofday(&tv, NULL))
133 g_process_start_time = timeval_to_ms(&tv);
134 else
135 g_process_start_time = 0;
136 }
137
138 // uint64_t version of my_int_len() from
139 // breakpad/src/common/linux/linux_libc_support.h. Return the length of the
140 // given, non-negative integer when expressed in base 10.
my_uint64_len(uint64_t i)141 unsigned my_uint64_len(uint64_t i) {
142 if (!i)
143 return 1;
144
145 unsigned len = 0;
146 while (i) {
147 len++;
148 i /= 10;
149 }
150
151 return len;
152 }
153
154 // uint64_t version of my_uitos() from
155 // breakpad/src/common/linux/linux_libc_support.h. Convert a non-negative
156 // integer to a string (not null-terminated).
my_uint64tos(char * output,uint64_t i,unsigned i_len)157 void my_uint64tos(char* output, uint64_t i, unsigned i_len) {
158 for (unsigned index = i_len; index; --index, i /= 10)
159 output[index - 1] = '0' + (i % 10);
160 }
161
162 #if defined(OS_ANDROID)
my_strncpy(char * dst,const char * src,size_t len)163 char* my_strncpy(char* dst, const char* src, size_t len) {
164 int i = len;
165 char* p = dst;
166 if (!dst || !src)
167 return dst;
168 while (i != 0 && *src != '\0') {
169 *p++ = *src++;
170 i--;
171 }
172 while (i != 0) {
173 *p++ = '\0';
174 i--;
175 }
176 return dst;
177 }
178
my_strncat(char * dest,const char * src,size_t len)179 char* my_strncat(char *dest, const char* src, size_t len) {
180 char* ret = dest;
181 while (*dest)
182 dest++;
183 while (len--)
184 if (!(*dest++ = *src++))
185 return ret;
186 *dest = 0;
187 return ret;
188 }
189 #endif
190
LengthWithoutTrailingSpaces(const char * str,size_t len)191 size_t LengthWithoutTrailingSpaces(const char* str, size_t len) {
192 while (len > 0 && str[len - 1] == ' ') {
193 len--;
194 }
195 return len;
196 }
197
198 // Populates the passed in allocated string and its size with the distro of
199 // the crashing process.
200 // The passed string is expected to be at least kDistroSize bytes long.
PopulateDistro(char * distro,size_t * distro_len_param)201 void PopulateDistro(char* distro, size_t* distro_len_param) {
202 size_t distro_len = std::min(my_strlen(base::g_linux_distro), kDistroSize);
203 memcpy(distro, base::g_linux_distro, distro_len);
204 if (distro_len_param)
205 *distro_len_param = distro_len;
206 }
207
SetClientIdFromCommandLine(const CommandLine & command_line)208 void SetClientIdFromCommandLine(const CommandLine& command_line) {
209 // Get the guid and linux distro from the command line switch.
210 std::string switch_value =
211 command_line.GetSwitchValueASCII(switches::kEnableCrashReporter);
212 size_t separator = switch_value.find(",");
213 if (separator != std::string::npos) {
214 GetBreakpadClient()->SetClientID(switch_value.substr(0, separator));
215 base::SetLinuxDistro(switch_value.substr(separator + 1));
216 } else {
217 GetBreakpadClient()->SetClientID(switch_value);
218 }
219 }
220
221 // MIME substrings.
222 #if defined(OS_CHROMEOS)
223 const char g_sep[] = ":";
224 #endif
225 const char g_rn[] = "\r\n";
226 const char g_form_data_msg[] = "Content-Disposition: form-data; name=\"";
227 const char g_quote_msg[] = "\"";
228 const char g_dashdash_msg[] = "--";
229 const char g_dump_msg[] = "upload_file_minidump\"; filename=\"dump\"";
230 #if defined(ADDRESS_SANITIZER)
231 const char g_log_msg[] = "upload_file_log\"; filename=\"log\"";
232 #endif
233 const char g_content_type_msg[] = "Content-Type: application/octet-stream";
234
235 // MimeWriter manages an iovec for writing MIMEs to a file.
236 class MimeWriter {
237 public:
238 static const int kIovCapacity = 30;
239 static const size_t kMaxCrashChunkSize = 64;
240
241 MimeWriter(int fd, const char* const mime_boundary);
242 ~MimeWriter();
243
244 // Append boundary.
245 virtual void AddBoundary();
246
247 // Append end of file boundary.
248 virtual void AddEnd();
249
250 // Append key/value pair with specified sizes.
251 virtual void AddPairData(const char* msg_type,
252 size_t msg_type_size,
253 const char* msg_data,
254 size_t msg_data_size);
255
256 // Append key/value pair.
AddPairString(const char * msg_type,const char * msg_data)257 void AddPairString(const char* msg_type,
258 const char* msg_data) {
259 AddPairData(msg_type, my_strlen(msg_type), msg_data, my_strlen(msg_data));
260 }
261
262 // Append key/value pair, splitting value into chunks no larger than
263 // |chunk_size|. |chunk_size| cannot be greater than |kMaxCrashChunkSize|.
264 // The msg_type string will have a counter suffix to distinguish each chunk.
265 virtual void AddPairDataInChunks(const char* msg_type,
266 size_t msg_type_size,
267 const char* msg_data,
268 size_t msg_data_size,
269 size_t chunk_size,
270 bool strip_trailing_spaces);
271
272 // Add binary file contents to be uploaded with the specified filename.
273 virtual void AddFileContents(const char* filename_msg,
274 uint8_t* file_data,
275 size_t file_size);
276
277 // Flush any pending iovecs to the output file.
Flush()278 void Flush() {
279 IGNORE_RET(sys_writev(fd_, iov_, iov_index_));
280 iov_index_ = 0;
281 }
282
283 protected:
284 void AddItem(const void* base, size_t size);
285 // Minor performance trade-off for easier-to-maintain code.
AddString(const char * str)286 void AddString(const char* str) {
287 AddItem(str, my_strlen(str));
288 }
289 void AddItemWithoutTrailingSpaces(const void* base, size_t size);
290
291 struct kernel_iovec iov_[kIovCapacity];
292 int iov_index_;
293
294 // Output file descriptor.
