1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // For linux_syscall_support.h. This makes it safe to call embedded system
6 // calls when in seccomp mode.
8 #include "components/breakpad/app/breakpad_linux.h"
14 #include <sys/socket.h>
16 #include <sys/types.h>
25 #include "base/base_switches.h"
26 #include "base/command_line.h"
27 #include "base/debug/crash_logging.h"
28 #include "base/debug/dump_without_crashing.h"
29 #include "base/files/file_path.h"
30 #include "base/linux_util.h"
31 #include "base/path_service.h"
32 #include "base/platform_file.h"
33 #include "base/posix/eintr_wrapper.h"
34 #include "base/posix/global_descriptors.h"
35 #include "base/process/memory.h"
36 #include "base/strings/string_util.h"
37 #include "breakpad/src/client/linux/handler/exception_handler.h"
38 #include "breakpad/src/client/linux/minidump_writer/directory_reader.h"
39 #include "breakpad/src/common/linux/linux_libc_support.h"
40 #include "breakpad/src/common/memory.h"
41 #include "components/breakpad/app/breakpad_client.h"
42 #include "components/breakpad/app/breakpad_linux_impl.h"
43 #include "content/public/common/content_descriptors.h"
45 #if defined(OS_ANDROID)
46 #include <android/log.h>
49 #include "base/android/build_info.h"
50 #include "base/android/path_utils.h"
52 #include "third_party/lss/linux_syscall_support.h"
54 #if defined(ADDRESS_SANITIZER)
55 #include <ucontext.h> // for getcontext().
58 #if defined(OS_ANDROID)
59 #define STAT_STRUCT struct stat
60 #define FSTAT_FUNC fstat
62 #define STAT_STRUCT struct kernel_stat
63 #define FSTAT_FUNC sys_fstat
66 // Some versions of gcc are prone to warn about unused return values. In cases
67 // where we either a) know the call cannot fail, or b) there is nothing we
68 // can do when a call fails, we mark the return code as ignored. This avoids
69 // spurious compiler warnings.
70 #define IGNORE_RET(x) do { if (x); } while (0)
72 using google_breakpad::ExceptionHandler;
73 using google_breakpad::MinidumpDescriptor;
79 #if !defined(OS_CHROMEOS)
80 const char kUploadURL[] = "https://clients2.google.com/cr/report";
83 bool g_is_crash_reporter_enabled = false;
84 uint64_t g_process_start_time = 0;
86 char* g_crash_log_path = NULL;
87 ExceptionHandler* g_breakpad = NULL;
89 #if defined(ADDRESS_SANITIZER)
90 const char* g_asan_report_str = NULL;
92 #if defined(OS_ANDROID)
93 char* g_process_type = NULL;
96 CrashKeyStorage* g_crash_keys = NULL;
98 // Writes the value |v| as 16 hex characters to the memory pointed at by
100 void write_uint64_hex(char* output, uint64_t v) {
101 static const char hextable[] = "0123456789abcdef";
103 for (int i = 15; i >= 0; --i) {
104 output[i] = hextable[v & 15];
109 // The following helper functions are for calculating uptime.
111 // Converts a struct timeval to milliseconds.
112 uint64_t timeval_to_ms(struct timeval *tv) {
113 uint64_t ret = tv->tv_sec; // Avoid overflow by explicitly using a uint64_t.
115 ret += tv->tv_usec / 1000;
119 // Converts a struct timeval to milliseconds.
120 uint64_t kernel_timeval_to_ms(struct kernel_timeval *tv) {
121 uint64_t ret = tv->tv_sec; // Avoid overflow by explicitly using a uint64_t.
123 ret += tv->tv_usec / 1000;
127 // String buffer size to use to convert a uint64_t to string.
128 const size_t kUint64StringSize = 21;
130 void SetProcessStartTime() {
131 // Set the base process start time value.
133 if (!gettimeofday(&tv, NULL))
134 g_process_start_time = timeval_to_ms(&tv);
136 g_process_start_time = 0;
139 // uint64_t version of my_int_len() from
140 // breakpad/src/common/linux/linux_libc_support.h. Return the length of the
141 // given, non-negative integer when expressed in base 10.
142 unsigned my_uint64_len(uint64_t i) {
155 // uint64_t version of my_uitos() from
156 // breakpad/src/common/linux/linux_libc_support.h. Convert a non-negative
157 // integer to a string (not null-terminated).
158 void my_uint64tos(char* output, uint64_t i, unsigned i_len) {
159 for (unsigned index = i_len; index; --index, i /= 10)
160 output[index - 1] = '0' + (i % 10);
163 #if defined(OS_ANDROID)
164 char* my_strncpy(char* dst, const char* src, size_t len) {
169 while (i != 0 && *src != '\0') {
180 char* my_strncat(char *dest, const char* src, size_t len) {
185 if (!(*dest++ = *src++))
192 size_t LengthWithoutTrailingSpaces(const char* str, size_t len) {
193 while (len > 0 && str[len - 1] == ' ') {
199 // Populates the passed in allocated string and its size with the distro of
200 // the crashing process.