295 int fd_;
296
297 const char* const mime_boundary_;
298
299 DISALLOW_COPY_AND_ASSIGN(MimeWriter);
300 };
301
MimeWriter(int fd,const char * const mime_boundary)302 MimeWriter::MimeWriter(int fd, const char* const mime_boundary)
303 : iov_index_(0),
304 fd_(fd),
305 mime_boundary_(mime_boundary) {
306 }
307
~MimeWriter()308 MimeWriter::~MimeWriter() {
309 }
310
AddBoundary()311 void MimeWriter::AddBoundary() {
312 AddString(mime_boundary_);
313 AddString(g_rn);
314 }
315
AddEnd()316 void MimeWriter::AddEnd() {
317 AddString(mime_boundary_);
318 AddString(g_dashdash_msg);
319 AddString(g_rn);
320 }
321
AddPairData(const char * msg_type,size_t msg_type_size,const char * msg_data,size_t msg_data_size)322 void MimeWriter::AddPairData(const char* msg_type,
323 size_t msg_type_size,
324 const char* msg_data,
325 size_t msg_data_size) {
326 AddString(g_form_data_msg);
327 AddItem(msg_type, msg_type_size);
328 AddString(g_quote_msg);
329 AddString(g_rn);
330 AddString(g_rn);
331 AddItem(msg_data, msg_data_size);
332 AddString(g_rn);
333 }
334
AddPairDataInChunks(const char * msg_type,size_t msg_type_size,const char * msg_data,size_t msg_data_size,size_t chunk_size,bool strip_trailing_spaces)335 void MimeWriter::AddPairDataInChunks(const char* msg_type,
336 size_t msg_type_size,
337 const char* msg_data,
338 size_t msg_data_size,
339 size_t chunk_size,
340 bool strip_trailing_spaces) {
341 if (chunk_size > kMaxCrashChunkSize)
342 return;
343
344 unsigned i = 0;
345 size_t done = 0, msg_length = msg_data_size;
346
347 while (msg_length) {
348 char num[kUint64StringSize];
349 const unsigned num_len = my_uint_len(++i);
350 my_uitos(num, i, num_len);
351
352 size_t chunk_len = std::min(chunk_size, msg_length);
353
354 AddString(g_form_data_msg);
355 AddItem(msg_type, msg_type_size);
356 AddItem(num, num_len);
357 AddString(g_quote_msg);
358 AddString(g_rn);
359 AddString(g_rn);
360 if (strip_trailing_spaces) {
361 AddItemWithoutTrailingSpaces(msg_data + done, chunk_len);
362 } else {
363 AddItem(msg_data + done, chunk_len);
364 }
365 AddString(g_rn);
366 AddBoundary();
367 Flush();
368
369 done += chunk_len;
370 msg_length -= chunk_len;
371 }
372 }
373
AddFileContents(const char * filename_msg,uint8_t * file_data,size_t file_size)374 void MimeWriter::AddFileContents(const char* filename_msg, uint8_t* file_data,
375 size_t file_size) {
376 AddString(g_form_data_msg);
377 AddString(filename_msg);
378 AddString(g_rn);
379 AddString(g_content_type_msg);
380 AddString(g_rn);
381 AddString(g_rn);
382 AddItem(file_data, file_size);
383 AddString(g_rn);
384 }
385
AddItem(const void * base,size_t size)386 void MimeWriter::AddItem(const void* base, size_t size) {
387 // Check if the iovec is full and needs to be flushed to output file.
388 if (iov_index_ == kIovCapacity) {
389 Flush();
390 }
391 iov_[iov_index_].iov_base = const_cast<void*>(base);
392 iov_[iov_index_].iov_len = size;
393 ++iov_index_;
394 }
395
AddItemWithoutTrailingSpaces(const void * base,size_t size)396 void MimeWriter::AddItemWithoutTrailingSpaces(const void* base, size_t size) {
397 AddItem(base, LengthWithoutTrailingSpaces(static_cast<const char*>(base),
398 size));
399 }
400
401 #if defined(OS_CHROMEOS)
402 // This subclass is used on Chromium OS to report crashes in a format easy for
403 // the central crash reporting facility to understand.
404 // Format is <name>:<data length in decimal>:<data>
405 class CrashReporterWriter : public MimeWriter
406 {
407 public:
408 explicit CrashReporterWriter(int fd);
409
410 virtual void AddBoundary() OVERRIDE;
411
412 virtual void AddEnd() OVERRIDE;
413
414 virtual void AddPairData(const char* msg_type,
415 size_t msg_type_size,
416 const char* msg_data,
417 size_t msg_data_size) OVERRIDE;
418
419 virtual void AddPairDataInChunks(const char* msg_type,
420 size_t msg_type_size,
421 const char* msg_data,
422 size_t msg_data_size,
423 size_t chunk_size,
424 bool strip_trailing_spaces) OVERRIDE;
425
426 virtual void AddFileContents(const char* filename_msg,
427 uint8_t* file_data,
428 size_t file_size) OVERRIDE;
429
430 private:
431 DISALLOW_COPY_AND_ASSIGN(CrashReporterWriter);
432 };
433
434
CrashReporterWriter(int fd)435 CrashReporterWriter::CrashReporterWriter(int fd) : MimeWriter(fd, "") {}
436
437 // No-ops.
AddBoundary()438 void CrashReporterWriter::AddBoundary() {}
AddEnd()439 void CrashReporterWriter::AddEnd() {}
440
AddPairData(const char * msg_type,size_t msg_type_size,const char * msg_data,size_t msg_data_size)441 void CrashReporterWriter::AddPairData(const char* msg_type,
442 size_t msg_type_size,
443 const char* msg_data,
444 size_t msg_data_size) {
445 char data[kUint64StringSize];
446 const unsigned data_len = my_uint_len(msg_data_size);
447 my_uitos(data, msg_data_size, data_len);
448
449 AddItem(msg_type, msg_type_size);
450 AddString(g_sep);
451 AddItem(data, data_len);
452 AddString(g_sep);
453 AddItem(msg_data, msg_data_size);
454 Flush();
455 }
456
AddPairDataInChunks(const char * msg_type,size_t msg_type_size,const char * msg_data,size_t msg_data_size,size_t chunk_size,bool strip_trailing_spaces)457 void CrashReporterWriter::AddPairDataInChunks(const char* msg_type,
458 size_t msg_type_size,
459 const char* msg_data,
460 size_t msg_data_size,
461 size_t chunk_size,
462 bool strip_trailing_spaces) {
463 if (chunk_size > kMaxCrashChunkSize)
464 return;
465
466 unsigned i = 0;
467 size_t done = 0;
468 size_t msg_length = msg_data_size;
469
470 while (msg_length) {
471 char num[kUint64StringSize];
472 const unsigned num_len = my_uint_len(++i);
473 my_uitos(num, i, num_len);
474
475 size_t chunk_len = std::min(chunk_size, msg_length);
476
477 size_t write_len = chunk_len;
478 if (strip_trailing_spaces) {
479 // Take care of this here because we need to know the exact length of
480 // what is going to be written.
481 write_len = LengthWithoutTrailingSpaces(msg_data + done, write_len);
482 }
483
484 char data[kUint64StringSize];
485 const unsigned data_len = my_uint_len(write_len);
486 my_uitos(data, write_len, data_len);
487
488 AddItem(msg_type, msg_type_size);
489 AddItem(num, num_len);
490 AddString(g_sep);
491 AddItem(data, data_len);
492 AddString(g_sep);
493 AddItem(msg_data + done, write_len);
494 Flush();
495
496 done += chunk_len;
497 msg_length -= chunk_len;
498 }
499 }
500
AddFileContents(const char * filename_msg,uint8_t * file_data,size_t file_size)501 void CrashReporterWriter::AddFileContents(const char* filename_msg,
502 uint8_t* file_data,
503 size_t file_size) {
504 char data[kUint64StringSize];
505 const unsigned data_len = my_uint_len(file_size);
506 my_uitos(data, file_size, data_len);
507
508 AddString(filename_msg);
509 AddString(g_sep);
510 AddItem(data, data_len);
511 AddString(g_sep);
512 AddItem(file_data, file_size);
513 Flush();
514 }
515 #endif
516
DumpProcess()517 void DumpProcess() {
518 if (g_breakpad)
519 g_breakpad->WriteMinidump();
520 }
521
522 #if defined(OS_ANDROID)
523 const char kGoogleBreakpad[] = "google-breakpad";
524 #endif
525
WriteLog(const char * buf,size_t nbytes)526 size_t WriteLog(const char* buf, size_t nbytes) {
527 #if defined(OS_ANDROID)
528 return __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad, buf);
529 #else
530 return sys_write(2, buf, nbytes);
531 #endif
532 }
533
534 #if defined(OS_ANDROID)
535 // Android's native crash handler outputs a diagnostic tombstone to the device
536 // log. By returning false from the HandlerCallbacks, breakpad will reinstall
537 // the previous (i.e. native) signal handlers before returning from its own
538 // handler. A Chrome build fingerprint is written to the log, so that the
539 // specific build of Chrome and the location of the archived Chrome symbols can
540 // be determined directly from it.