201 // The passed string is expected to be at least kDistroSize bytes long.
202 void PopulateDistro(char* distro, size_t* distro_len_param) {
203 size_t distro_len = std::min(my_strlen(base::g_linux_distro), kDistroSize);
204 memcpy(distro, base::g_linux_distro, distro_len);
205 if (distro_len_param)
206 *distro_len_param = distro_len;
209 void SetClientIdFromCommandLine(const CommandLine& command_line) {
210 // Get the guid and linux distro from the command line switch.
211 std::string switch_value =
212 command_line.GetSwitchValueASCII(switches::kEnableCrashReporter);
213 size_t separator = switch_value.find(",");
214 if (separator != std::string::npos) {
215 GetBreakpadClient()->SetClientID(switch_value.substr(0, separator));
216 base::SetLinuxDistro(switch_value.substr(separator + 1));
218 GetBreakpadClient()->SetClientID(switch_value);
223 #if defined(OS_CHROMEOS)
224 const char g_sep[] = ":";
226 const char g_rn[] = "\r\n";
227 const char g_form_data_msg[] = "Content-Disposition: form-data; name=\"";
228 const char g_quote_msg[] = "\"";
229 const char g_dashdash_msg[] = "--";
230 const char g_dump_msg[] = "upload_file_minidump\"; filename=\"dump\"";
231 #if defined(ADDRESS_SANITIZER)
232 const char g_log_msg[] = "upload_file_log\"; filename=\"log\"";
234 const char g_content_type_msg[] = "Content-Type: application/octet-stream";
236 // MimeWriter manages an iovec for writing MIMEs to a file.
239 static const int kIovCapacity = 30;
240 static const size_t kMaxCrashChunkSize = 64;
242 MimeWriter(int fd, const char* const mime_boundary);
246 virtual void AddBoundary();
248 // Append end of file boundary.
249 virtual void AddEnd();
251 // Append key/value pair with specified sizes.
252 virtual void AddPairData(const char* msg_type,
253 size_t msg_type_size,
254 const char* msg_data,
255 size_t msg_data_size);
257 // Append key/value pair.
258 void AddPairString(const char* msg_type,
259 const char* msg_data) {
260 AddPairData(msg_type, my_strlen(msg_type), msg_data, my_strlen(msg_data));
263 // Append key/value pair, splitting value into chunks no larger than
264 // |chunk_size|. |chunk_size| cannot be greater than |kMaxCrashChunkSize|.
265 // The msg_type string will have a counter suffix to distinguish each chunk.
266 virtual void AddPairDataInChunks(const char* msg_type,
267 size_t msg_type_size,
268 const char* msg_data,
269 size_t msg_data_size,
271 bool strip_trailing_spaces);
273 // Add binary file contents to be uploaded with the specified filename.
274 virtual void AddFileContents(const char* filename_msg,
278 // Flush any pending iovecs to the output file.
280 IGNORE_RET(sys_writev(fd_, iov_, iov_index_));
285 void AddItem(const void* base, size_t size);
286 // Minor performance trade-off for easier-to-maintain code.
287 void AddString(const char* str) {
288 AddItem(str, my_strlen(str));
290 void AddItemWithoutTrailingSpaces(const void* base, size_t size);
292 struct kernel_iovec iov_[kIovCapacity];
295 // Output file descriptor.
298 const char* const mime_boundary_;
300 DISALLOW_COPY_AND_ASSIGN(MimeWriter);
303 MimeWriter::MimeWriter(int fd, const char* const mime_boundary)
306 mime_boundary_(mime_boundary) {
309 MimeWriter::~MimeWriter() {
312 void MimeWriter::AddBoundary() {
313 AddString(mime_boundary_);
317 void MimeWriter::AddEnd() {
318 AddString(mime_boundary_);
319 AddString(g_dashdash_msg);
323 void MimeWriter::AddPairData(const char* msg_type,
324 size_t msg_type_size,
325 const char* msg_data,
326 size_t msg_data_size) {
327 AddString(g_form_data_msg);
328 AddItem(msg_type, msg_type_size);
329 AddString(g_quote_msg);
332 AddItem(msg_data, msg_data_size);
336 void MimeWriter::AddPairDataInChunks(const char* msg_type,
337 size_t msg_type_size,
338 const char* msg_data,
339 size_t msg_data_size,
341 bool strip_trailing_spaces) {
342 if (chunk_size > kMaxCrashChunkSize)
346 size_t done = 0, msg_length = msg_data_size;
349 char num[kUint64StringSize];
350 const unsigned num_len = my_uint_len(++i);
351 my_uitos(num, i, num_len);
353 size_t chunk_len = std::min(chunk_size, msg_length);
355 AddString(g_form_data_msg);
356 AddItem(msg_type, msg_type_size);
357 AddItem(num, num_len);
358 AddString(g_quote_msg);
361 if (strip_trailing_spaces) {
362 AddItemWithoutTrailingSpaces(msg_data + done, chunk_len);
364 AddItem(msg_data + done, chunk_len);
371 msg_length -= chunk_len;
375 void MimeWriter::AddFileContents(const char* filename_msg, uint8_t* file_data,
377 AddString(g_form_data_msg);
378 AddString(filename_msg);
380 AddString(g_content_type_msg);
383 AddItem(file_data, file_size);
387 void MimeWriter::AddItem(const void* base, size_t size) {
388 // Check if the iovec is full and needs to be flushed to output file.