FinalizeCrashDoneAndroid()541 bool FinalizeCrashDoneAndroid() {
542 base::android::BuildInfo* android_build_info =
543 base::android::BuildInfo::GetInstance();
544
545 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
546 "### ### ### ### ### ### ### ### ### ### ### ### ###");
547 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
548 "Chrome build fingerprint:");
549 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
550 android_build_info->package_version_name());
551 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
552 android_build_info->package_version_code());
553 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
554 CHROME_BUILD_ID);
555 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
556 "### ### ### ### ### ### ### ### ### ### ### ### ###");
557 return false;
558 }
559 #endif
560
CrashDone(const MinidumpDescriptor & minidump,const bool upload,const bool succeeded)561 bool CrashDone(const MinidumpDescriptor& minidump,
562 const bool upload,
563 const bool succeeded) {
564 // WARNING: this code runs in a compromised context. It may not call into
565 // libc nor allocate memory normally.
566 if (!succeeded) {
567 const char msg[] = "Failed to generate minidump.";
568 WriteLog(msg, sizeof(msg) - 1);
569 return false;
570 }
571
572 DCHECK(!minidump.IsFD());
573
574 BreakpadInfo info = {0};
575 info.filename = minidump.path();
576 info.fd = minidump.fd();
577 #if defined(ADDRESS_SANITIZER)
578 google_breakpad::PageAllocator allocator;
579 const size_t log_path_len = my_strlen(minidump.path());
580 char* log_path = reinterpret_cast<char*>(allocator.Alloc(log_path_len + 1));
581 my_memcpy(log_path, minidump.path(), log_path_len);
582 my_memcpy(log_path + log_path_len - 4, ".log", 4);
583 log_path[log_path_len] = '\0';
584 info.log_filename = log_path;
585 #endif
586 info.process_type = "browser";
587 info.process_type_length = 7;
588 info.distro = base::g_linux_distro;
589 info.distro_length = my_strlen(base::g_linux_distro);
590 info.upload = upload;
591 info.process_start_time = g_process_start_time;
592 info.oom_size = base::g_oom_size;
593 info.pid = g_pid;
594 info.crash_keys = g_crash_keys;
595 HandleCrashDump(info);
596 #if defined(OS_ANDROID)
597 return FinalizeCrashDoneAndroid();
598 #else
599 return true;
600 #endif
601 }
602
603 // Wrapper function, do not add more code here.
CrashDoneNoUpload(const MinidumpDescriptor & minidump,void * context,bool succeeded)604 bool CrashDoneNoUpload(const MinidumpDescriptor& minidump,
605 void* context,
606 bool succeeded) {
607 return CrashDone(minidump, false, succeeded);
608 }
609
610 #if !defined(OS_ANDROID)
611 // Wrapper function, do not add more code here.
CrashDoneUpload(const MinidumpDescriptor & minidump,void * context,bool succeeded)612 bool CrashDoneUpload(const MinidumpDescriptor& minidump,
613 void* context,
614 bool succeeded) {
615 return CrashDone(minidump, true, succeeded);
616 }
617 #endif
618
619 #if defined(ADDRESS_SANITIZER)
620 extern "C"
621 void __asan_set_error_report_callback(void (*cb)(const char*));
622
623 extern "C"
AsanLinuxBreakpadCallback(const char * report)624 void AsanLinuxBreakpadCallback(const char* report) {
625 g_asan_report_str = report;
626 // Send minidump here.
627 g_breakpad->SimulateSignalDelivery(SIGKILL);
628 }
629 #endif
630
EnableCrashDumping(bool unattended)631 void EnableCrashDumping(bool unattended) {
632 g_is_crash_reporter_enabled = true;
633
634 base::FilePath tmp_path("/tmp");
635 PathService::Get(base::DIR_TEMP, &tmp_path);
636
637 base::FilePath dumps_path(tmp_path);
638 if (GetBreakpadClient()->GetCrashDumpLocation(&dumps_path)) {
639 base::FilePath logfile =
640 dumps_path.Append(GetBreakpadClient()->GetReporterLogFilename());
641 std::string logfile_str = logfile.value();
642 const size_t crash_log_path_len = logfile_str.size() + 1;
643 g_crash_log_path = new char[crash_log_path_len];
644 strncpy(g_crash_log_path, logfile_str.c_str(), crash_log_path_len);
645 }
646 DCHECK(!g_breakpad);
647 MinidumpDescriptor minidump_descriptor(dumps_path.value());
648 minidump_descriptor.set_size_limit(kMaxMinidumpFileSize);
649 #if defined(OS_ANDROID)
650 unattended = true; // Android never uploads directly.
651 #endif
652 if (unattended) {
653 g_breakpad = new ExceptionHandler(
654 minidump_descriptor,
655 NULL,
656 CrashDoneNoUpload,
657 NULL,
658 true, // Install handlers.
659 -1); // Server file descriptor. -1 for in-process.
660 return;
661 }
662
663 #if !defined(OS_ANDROID)
664 // Attended mode
665 g_breakpad = new ExceptionHandler(
666 minidump_descriptor,
667 NULL,
668 CrashDoneUpload,
669 NULL,
670 true, // Install handlers.
671 -1); // Server file descriptor. -1 for in-process.
672 #endif
673 }
674
675 #if defined(OS_ANDROID)
CrashDoneInProcessNoUpload(const google_breakpad::MinidumpDescriptor & descriptor,void * context,const bool succeeded)676 bool CrashDoneInProcessNoUpload(
677 const google_breakpad::MinidumpDescriptor& descriptor,
678 void* context,
679 const bool succeeded) {
680 // WARNING: this code runs in a compromised context. It may not call into
681 // libc nor allocate memory normally.
682 if (!succeeded) {
683 static const char msg[] = "Crash dump generation failed.\n";
684 WriteLog(msg, sizeof(msg) - 1);
685 return false;
686 }
687
688 // Start constructing the message to send to the browser.
689 char distro[kDistroSize + 1] = {0};
690 size_t distro_length = 0;
691 PopulateDistro(distro, &distro_length);
692 BreakpadInfo info = {0};
693 info.filename = NULL;
694 info.fd = descriptor.fd();
695 info.process_type = g_process_type;
696 info.process_type_length = my_strlen(g_process_type);
697 info.distro = distro;
698 info.distro_length = distro_length;
699 info.upload = false;
700 info.process_start_time = g_process_start_time;
701 info.pid = g_pid;
702 info.crash_keys = g_crash_keys;
703 HandleCrashDump(info);
704 return FinalizeCrashDoneAndroid();
705 }
706
EnableNonBrowserCrashDumping(const std::string & process_type,int minidump_fd)707 void EnableNonBrowserCrashDumping(const std::string& process_type,
708 int minidump_fd) {
709 // This will guarantee that the BuildInfo has been initialized and subsequent
710 // calls will not require memory allocation.