389 if (iov_index_ == kIovCapacity) {
392 iov_[iov_index_].iov_base = const_cast<void*>(base);
393 iov_[iov_index_].iov_len = size;
397 void MimeWriter::AddItemWithoutTrailingSpaces(const void* base, size_t size) {
398 AddItem(base, LengthWithoutTrailingSpaces(static_cast<const char*>(base),
402 #if defined(OS_CHROMEOS)
403 // This subclass is used on Chromium OS to report crashes in a format easy for
404 // the central crash reporting facility to understand.
405 // Format is <name>:<data length in decimal>:<data>
406 class CrashReporterWriter : public MimeWriter
409 explicit CrashReporterWriter(int fd);
411 virtual void AddBoundary() OVERRIDE;
413 virtual void AddEnd() OVERRIDE;
415 virtual void AddPairData(const char* msg_type,
416 size_t msg_type_size,
417 const char* msg_data,
418 size_t msg_data_size) OVERRIDE;
420 virtual void AddPairDataInChunks(const char* msg_type,
421 size_t msg_type_size,
422 const char* msg_data,
423 size_t msg_data_size,
425 bool strip_trailing_spaces) OVERRIDE;
427 virtual void AddFileContents(const char* filename_msg,
429 size_t file_size) OVERRIDE;
432 DISALLOW_COPY_AND_ASSIGN(CrashReporterWriter);
436 CrashReporterWriter::CrashReporterWriter(int fd) : MimeWriter(fd, "") {}
439 void CrashReporterWriter::AddBoundary() {}
440 void CrashReporterWriter::AddEnd() {}
442 void CrashReporterWriter::AddPairData(const char* msg_type,
443 size_t msg_type_size,
444 const char* msg_data,
445 size_t msg_data_size) {
446 char data[kUint64StringSize];
447 const unsigned data_len = my_uint_len(msg_data_size);
448 my_uitos(data, msg_data_size, data_len);
450 AddItem(msg_type, msg_type_size);
452 AddItem(data, data_len);
454 AddItem(msg_data, msg_data_size);
458 void CrashReporterWriter::AddPairDataInChunks(const char* msg_type,
459 size_t msg_type_size,
460 const char* msg_data,
461 size_t msg_data_size,
463 bool strip_trailing_spaces) {
464 if (chunk_size > kMaxCrashChunkSize)
469 size_t msg_length = msg_data_size;
472 char num[kUint64StringSize];
473 const unsigned num_len = my_uint_len(++i);
474 my_uitos(num, i, num_len);
476 size_t chunk_len = std::min(chunk_size, msg_length);
478 size_t write_len = chunk_len;
479 if (strip_trailing_spaces) {
480 // Take care of this here because we need to know the exact length of
481 // what is going to be written.
482 write_len = LengthWithoutTrailingSpaces(msg_data + done, write_len);
485 char data[kUint64StringSize];
486 const unsigned data_len = my_uint_len(write_len);
487 my_uitos(data, write_len, data_len);
489 AddItem(msg_type, msg_type_size);
490 AddItem(num, num_len);
492 AddItem(data, data_len);
494 AddItem(msg_data + done, write_len);
498 msg_length -= chunk_len;
502 void CrashReporterWriter::AddFileContents(const char* filename_msg,
505 char data[kUint64StringSize];
506 const unsigned data_len = my_uint_len(file_size);
507 my_uitos(data, file_size, data_len);
509 AddString(filename_msg);
511 AddItem(data, data_len);
513 AddItem(file_data, file_size);
520 g_breakpad->WriteMinidump();
523 #if defined(OS_ANDROID)
524 const char kGoogleBreakpad[] = "google-breakpad";
527 size_t WriteLog(const char* buf, size_t nbytes) {
528 #if defined(OS_ANDROID)
529 return __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad, buf);
531 return sys_write(2, buf, nbytes);
535 #if defined(OS_ANDROID)
536 // Android's native crash handler outputs a diagnostic tombstone to the device
537 // log. By returning false from the HandlerCallbacks, breakpad will reinstall
538 // the previous (i.e. native) signal handlers before returning from its own
539 // handler. A Chrome build fingerprint is written to the log, so that the
540 // specific build of Chrome and the location of the archived Chrome symbols can
541 // be determined directly from it.
542 bool FinalizeCrashDoneAndroid() {
543 base::android::BuildInfo* android_build_info =
544 base::android::BuildInfo::GetInstance();
546 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
547 "### ### ### ### ### ### ### ### ### ### ### ### ###");
548 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
549 "Chrome build fingerprint:");
550 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
551 android_build_info->package_version_name());
552 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
553 android_build_info->package_version_code());
554 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
556 __android_log_write(ANDROID_LOG_WARN, kGoogleBreakpad,
557 "### ### ### ### ### ### ### ### ### ### ### ### ###");
562 bool CrashDone(const MinidumpDescriptor& minidump,
564 const bool succeeded) {
565 // WARNING: this code runs in a compromised context. It may not call into
566 // libc nor allocate memory normally.
568 const char msg[] = "Failed to generate minidump.";
569 WriteLog(msg, sizeof(msg) - 1);
573 DCHECK(!minidump.IsFD());
575 BreakpadInfo info = {0};
576 info.filename = minidump.path();
577 info.fd = minidump.fd();
578 #if defined(ADDRESS_SANITIZER)
579 google_breakpad::PageAllocator allocator;
580 const size_t log_path_len = my_strlen(minidump.path());
581 char* log_path = reinterpret_cast<char*>(allocator.Alloc(log_path_len + 1));
582 my_memcpy(log_path, minidump.path(), log_path_len);
583 my_memcpy(log_path + log_path_len - 4, ".log", 4);
584 log_path[log_path_len] = '\0';
585 info.log_filename = log_path;
587 info.process_type = "browser";
588 info.process_type_length = 7;
589 info.distro = base::g_linux_distro;
590 info.distro_length = my_strlen(base::g_linux_distro);
591 info.upload = upload;
592 info.process_start_time = g_process_start_time;
593 info.oom_size = base::g_oom_size;
595 info.crash_keys = g_crash_keys;
596 HandleCrashDump(info);
597 #if defined(OS_ANDROID)
598 return FinalizeCrashDoneAndroid();
604 // Wrapper function, do not add more code here.
605 bool CrashDoneNoUpload(const MinidumpDescriptor& minidump,
608 return CrashDone(minidump, false, succeeded);
611 #if !defined(OS_ANDROID)
612 // Wrapper function, do not add more code here.
613 bool CrashDoneUpload(const MinidumpDescriptor& minidump,
616 return CrashDone(minidump, true, succeeded);
620 #if defined(ADDRESS_SANITIZER)
622 void __asan_set_error_report_callback(void (*cb)(const char*));
625 void AsanLinuxBreakpadCallback(const char* report) {
626 g_asan_report_str = report;
627 // Send minidump here.
628 g_breakpad->SimulateSignalDelivery(SIGKILL);
632 void EnableCrashDumping(bool unattended) {
633 g_is_crash_reporter_enabled = true;
635 base::FilePath tmp_path("/tmp");
636 PathService::Get(base::DIR_TEMP, &tmp_path);
638 base::FilePath dumps_path(tmp_path);
639 if (GetBreakpadClient()->GetCrashDumpLocation(&dumps_path)) {
640 base::FilePath logfile =
641 dumps_path.Append(GetBreakpadClient()->GetReporterLogFilename());
642 std::string logfile_str = logfile.value();
643 const size_t crash_log_path_len = logfile_str.size() + 1;
644 g_crash_log_path = new char[crash_log_path_len];
645 strncpy(g_crash_log_path, logfile_str.c_str(), crash_log_path_len);
648 MinidumpDescriptor minidump_descriptor(dumps_path.value());
649 minidump_descriptor.set_size_limit(kMaxMinidumpFileSize);
650 #if defined(OS_ANDROID)
651 unattended = true; // Android never uploads directly.
654 g_breakpad = new ExceptionHandler(
659 true, // Install handlers.
660 -1); // Server file descriptor. -1 for in-process.
664 #if !defined(OS_ANDROID)
666 g_breakpad = new ExceptionHandler(
671 true, // Install handlers.
672 -1); // Server file descriptor. -1 for in-process.
676 #if defined(OS_ANDROID)
677 bool CrashDoneInProcessNoUpload(
678 const google_breakpad::MinidumpDescriptor& descriptor,
680 const bool succeeded) {
681 // WARNING: this code runs in a compromised context. It may not call into
682 // libc nor allocate memory normally.
684 static const char msg[] = "Crash dump generation failed.\n";
685 WriteLog(msg, sizeof(msg) - 1);
689 // Start constructing the message to send to the browser.