711 base::android::BuildInfo::GetInstance();
712 SetClientIdFromCommandLine(*CommandLine::ForCurrentProcess());
713
714 // On Android, the current sandboxing uses process isolation, in which the
715 // child process runs with a different UID. That breaks the normal crash
716 // reporting where the browser process generates the minidump by inspecting
717 // the child process. This is because the browser process now does not have
718 // the permission to access the states of the child process (as it has a
719 // different UID).
720 // TODO(jcivelli): http://b/issue?id=6776356 we should use a watchdog
721 // process forked from the renderer process that generates the minidump.
722 if (minidump_fd == -1) {
723 LOG(ERROR) << "Minidump file descriptor not found, crash reporting will "
724 " not work.";
725 return;
726 }
727 SetProcessStartTime();
728 g_pid = getpid();
729
730 g_is_crash_reporter_enabled = true;
731 // Save the process type (it is leaked).
732 const size_t process_type_len = process_type.size() + 1;
733 g_process_type = new char[process_type_len];
734 strncpy(g_process_type, process_type.c_str(), process_type_len);
735 new google_breakpad::ExceptionHandler(MinidumpDescriptor(minidump_fd),
736 NULL, CrashDoneInProcessNoUpload, NULL, true, -1);
737 }
738 #else
739 // Non-Browser = Extension, Gpu, Plugins, Ppapi and Renderer
NonBrowserCrashHandler(const void * crash_context,size_t crash_context_size,void * context)740 bool NonBrowserCrashHandler(const void* crash_context,
741 size_t crash_context_size,
742 void* context) {
743 const int fd = reinterpret_cast<intptr_t>(context);
744 int fds[2] = { -1, -1 };
745 if (sys_socketpair(AF_UNIX, SOCK_STREAM, 0, fds) < 0) {
746 static const char msg[] = "Failed to create socket for crash dumping.\n";
747 WriteLog(msg, sizeof(msg) - 1);
748 return false;
749 }
750
751 // Start constructing the message to send to the browser.
752 char distro[kDistroSize + 1] = {0};
753 PopulateDistro(distro, NULL);
754
755 char b; // Dummy variable for sys_read below.
756 const char* b_addr = &b; // Get the address of |b| so we can create the
757 // expected /proc/[pid]/syscall content in the
758 // browser to convert namespace tids.
759
760 // The length of the control message:
761 static const unsigned kControlMsgSize = sizeof(fds);
762 static const unsigned kControlMsgSpaceSize = CMSG_SPACE(kControlMsgSize);
763 static const unsigned kControlMsgLenSize = CMSG_LEN(kControlMsgSize);
764
765 struct kernel_msghdr msg;
766 my_memset(&msg, 0, sizeof(struct kernel_msghdr));
767 struct kernel_iovec iov[kCrashIovSize];
768 iov[0].iov_base = const_cast<void*>(crash_context);
769 iov[0].iov_len = crash_context_size;
770 iov[1].iov_base = distro;
771 iov[1].iov_len = kDistroSize + 1;
772 iov[2].iov_base = &b_addr;
773 iov[2].iov_len = sizeof(b_addr);
774 iov[3].iov_base = &fds[0];
775 iov[3].iov_len = sizeof(fds[0]);
776 iov[4].iov_base = &g_process_start_time;
777 iov[4].iov_len = sizeof(g_process_start_time);
778 iov[5].iov_base = &base::g_oom_size;
779 iov[5].iov_len = sizeof(base::g_oom_size);
780 google_breakpad::SerializedNonAllocatingMap* serialized_map;
781 iov[6].iov_len = g_crash_keys->Serialize(
782 const_cast<const google_breakpad::SerializedNonAllocatingMap**>(
783 &serialized_map));
784 iov[6].iov_base = serialized_map;
785 #if defined(ADDRESS_SANITIZER)
786 iov[7].iov_base = const_cast<char*>(g_asan_report_str);
787 iov[7].iov_len = kMaxAsanReportSize + 1;
788 #endif
789
790 msg.msg_iov = iov;
791 msg.msg_iovlen = kCrashIovSize;
792 char cmsg[kControlMsgSpaceSize];
793 my_memset(cmsg, 0, kControlMsgSpaceSize);
794 msg.msg_control = cmsg;
795 msg.msg_controllen = sizeof(cmsg);
796
797 struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
798 hdr->cmsg_level = SOL_SOCKET;
799 hdr->cmsg_type = SCM_RIGHTS;
800 hdr->cmsg_len = kControlMsgLenSize;
801 ((int*) CMSG_DATA(hdr))[0] = fds[0];
802 ((int*) CMSG_DATA(hdr))[1] = fds[1];
803
804 if (HANDLE_EINTR(sys_sendmsg(fd, &msg, 0)) < 0) {
805 static const char errmsg[] = "Failed to tell parent about crash.\n";
806 WriteLog(errmsg, sizeof(errmsg) - 1);
807 IGNORE_RET(sys_close(fds[1]));
808 return false;
809 }
810 IGNORE_RET(sys_close(fds[1]));
811
812 if (HANDLE_EINTR(sys_read(fds[0], &b, 1)) != 1) {
813 static const char errmsg[] = "Parent failed to complete crash dump.\n";
814 WriteLog(errmsg, sizeof(errmsg) - 1);
815 }
816
817 return true;
818 }
819
EnableNonBrowserCrashDumping()820 void EnableNonBrowserCrashDumping() {
821 const int fd = base::GlobalDescriptors::GetInstance()->Get(kCrashDumpSignal);
822 g_is_crash_reporter_enabled = true;
823 // We deliberately leak this object.
824 DCHECK(!g_breakpad);
825
826 g_breakpad = new ExceptionHandler(
827 MinidumpDescriptor("/tmp"), // Unused but needed or Breakpad will assert.
828 NULL,
829 NULL,
830 reinterpret_cast<void*>(fd), // Param passed to the crash handler.
831 true,
832 -1);
833 g_breakpad->set_crash_handler(NonBrowserCrashHandler);
834 }
835 #endif // defined(OS_ANDROID)
836
SetCrashKeyValue(const base::StringPiece & key,const base::StringPiece & value)837 void SetCrashKeyValue(const base::StringPiece& key,
838 const base::StringPiece& value) {
839 g_crash_keys->SetKeyValue(key.data(), value.data());
840 }
841
ClearCrashKey(const base::StringPiece & key)842 void ClearCrashKey(const base::StringPiece& key) {
843 g_crash_keys->RemoveKey(key.data());
844 }
845
846 } // namespace
847
LoadDataFromFD(google_breakpad::PageAllocator & allocator,int fd,bool close_fd,uint8_t ** file_data,size_t * size)848 void LoadDataFromFD(google_breakpad::PageAllocator& allocator,
849 int fd, bool close_fd, uint8_t** file_data, size_t* size) {
850 STAT_STRUCT st;
851 if (FSTAT_FUNC(fd, &st) != 0) {
852 static const char msg[] = "Cannot upload crash dump: stat failed\n";
853 WriteLog(msg, sizeof(msg) - 1);
854 if (close_fd)
855 IGNORE_RET(sys_close(fd));
856 return;
857 }
858
859 *file_data = reinterpret_cast<uint8_t*>(allocator.Alloc(st.st_size));
860 if (!(*file_data)) {
861 static const char msg[] = "Cannot upload crash dump: cannot alloc\n";
862 WriteLog(msg, sizeof(msg) - 1);
863 if (close_fd)
864 IGNORE_RET(sys_close(fd));
865 return;
866 }
867 my_memset(*file_data, 0xf, st.st_size);
868
869 *size = st.st_size;
870 int byte_read = sys_read(fd, *file_data, *size);
871 if (byte_read == -1) {
872 static const char msg[] = "Cannot upload crash dump: read failed\n";
873 WriteLog(msg, sizeof(msg) - 1);
874 if (close_fd)
875 IGNORE_RET(sys_close(fd));
876 return;
877 }
878
879 if (close_fd)
880 IGNORE_RET(sys_close(fd));
881 }
882
LoadDataFromFile(google_breakpad::PageAllocator & allocator,const char * filename,int * fd,uint8_t ** file_data,size_t * size)883 void LoadDataFromFile(google_breakpad::PageAllocator& allocator,
884 const char* filename,
885 int* fd, uint8_t** file_data, size_t* size) {
886 // WARNING: this code runs in a compromised context. It may not call into
887 // libc nor allocate memory normally.
888 *fd = sys_open(filename, O_RDONLY, 0);
889 *size = 0;
890
891 if (*fd < 0) {
892 static const char msg[] = "Cannot upload crash dump: failed to open\n";
893 WriteLog(msg, sizeof(msg) - 1);
894 return;
895 }
896
897 LoadDataFromFD(allocator, *fd, true, file_data, size);
898 }
899
900 // Spawn the appropriate upload process for the current OS:
901 // - generic Linux invokes wget.
902 // - ChromeOS invokes crash_reporter.
903 // |dumpfile| is the path to the dump data file.
904 // |mime_boundary| is only used on Linux.
905 // |exe_buf| is only used on CrOS and is the crashing process' name.
ExecUploadProcessOrTerminate(const BreakpadInfo & info,const char * dumpfile,const char * mime_boundary,const char * exe_buf,google_breakpad::PageAllocator * allocator)906 void ExecUploadProcessOrTerminate(const BreakpadInfo& info,
907 const char* dumpfile,
908 const char* mime_boundary,
909 const char* exe_buf,
910 google_breakpad::PageAllocator* allocator) {
911 #if defined(OS_CHROMEOS)
912 // CrOS uses crash_reporter instead of wget to report crashes,
913 // it needs to know where the crash dump lives and the pid and uid of the
914 // crashing process.
915 static const char kCrashReporterBinary[] = "/sbin/crash_reporter";
916
917 char pid_buf[kUint64StringSize];
918 uint64_t pid_str_length = my_uint64_len(info.pid);
919 my_uint64tos(pid_buf, info.pid, pid_str_length);
920 pid_buf[pid_str_length] = '\0';
921
922 char uid_buf[kUint64StringSize];
923 uid_t uid = geteuid();
924 uint64_t uid_str_length = my_uint64_len(uid);
925 my_uint64tos(uid_buf, uid, uid_str_length);
926 uid_buf[uid_str_length] = '\0';
927 const char* args[] = {
928 kCrashReporterBinary,
929 "--chrome",
930 dumpfile,
931 "--pid",
932 pid_buf,
933 "--uid",
934 uid_buf,
935 "--exe",
936 exe_buf,
937 NULL,
938 };
939 static const char msg[] = "Cannot upload crash dump: cannot exec "
940 "/sbin/crash_reporter\n";
941 #else
942 // The --header argument to wget looks like:
943 // --header=Content-Type: multipart/form-data; boundary=XYZ
944 // where the boundary has two fewer leading '-' chars
945 static const char header_msg[] =
946 "--header=Content-Type: multipart/form-data; boundary=";
947 char* const header = reinterpret_cast<char*>(allocator->Alloc(
948 sizeof(header_msg) - 1 + strlen(mime_boundary) - 2 + 1));
949 memcpy(header, header_msg, sizeof(header_msg) - 1);
950 memcpy(header + sizeof(header_msg) - 1, mime_boundary + 2,
951 strlen(mime_boundary) - 2);
952 // We grab the NUL byte from the end of |mime_boundary|.
953
954 // The --post-file argument to wget looks like:
955 // --post-file=/tmp/...
956 static const char post_file_msg[] = "--post-file=";
957 char* const post_file = reinterpret_cast<char*>(allocator->Alloc(
958 sizeof(post_file_msg) - 1 + strlen(dumpfile) + 1));
959 memcpy(post_file, post_file_msg, sizeof(post_file_msg) - 1);
960 memcpy(post_file + sizeof(post_file_msg) - 1, dumpfile, strlen(dumpfile));
961
962 static const char kWgetBinary[] = "/usr/bin/wget";
963 const char* args[] = {
964 kWgetBinary,
965 header,
966 post_file,
967 kUploadURL,
968 "--timeout=10", // Set a timeout so we don't hang forever.
969 "--tries=1", // Don't retry if the upload fails.
970 "-O", // output reply to fd 3
971 "/dev/fd/3",
972 NULL,
973 };
974 static const char msg[] = "Cannot upload crash dump: cannot exec "
975 "/usr/bin/wget\n";
976 #endif
977 execve(args[0], const_cast<char**>(args), environ);
978 WriteLog(msg, sizeof(msg) - 1);
979 sys__exit(1);
980 }
981
982 #if defined(OS_CHROMEOS)
GetCrashingProcessName(const BreakpadInfo & info,google_breakpad::PageAllocator * allocator)983 const char* GetCrashingProcessName(const BreakpadInfo& info,
984 google_breakpad::PageAllocator* allocator) {
985 // Symlink to process binary is at /proc/###/exe.
986 char linkpath[kUint64StringSize + sizeof("/proc/") + sizeof("/exe")] =
987 "/proc/";
988 uint64_t pid_value_len = my_uint64_len(info.pid);
989 my_uint64tos(linkpath + sizeof("/proc/") - 1, info.pid, pid_value_len);
990 linkpath[sizeof("/proc/") - 1 + pid_value_len] = '\0';
991 my_strlcat(linkpath, "/exe", sizeof(linkpath));
992
993 const int kMaxSize = 4096;
994 char* link = reinterpret_cast<char*>(allocator->Alloc(kMaxSize));
995 if (link) {
996 ssize_t size = readlink(linkpath, link, kMaxSize);
997 if (size < kMaxSize && size > 0) {
998 // readlink(2) doesn't add a terminating NUL, so do it now.
999 link[size] = '\0';
1000
1001 const char* name = my_strrchr(link, '/');
1002 if (name)
1003 return name + 1;
1004 return link;
1005 }
1006 }
1007 // Either way too long, or a read error.
1008 return "chrome-crash-unknown-process";
1009 }
1010 #endif
1011
HandleCrashDump(const BreakpadInfo & info)1012 void HandleCrashDump(const BreakpadInfo& info) {
1013 int dumpfd;
1014 bool keep_fd = false;
1015 size_t dump_size;
1016 uint8_t* dump_data;
1017 google_breakpad::PageAllocator allocator;
1018 const char* exe_buf = NULL;
1019
1020 #if defined(OS_CHROMEOS)
1021 // Grab the crashing process' name now, when it should still be available.