690 char distro[kDistroSize + 1] = {0};
691 size_t distro_length = 0;
692 PopulateDistro(distro, &distro_length);
693 BreakpadInfo info = {0};
694 info.filename = NULL;
695 info.fd = descriptor.fd();
696 info.process_type = g_process_type;
697 info.process_type_length = my_strlen(g_process_type);
698 info.distro = distro;
699 info.distro_length = distro_length;
701 info.process_start_time = g_process_start_time;
703 info.crash_keys = g_crash_keys;
704 HandleCrashDump(info);
705 return FinalizeCrashDoneAndroid();
708 void EnableNonBrowserCrashDumping(const std::string& process_type,
710 // This will guarantee that the BuildInfo has been initialized and subsequent
711 // calls will not require memory allocation.
712 base::android::BuildInfo::GetInstance();
713 SetClientIdFromCommandLine(*CommandLine::ForCurrentProcess());
715 // On Android, the current sandboxing uses process isolation, in which the
716 // child process runs with a different UID. That breaks the normal crash
717 // reporting where the browser process generates the minidump by inspecting
718 // the child process. This is because the browser process now does not have
719 // the permission to access the states of the child process (as it has a
721 // TODO(jcivelli): http://b/issue?id=6776356 we should use a watchdog
722 // process forked from the renderer process that generates the minidump.
723 if (minidump_fd == -1) {
724 LOG(ERROR) << "Minidump file descriptor not found, crash reporting will "
728 SetProcessStartTime();
731 g_is_crash_reporter_enabled = true;
732 // Save the process type (it is leaked).
733 const size_t process_type_len = process_type.size() + 1;
734 g_process_type = new char[process_type_len];
735 strncpy(g_process_type, process_type.c_str(), process_type_len);
736 new google_breakpad::ExceptionHandler(MinidumpDescriptor(minidump_fd),
737 NULL, CrashDoneInProcessNoUpload, NULL, true, -1);
740 // Non-Browser = Extension, Gpu, Plugins, Ppapi and Renderer
741 bool NonBrowserCrashHandler(const void* crash_context,
742 size_t crash_context_size,
744 const int fd = reinterpret_cast<intptr_t>(context);
745 int fds[2] = { -1, -1 };
746 if (sys_socketpair(AF_UNIX, SOCK_STREAM, 0, fds) < 0) {
747 static const char msg[] = "Failed to create socket for crash dumping.\n";
748 WriteLog(msg, sizeof(msg) - 1);
752 // Start constructing the message to send to the browser.
753 char distro[kDistroSize + 1] = {0};
754 PopulateDistro(distro, NULL);
756 char b; // Dummy variable for sys_read below.
757 const char* b_addr = &b; // Get the address of |b| so we can create the
758 // expected /proc/[pid]/syscall content in the
759 // browser to convert namespace tids.
761 // The length of the control message:
762 static const unsigned kControlMsgSize = sizeof(fds);
763 static const unsigned kControlMsgSpaceSize = CMSG_SPACE(kControlMsgSize);
764 static const unsigned kControlMsgLenSize = CMSG_LEN(kControlMsgSize);
766 struct kernel_msghdr msg;
767 my_memset(&msg, 0, sizeof(struct kernel_msghdr));
768 struct kernel_iovec iov[kCrashIovSize];
769 iov[0].iov_base = const_cast<void*>(crash_context);
770 iov[0].iov_len = crash_context_size;
771 iov[1].iov_base = distro;
772 iov[1].iov_len = kDistroSize + 1;
773 iov[2].iov_base = &b_addr;
774 iov[2].iov_len = sizeof(b_addr);
775 iov[3].iov_base = &fds[0];
776 iov[3].iov_len = sizeof(fds[0]);
777 iov[4].iov_base = &g_process_start_time;
778 iov[4].iov_len = sizeof(g_process_start_time);
779 iov[5].iov_base = &base::g_oom_size;
780 iov[5].iov_len = sizeof(base::g_oom_size);
781 google_breakpad::SerializedNonAllocatingMap* serialized_map;
782 iov[6].iov_len = g_crash_keys->Serialize(
783 const_cast<const google_breakpad::SerializedNonAllocatingMap**>(
785 iov[6].iov_base = serialized_map;
786 #if defined(ADDRESS_SANITIZER)
787 iov[7].iov_base = const_cast<char*>(g_asan_report_str);
788 iov[7].iov_len = kMaxAsanReportSize + 1;
792 msg.msg_iovlen = kCrashIovSize;
793 char cmsg[kControlMsgSpaceSize];
794 my_memset(cmsg, 0, kControlMsgSpaceSize);
795 msg.msg_control = cmsg;
796 msg.msg_controllen = sizeof(cmsg);
798 struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
799 hdr->cmsg_level = SOL_SOCKET;
800 hdr->cmsg_type = SCM_RIGHTS;
801 hdr->cmsg_len = kControlMsgLenSize;
802 ((int*) CMSG_DATA(hdr))[0] = fds[0];
803 ((int*) CMSG_DATA(hdr))[1] = fds[1];
805 if (HANDLE_EINTR(sys_sendmsg(fd, &msg, 0)) < 0) {
806 static const char errmsg[] = "Failed to tell parent about crash.\n";
807 WriteLog(errmsg, sizeof(errmsg) - 1);
808 IGNORE_RET(sys_close(fds[1]));
811 IGNORE_RET(sys_close(fds[1]));
813 if (HANDLE_EINTR(sys_read(fds[0], &b, 1)) != 1) {
814 static const char errmsg[] = "Parent failed to complete crash dump.\n";
815 WriteLog(errmsg, sizeof(errmsg) - 1);
821 void EnableNonBrowserCrashDumping() {
822 const int fd = base::GlobalDescriptors::GetInstance()->Get(kCrashDumpSignal);
823 g_is_crash_reporter_enabled = true;
824 // We deliberately leak this object.