1022 // If we try to do this later in our grandchild the crashing process has
1023 // already terminated.
1024 exe_buf = GetCrashingProcessName(info, &allocator);
1025 #endif
1026
1027 if (info.fd != -1) {
1028 // Dump is provided with an open FD.
1029 keep_fd = true;
1030 dumpfd = info.fd;
1031
1032 // The FD is pointing to the end of the file.
1033 // Rewind, we'll read the data next.
1034 if (lseek(dumpfd, 0, SEEK_SET) == -1) {
1035 static const char msg[] = "Cannot upload crash dump: failed to "
1036 "reposition minidump FD\n";
1037 WriteLog(msg, sizeof(msg) - 1);
1038 IGNORE_RET(sys_close(dumpfd));
1039 return;
1040 }
1041 LoadDataFromFD(allocator, info.fd, false, &dump_data, &dump_size);
1042 } else {
1043 // Dump is provided with a path.
1044 keep_fd = false;
1045 LoadDataFromFile(allocator, info.filename, &dumpfd, &dump_data, &dump_size);
1046 }
1047
1048 // TODO(jcivelli): make log work when using FDs.
1049 #if defined(ADDRESS_SANITIZER)
1050 int logfd;
1051 size_t log_size;
1052 uint8_t* log_data;
1053 // Load the AddressSanitizer log into log_data.
1054 LoadDataFromFile(allocator, info.log_filename, &logfd, &log_data, &log_size);
1055 #endif
1056
1057 // We need to build a MIME block for uploading to the server. Since we are
1058 // going to fork and run wget, it needs to be written to a temp file.
1059 const int ufd = sys_open("/dev/urandom", O_RDONLY, 0);
1060 if (ufd < 0) {
1061 static const char msg[] = "Cannot upload crash dump because /dev/urandom"
1062 " is missing\n";
1063 WriteLog(msg, sizeof(msg) - 1);
1064 return;
1065 }
1066
1067 static const char temp_file_template[] =
1068 "/tmp/chromium-upload-XXXXXXXXXXXXXXXX";
1069 char temp_file[sizeof(temp_file_template)];
1070 int temp_file_fd = -1;
1071 if (keep_fd) {
1072 temp_file_fd = dumpfd;
1073 // Rewind the destination, we are going to overwrite it.
1074 if (lseek(dumpfd, 0, SEEK_SET) == -1) {
1075 static const char msg[] = "Cannot upload crash dump: failed to "
1076 "reposition minidump FD (2)\n";
1077 WriteLog(msg, sizeof(msg) - 1);
1078 IGNORE_RET(sys_close(dumpfd));
1079 return;
1080 }
1081 } else {
1082 if (info.upload) {
1083 memcpy(temp_file, temp_file_template, sizeof(temp_file_template));
1084
1085 for (unsigned i = 0; i < 10; ++i) {
1086 uint64_t t;
1087 sys_read(ufd, &t, sizeof(t));
1088 write_uint64_hex(temp_file + sizeof(temp_file) - (16 + 1), t);
1089
1090 temp_file_fd = sys_open(temp_file, O_WRONLY | O_CREAT | O_EXCL, 0600);
1091 if (temp_file_fd >= 0)
1092 break;
1093 }
1094
1095 if (temp_file_fd < 0) {
1096 static const char msg[] = "Failed to create temporary file in /tmp: "
1097 "cannot upload crash dump\n";
1098 WriteLog(msg, sizeof(msg) - 1);
1099 IGNORE_RET(sys_close(ufd));
1100 return;
1101 }
1102 } else {
1103 temp_file_fd = sys_open(info.filename, O_WRONLY, 0600);
1104 if (temp_file_fd < 0) {
1105 static const char msg[] = "Failed to save crash dump: failed to open\n";
1106 WriteLog(msg, sizeof(msg) - 1);
1107 IGNORE_RET(sys_close(ufd));
1108 return;
1109 }
1110 }
1111 }
1112
1113 // The MIME boundary is 28 hyphens, followed by a 64-bit nonce and a NUL.
1114 char mime_boundary[28 + 16 + 1];
1115 my_memset(mime_boundary, '-', 28);
1116 uint64_t boundary_rand;
1117 sys_read(ufd, &boundary_rand, sizeof(boundary_rand));
1118 write_uint64_hex(mime_boundary + 28, boundary_rand);
1119 mime_boundary[28 + 16] = 0;
1120 IGNORE_RET(sys_close(ufd));
1121
1122 // The MIME block looks like this:
1123 // BOUNDARY \r\n
1124 // Content-Disposition: form-data; name="prod" \r\n \r\n
1125 // Chrome_Linux \r\n
1126 // BOUNDARY \r\n
1127 // Content-Disposition: form-data; name="ver" \r\n \r\n
1128 // 1.2.3.4 \r\n
1129 // BOUNDARY \r\n
1130 //
1131 // zero or one:
1132 // Content-Disposition: form-data; name="ptime" \r\n \r\n
1133 // abcdef \r\n
1134 // BOUNDARY \r\n
1135 //
1136 // zero or one:
1137 // Content-Disposition: form-data; name="ptype" \r\n \r\n
1138 // abcdef \r\n
1139 // BOUNDARY \r\n
1140 //
1141 // zero or one:
1142 // Content-Disposition: form-data; name="lsb-release" \r\n \r\n
1143 // abcdef \r\n
1144 // BOUNDARY \r\n
1145 //
1146 // zero or one:
1147 // Content-Disposition: form-data; name="oom-size" \r\n \r\n
1148 // 1234567890 \r\n
1149 // BOUNDARY \r\n
1150 //
1151 // zero or more (up to CrashKeyStorage::num_entries = 64):
1152 // Content-Disposition: form-data; name=crash-key-name \r\n
1153 // crash-key-value \r\n
1154 // BOUNDARY \r\n
1155 //
1156 // Content-Disposition: form-data; name="dump"; filename="dump" \r\n
1157 // Content-Type: application/octet-stream \r\n \r\n
1158 // <dump contents>
1159 // \r\n BOUNDARY -- \r\n
1160
1161 #if defined(OS_CHROMEOS)
1162 CrashReporterWriter writer(temp_file_fd);
1163 #else
1164 MimeWriter writer(temp_file_fd, mime_boundary);
1165 #endif
1166 {
1167 std::string product_name;
1168 std::string version;
1169
1170 GetBreakpadClient()->GetProductNameAndVersion(&product_name, &version);
1171
1172 writer.AddBoundary();
1173 writer.AddPairString("prod", product_name.c_str());
1174 writer.AddBoundary();
1175 writer.AddPairString("ver", version.c_str());
1176 writer.AddBoundary();
1177 if (info.pid > 0) {
1178 char pid_value_buf[kUint64StringSize];
1179 uint64_t pid_value_len = my_uint64_len(info.pid);
1180 my_uint64tos(pid_value_buf, info.pid, pid_value_len);
1181 static const char pid_key_name[] = "pid";
1182 writer.AddPairData(pid_key_name, sizeof(pid_key_name) - 1,
1183 pid_value_buf, pid_value_len);
1184 writer.AddBoundary();
1185 }
1186 #if defined(OS_ANDROID)
1187 // Addtional MIME blocks are added for logging on Android devices.
1188 static const char android_build_id[] = "android_build_id";
1189 static const char android_build_fp[] = "android_build_fp";
1190 static const char device[] = "device";
1191 static const char model[] = "model";
1192 static const char brand[] = "brand";
1193 static const char exception_info[] = "exception_info";
1194
1195 base::android::BuildInfo* android_build_info =
1196 base::android::BuildInfo::GetInstance();
1197 writer.AddPairString(
1198 android_build_id, android_build_info->android_build_id());
1199 writer.AddBoundary();
1200 writer.AddPairString(
1201 android_build_fp, android_build_info->android_build_fp());
1202 writer.AddBoundary();
1203 writer.AddPairString(device, android_build_info->device());
1204 writer.AddBoundary();
1205 writer.AddPairString(model, android_build_info->model());
1206 writer.AddBoundary();
1207 writer.AddPairString(brand, android_build_info->brand());
1208 writer.AddBoundary();
1209 if (android_build_info->java_exception_info() != NULL) {
1210 writer.AddPairString(exception_info,
1211 android_build_info->java_exception_info());
1212 writer.AddBoundary();
1213 }
1214 #endif
1215 writer.Flush();
1216 }
1217
1218 if (info.process_start_time > 0) {
1219 struct kernel_timeval tv;
1220 if (!sys_gettimeofday(&tv, NULL)) {
1221 uint64_t time = kernel_timeval_to_ms(&tv);
1222 if (time > info.process_start_time) {
1223 time -= info.process_start_time;
1224 char time_str[kUint64StringSize];
1225 const unsigned time_len = my_uint64_len(time);
1226 my_uint64tos(time_str, time, time_len);
1227
1228 static const char process_time_msg[] = "ptime";
1229 writer.AddPairData(process_time_msg, sizeof(process_time_msg) - 1,
1230 time_str, time_len);
1231 writer.AddBoundary();
1232 writer.Flush();
1233 }
1234 }
1235 }
1236
1237 if (info.process_type_length) {
1238 writer.AddPairString("ptype", info.process_type);
1239 writer.AddBoundary();
1240 writer.Flush();
1241 }
1242
1243 if (info.distro_length) {
1244 static const char distro_msg[] = "lsb-release";
1245 writer.AddPairString(distro_msg, info.distro);
1246 writer.AddBoundary();
1247 writer.Flush();
1248 }
1249
1250 if (info.oom_size) {
1251 char oom_size_str[kUint64StringSize];
1252 const unsigned oom_size_len = my_uint64_len(info.oom_size);
1253 my_uint64tos(oom_size_str, info.oom_size, oom_size_len);
1254 static const char oom_size_msg[] = "oom-size";
1255 writer.AddPairData(oom_size_msg, sizeof(oom_size_msg) - 1,
1256 oom_size_str, oom_size_len);
1257 writer.AddBoundary();
1258 writer.Flush();
1259 }
1260
1261 if (info.crash_keys) {
1262 CrashKeyStorage::Iterator crash_key_iterator(*info.crash_keys);
1263 const CrashKeyStorage::Entry* entry;
1264 while ((entry = crash_key_iterator.Next())) {
1265 writer.AddPairString(entry->key, entry->value);
1266 writer.AddBoundary();
1267 writer.Flush();
1268 }
1269 }
1270
1271 writer.AddFileContents(g_dump_msg, dump_data, dump_size);
1272 #if defined(ADDRESS_SANITIZER)
1273 // Append a multipart boundary and the contents of the AddressSanitizer log.
1274 writer.AddBoundary();
1275 writer.AddFileContents(g_log_msg, log_data, log_size);
1276 #endif
1277 writer.AddEnd();
1278 writer.Flush();
1279
1280 IGNORE_RET(sys_close(temp_file_fd));
1281
1282 #if defined(OS_ANDROID)
1283 if (info.filename) {
1284 int filename_length = my_strlen(info.filename);
1285
1286 // If this was a file, we need to copy it to the right place and use the
1287 // right file name so it gets uploaded by the browser.
1288 const char msg[] = "Output crash dump file:";
1289 WriteLog(msg, sizeof(msg) - 1);
1290 WriteLog(info.filename, filename_length - 1);
1291
1292 char pid_buf[kUint64StringSize];
1293 uint64_t pid_str_length = my_uint64_len(info.pid);
1294 my_uint64tos(pid_buf, info.pid, pid_str_length);
1295
1296 // -1 because we won't need the null terminator on the original filename.
1297 unsigned done_filename_len = filename_length - 1 + pid_str_length;
1298 char* done_filename = reinterpret_cast<char*>(
1299 allocator.Alloc(done_filename_len));
1300 // Rename the file such that the pid is the suffix in order signal to other
1301 // processes that the minidump is complete. The advantage of using the pid
1302 // as the suffix is that it is trivial to associate the minidump with the
1303 // crashed process.
1304 // Finally, note strncpy prevents null terminators from
1305 // being copied. Pad the rest with 0's.
1306 my_strncpy(done_filename, info.filename, done_filename_len);
1307 // Append the suffix a null terminator should be added.
1308 my_strncat(done_filename, pid_buf, pid_str_length);
1309 // Rename the minidump file to signal that it is complete.
1310 if (rename(info.filename, done_filename)) {
1311 const char failed_msg[] = "Failed to rename:";
1312 WriteLog(failed_msg, sizeof(failed_msg) - 1);
1313 WriteLog(info.filename, filename_length - 1);
1314 const char to_msg[] = "to";
1315 WriteLog(to_msg, sizeof(to_msg) - 1);
1316 WriteLog(done_filename, done_filename_len - 1);
1317 }
1318 }
1319 #endif
1320
1321 if (!info.upload)
1322 return;
1323
1324 const pid_t child = sys_fork();
1325 if (!child) {
1326 // Spawned helper process.
1327 //
1328 // This code is called both when a browser is crashing (in which case,
1329 // nothing really matters any more) and when a renderer/plugin crashes, in
1330 // which case we need to continue.
1331 //
1332 // Since we are a multithreaded app, if we were just to fork(), we might
1333 // grab file descriptors which have just been created in another thread and
1334 // hold them open for too long.
1335 //
1336 // Thus, we have to loop and try and close everything.
1337 const int fd = sys_open("/proc/self/fd", O_DIRECTORY | O_RDONLY, 0);
1338 if (fd < 0) {
1339 for (unsigned i = 3; i < 8192; ++i)
1340 IGNORE_RET(sys_close(i));
1341 } else {
1342 google_breakpad::DirectoryReader reader(fd);
1343 const char* name;
1344 while (reader.GetNextEntry(&name)) {
1345 int i;
1346 if (my_strtoui(&i, name) && i > 2 && i != fd)
1347 IGNORE_RET(sys_close(i));
1348 reader.PopEntry();
1349 }
1350
1351 IGNORE_RET(sys_close(fd));
1352 }
1353
1354 IGNORE_RET(sys_setsid());
1355
1356 // Leave one end of a pipe in the upload process and watch for it getting
1357 // closed by the upload process exiting.
1358 int fds[2];
1359 if (sys_pipe(fds) >= 0) {
1360 const pid_t upload_child = sys_fork();
1361 if (!upload_child) {
1362 // Upload process.
1363 IGNORE_RET(sys_close(fds[0]));
1364 IGNORE_RET(sys_dup2(fds[1], 3));
1365 ExecUploadProcessOrTerminate(info, temp_file, mime_boundary, exe_buf,
1366 &allocator);
1367 }
1368
1369 // Helper process.