827 g_breakpad = new ExceptionHandler(
828 MinidumpDescriptor("/tmp"), // Unused but needed or Breakpad will assert.
831 reinterpret_cast<void*>(fd), // Param passed to the crash handler.
834 g_breakpad->set_crash_handler(NonBrowserCrashHandler);
836 #endif // defined(OS_ANDROID)
838 void SetCrashKeyValue(const base::StringPiece& key,
839 const base::StringPiece& value) {
840 g_crash_keys->SetKeyValue(key.data(), value.data());
843 void ClearCrashKey(const base::StringPiece& key) {
844 g_crash_keys->RemoveKey(key.data());
849 void LoadDataFromFD(google_breakpad::PageAllocator& allocator,
850 int fd, bool close_fd, uint8_t** file_data, size_t* size) {
852 if (FSTAT_FUNC(fd, &st) != 0) {
853 static const char msg[] = "Cannot upload crash dump: stat failed\n";
854 WriteLog(msg, sizeof(msg) - 1);
856 IGNORE_RET(sys_close(fd));
860 *file_data = reinterpret_cast<uint8_t*>(allocator.Alloc(st.st_size));
862 static const char msg[] = "Cannot upload crash dump: cannot alloc\n";
863 WriteLog(msg, sizeof(msg) - 1);
865 IGNORE_RET(sys_close(fd));
868 my_memset(*file_data, 0xf, st.st_size);
871 int byte_read = sys_read(fd, *file_data, *size);
872 if (byte_read == -1) {
873 static const char msg[] = "Cannot upload crash dump: read failed\n";
874 WriteLog(msg, sizeof(msg) - 1);
876 IGNORE_RET(sys_close(fd));
881 IGNORE_RET(sys_close(fd));
884 void LoadDataFromFile(google_breakpad::PageAllocator& allocator,
885 const char* filename,
886 int* fd, uint8_t** file_data, size_t* size) {
887 // WARNING: this code runs in a compromised context. It may not call into
888 // libc nor allocate memory normally.
889 *fd = sys_open(filename, O_RDONLY, 0);
893 static const char msg[] = "Cannot upload crash dump: failed to open\n";
894 WriteLog(msg, sizeof(msg) - 1);
898 LoadDataFromFD(allocator, *fd, true, file_data, size);
901 // Spawn the appropriate upload process for the current OS:
902 // - generic Linux invokes wget.
903 // - ChromeOS invokes crash_reporter.
904 // |dumpfile| is the path to the dump data file.
905 // |mime_boundary| is only used on Linux.
906 // |exe_buf| is only used on CrOS and is the crashing process' name.
907 void ExecUploadProcessOrTerminate(const BreakpadInfo& info,
908 const char* dumpfile,
909 const char* mime_boundary,
911 google_breakpad::PageAllocator* allocator) {
912 #if defined(OS_CHROMEOS)
913 // CrOS uses crash_reporter instead of wget to report crashes,
914 // it needs to know where the crash dump lives and the pid and uid of the
916 static const char kCrashReporterBinary[] = "/sbin/crash_reporter";
918 char pid_buf[kUint64StringSize];
919 uint64_t pid_str_length = my_uint64_len(info.pid);
920 my_uint64tos(pid_buf, info.pid, pid_str_length);
921 pid_buf[pid_str_length] = '\0';
923 char uid_buf[kUint64StringSize];
924 uid_t uid = geteuid();
925 uint64_t uid_str_length = my_uint64_len(uid);
926 my_uint64tos(uid_buf, uid, uid_str_length);
927 uid_buf[uid_str_length] = '\0';
928 const char* args[] = {
929 kCrashReporterBinary,
940 static const char msg[] = "Cannot upload crash dump: cannot exec "
941 "/sbin/crash_reporter\n";
943 // The --header argument to wget looks like:
944 // --header=Content-Type: multipart/form-data; boundary=XYZ
945 // where the boundary has two fewer leading '-' chars
946 static const char header_msg[] =
947 "--header=Content-Type: multipart/form-data; boundary=";
948 char* const header = reinterpret_cast<char*>(allocator->Alloc(
949 sizeof(header_msg) - 1 + strlen(mime_boundary) - 2 + 1));
950 memcpy(header, header_msg, sizeof(header_msg) - 1);
951 memcpy(header + sizeof(header_msg) - 1, mime_boundary + 2,
952 strlen(mime_boundary) - 2);
953 // We grab the NUL byte from the end of |mime_boundary|.
955 // The --post-file argument to wget looks like:
956 // --post-file=/tmp/...
957 static const char post_file_msg[] = "--post-file=";
958 char* const post_file = reinterpret_cast<char*>(allocator->Alloc(
959 sizeof(post_file_msg) - 1 + strlen(dumpfile) + 1));
960 memcpy(post_file, post_file_msg, sizeof(post_file_msg) - 1);
961 memcpy(post_file + sizeof(post_file_msg) - 1, dumpfile, strlen(dumpfile));
963 static const char kWgetBinary[] = "/usr/bin/wget";
964 const char* args[] = {
969 "--timeout=10", // Set a timeout so we don't hang forever.
970 "--tries=1", // Don't retry if the upload fails.
971 "-O", // output reply to fd 3
975 static const char msg[] = "Cannot upload crash dump: cannot exec "
978 execve(args[0], const_cast<char**>(args), environ);
979 WriteLog(msg, sizeof(msg) - 1);
983 #if defined(OS_CHROMEOS)
984 const char* GetCrashingProcessName(const BreakpadInfo& info,
985 google_breakpad::PageAllocator* allocator) {
986 // Symlink to process binary is at /proc/###/exe.
987 char linkpath[kUint64StringSize + sizeof("/proc/") + sizeof("/exe")] =
989 uint64_t pid_value_len = my_uint64_len(info.pid);
990 my_uint64tos(linkpath + sizeof("/proc/") - 1, info.pid, pid_value_len);
991 linkpath[sizeof("/proc/") - 1 + pid_value_len] = '\0';
992 my_strlcat(linkpath, "/exe", sizeof(linkpath));
994 const int kMaxSize = 4096;
995 char* link = reinterpret_cast<char*>(allocator->Alloc(kMaxSize));
997 ssize_t size = readlink(linkpath, link, kMaxSize);
998 if (size < kMaxSize && size > 0) {
999 // readlink(2) doesn't add a terminating NUL, so do it now.
1002 const char* name = my_strrchr(link, '/');
1008 // Either way too long, or a read error.
1009 return "chrome-crash-unknown-process";
1013 void HandleCrashDump(const BreakpadInfo& info) {
1015 bool keep_fd = false;
1018 google_breakpad::PageAllocator allocator;
1019 const char* exe_buf = NULL;
1021 #if defined(OS_CHROMEOS)
1022 // Grab the crashing process' name now, when it should still be available.
1023 // If we try to do this later in our grandchild the crashing process has
1024 // already terminated.
1025 exe_buf = GetCrashingProcessName(info, &allocator);
1028 if (info.fd != -1) {
1029 // Dump is provided with an open FD.
1033 // The FD is pointing to the end of the file.
1034 // Rewind, we'll read the data next.
1035 if (lseek(dumpfd, 0, SEEK_SET) == -1) {
1036 static const char msg[] = "Cannot upload crash dump: failed to "
1037 "reposition minidump FD\n";
1038 WriteLog(msg, sizeof(msg) - 1);
1039 IGNORE_RET(sys_close(dumpfd));
1042 LoadDataFromFD(allocator, info.fd, false, &dump_data, &dump_size);
1044 // Dump is provided with a path.
1046 LoadDataFromFile(allocator, info.filename, &dumpfd, &dump_data, &dump_size);
1049 // TODO(jcivelli): make log work when using FDs.
1050 #if defined(ADDRESS_SANITIZER)
1054 // Load the AddressSanitizer log into log_data.
1055 LoadDataFromFile(allocator, info.log_filename, &logfd, &log_data, &log_size);
1058 // We need to build a MIME block for uploading to the server. Since we are
1059 // going to fork and run wget, it needs to be written to a temp file.
1060 const int ufd = sys_open("/dev/urandom", O_RDONLY, 0);
1062 static const char msg[] = "Cannot upload crash dump because /dev/urandom"
1064 WriteLog(msg, sizeof(msg) - 1);
1068 static const char temp_file_template[] =
1069 "/tmp/chromium-upload-XXXXXXXXXXXXXXXX";
1070 char temp_file[sizeof(temp_file_template)];
1071 int temp_file_fd = -1;
1073 temp_file_fd = dumpfd;
1074 // Rewind the destination, we are going to overwrite it.