1370 if (upload_child > 0) {
1371 IGNORE_RET(sys_close(fds[1]));
1372 char id_buf[17]; // Crash report IDs are expected to be 16 chars.
1373 ssize_t len = -1;
1374 // Upload should finish in about 10 seconds. Add a few more 500 ms
1375 // internals to account for process startup time.
1376 for (size_t wait_count = 0; wait_count < 24; ++wait_count) {
1377 struct kernel_pollfd poll_fd;
1378 poll_fd.fd = fds[0];
1379 poll_fd.events = POLLIN | POLLPRI | POLLERR;
1380 int ret = sys_poll(&poll_fd, 1, 500);
1381 if (ret < 0) {
1382 // Error
1383 break;
1384 } else if (ret > 0) {
1385 // There is data to read.
1386 len = HANDLE_EINTR(sys_read(fds[0], id_buf, sizeof(id_buf) - 1));
1387 break;
1388 }
1389 // ret == 0 -> timed out, continue waiting.
1390 }
1391 if (len > 0) {
1392 // Write crash dump id to stderr.
1393 id_buf[len] = 0;
1394 static const char msg[] = "\nCrash dump id: ";
1395 WriteLog(msg, sizeof(msg) - 1);
1396 WriteLog(id_buf, my_strlen(id_buf));
1397 WriteLog("\n", 1);
1398
1399 // Write crash dump id to crash log as: seconds_since_epoch,crash_id
1400 struct kernel_timeval tv;
1401 if (g_crash_log_path && !sys_gettimeofday(&tv, NULL)) {
1402 uint64_t time = kernel_timeval_to_ms(&tv) / 1000;
1403 char time_str[kUint64StringSize];
1404 const unsigned time_len = my_uint64_len(time);
1405 my_uint64tos(time_str, time, time_len);
1406
1407 int log_fd = sys_open(g_crash_log_path,
1408 O_CREAT | O_WRONLY | O_APPEND,
1409 0600);
1410 if (log_fd > 0) {
1411 sys_write(log_fd, time_str, time_len);
1412 sys_write(log_fd, ",", 1);
1413 sys_write(log_fd, id_buf, my_strlen(id_buf));
1414 sys_write(log_fd, "\n", 1);
1415 IGNORE_RET(sys_close(log_fd));
1416 }
1417 }
1418 }
1419 if (sys_waitpid(upload_child, NULL, WNOHANG) == 0) {
1420 // Upload process is still around, kill it.
1421 sys_kill(upload_child, SIGKILL);
1422 }
1423 }
1424 }
1425
1426 // Helper process.
1427 IGNORE_RET(sys_unlink(info.filename));
1428 #if defined(ADDRESS_SANITIZER)
1429 IGNORE_RET(sys_unlink(info.log_filename));
1430 #endif
1431 IGNORE_RET(sys_unlink(temp_file));
1432 sys__exit(0);
1433 }
1434
1435 // Main browser process.
1436 if (child <= 0)
1437 return;
1438 (void) HANDLE_EINTR(sys_waitpid(child, NULL, 0));
1439 }
1440
InitCrashReporter(const std::string & process_type)1441 void InitCrashReporter(const std::string& process_type) {
1442 #if defined(OS_ANDROID)
1443 // This will guarantee that the BuildInfo has been initialized and subsequent
1444 // calls will not require memory allocation.
1445 base::android::BuildInfo::GetInstance();
1446 #endif
1447 // Determine the process type and take appropriate action.
1448 const CommandLine& parsed_command_line = *CommandLine::ForCurrentProcess();
1449 if (parsed_command_line.HasSwitch(switches::kDisableBreakpad))
1450 return;
1451
1452 if (process_type.empty()) {
1453 bool enable_breakpad = GetBreakpadClient()->GetCollectStatsConsent() ||
1454 GetBreakpadClient()->IsRunningUnattended();
1455 enable_breakpad &=
1456 !parsed_command_line.HasSwitch(switches::kDisableBreakpad);
1457 if (!enable_breakpad) {
1458 enable_breakpad = parsed_command_line.HasSwitch(
1459 switches::kEnableCrashReporterForTesting);
1460 }
1461 if (!enable_breakpad) {
1462 VLOG(1) << "Breakpad disabled";
1463 return;
1464 }
1465
1466 EnableCrashDumping(GetBreakpadClient()->IsRunningUnattended());
1467 } else if (GetBreakpadClient()->EnableBreakpadForProcess(process_type)) {
1468 #if defined(OS_ANDROID)
1469 NOTREACHED() << "Breakpad initialized with InitCrashReporter() instead of "
1470 "InitNonBrowserCrashReporter in " << process_type << " process.";
1471 return;
1472 #else
1473 // We might be chrooted in a zygote or renderer process so we cannot call
1474 // GetCollectStatsConsent because that needs access the the user's home
1475 // dir. Instead, we set a command line flag for these processes.
1476 // Even though plugins are not chrooted, we share the same code path for
1477 // simplicity.
1478 if (!parsed_command_line.HasSwitch(switches::kEnableCrashReporter))
1479 return;
1480 SetClientIdFromCommandLine(parsed_command_line);
1481 EnableNonBrowserCrashDumping();
1482 VLOG(1) << "Non Browser crash dumping enabled for: " << process_type;
1483 #endif // #if defined(OS_ANDROID)
1484 }
1485
1486 SetProcessStartTime();
1487 g_pid = getpid();
1488
1489 GetBreakpadClient()->SetDumpWithoutCrashingFunction(&DumpProcess);
1490 #if defined(ADDRESS_SANITIZER)
1491 // Register the callback for AddressSanitizer error reporting.
1492 __asan_set_error_report_callback(AsanLinuxBreakpadCallback);
1493 #endif
1494
1495 g_crash_keys = new CrashKeyStorage;
1496 GetBreakpadClient()->RegisterCrashKeys();
1497 base::debug::SetCrashKeyReportingFunctions(
1498 &SetCrashKeyValue, &ClearCrashKey);
1499 }
1500
1501 #if defined(OS_ANDROID)
InitNonBrowserCrashReporterForAndroid(const std::string & process_type)1502 void InitNonBrowserCrashReporterForAndroid(const std::string& process_type) {
1503 const CommandLine* command_line = CommandLine::ForCurrentProcess();
1504 if (command_line->HasSwitch(switches::kEnableCrashReporter)) {
1505 // On Android we need to provide a FD to the file where the minidump is
1506 // generated as the renderer and browser run with different UIDs
1507 // (preventing the browser from inspecting the renderer process).
1508 int minidump_fd = base::GlobalDescriptors::GetInstance()->MaybeGet(
1509 GetBreakpadClient()->GetAndroidMinidumpDescriptor());
1510 if (minidump_fd == base::kInvalidPlatformFileValue) {
1511 NOTREACHED() << "Could not find minidump FD, crash reporting disabled.";
1512 } else {
1513 EnableNonBrowserCrashDumping(process_type, minidump_fd);
1514 }
1515 }
1516 }
1517 #endif // OS_ANDROID
1518
IsCrashReporterEnabled()1519 bool IsCrashReporterEnabled() {
1520 return g_is_crash_reporter_enabled;
1521 }
1522
1523 } // namespace breakpad
1524