1075 if (lseek(dumpfd, 0, SEEK_SET) == -1) {
1076 static const char msg[] = "Cannot upload crash dump: failed to "
1077 "reposition minidump FD (2)\n";
1078 WriteLog(msg, sizeof(msg) - 1);
1079 IGNORE_RET(sys_close(dumpfd));
1084 memcpy(temp_file, temp_file_template, sizeof(temp_file_template));
1086 for (unsigned i = 0; i < 10; ++i) {
1088 sys_read(ufd, &t, sizeof(t));
1089 write_uint64_hex(temp_file + sizeof(temp_file) - (16 + 1), t);
1091 temp_file_fd = sys_open(temp_file, O_WRONLY | O_CREAT | O_EXCL, 0600);
1092 if (temp_file_fd >= 0)
1096 if (temp_file_fd < 0) {
1097 static const char msg[] = "Failed to create temporary file in /tmp: "
1098 "cannot upload crash dump\n";
1099 WriteLog(msg, sizeof(msg) - 1);
1100 IGNORE_RET(sys_close(ufd));
1104 temp_file_fd = sys_open(info.filename, O_WRONLY, 0600);
1105 if (temp_file_fd < 0) {
1106 static const char msg[] = "Failed to save crash dump: failed to open\n";
1107 WriteLog(msg, sizeof(msg) - 1);
1108 IGNORE_RET(sys_close(ufd));
1114 // The MIME boundary is 28 hyphens, followed by a 64-bit nonce and a NUL.
1115 char mime_boundary[28 + 16 + 1];
1116 my_memset(mime_boundary, '-', 28);
1117 uint64_t boundary_rand;
1118 sys_read(ufd, &boundary_rand, sizeof(boundary_rand));
1119 write_uint64_hex(mime_boundary + 28, boundary_rand);
1120 mime_boundary[28 + 16] = 0;
1121 IGNORE_RET(sys_close(ufd));
1123 // The MIME block looks like this:
1125 // Content-Disposition: form-data; name="prod" \r\n \r\n
1126 // Chrome_Linux \r\n
1128 // Content-Disposition: form-data; name="ver" \r\n \r\n
1133 // Content-Disposition: form-data; name="ptime" \r\n \r\n
1138 // Content-Disposition: form-data; name="ptype" \r\n \r\n
1143 // Content-Disposition: form-data; name="lsb-release" \r\n \r\n
1148 // Content-Disposition: form-data; name="oom-size" \r\n \r\n
1152 // zero or more (up to CrashKeyStorage::num_entries = 64):
1153 // Content-Disposition: form-data; name=crash-key-name \r\n
1154 // crash-key-value \r\n
1157 // Content-Disposition: form-data; name="dump"; filename="dump" \r\n
1158 // Content-Type: application/octet-stream \r\n \r\n
1160 // \r\n BOUNDARY -- \r\n
1162 #if defined(OS_CHROMEOS)
1163 CrashReporterWriter writer(temp_file_fd);
1165 MimeWriter writer(temp_file_fd, mime_boundary);
1168 std::string product_name;
1169 std::string version;
1171 GetBreakpadClient()->GetProductNameAndVersion(&product_name, &version);
1173 writer.AddBoundary();
1174 writer.AddPairString("prod", product_name.c_str());
1175 writer.AddBoundary();
1176 writer.AddPairString("ver", version.c_str());
1177 writer.AddBoundary();
1179 char pid_value_buf[kUint64StringSize];
1180 uint64_t pid_value_len = my_uint64_len(info.pid);
1181 my_uint64tos(pid_value_buf, info.pid, pid_value_len);
1182 static const char pid_key_name[] = "pid";
1183 writer.AddPairData(pid_key_name, sizeof(pid_key_name) - 1,
1184 pid_value_buf, pid_value_len);
1185 writer.AddBoundary();
1187 #if defined(OS_ANDROID)
1188 // Addtional MIME blocks are added for logging on Android devices.
1189 static const char android_build_id[] = "android_build_id";
1190 static const char android_build_fp[] = "android_build_fp";
1191 static const char device[] = "device";
1192 static const char model[] = "model";
1193 static const char brand[] = "brand";
1194 static const char exception_info[] = "exception_info";
1196 base::android::BuildInfo* android_build_info =
1197 base::android::BuildInfo::GetInstance();
1198 writer.AddPairString(
1199 android_build_id, android_build_info->android_build_id());
1200 writer.AddBoundary();
1201 writer.AddPairString(
1202 android_build_fp, android_build_info->android_build_fp());
1203 writer.AddBoundary();
1204 writer.AddPairString(device, android_build_info->device());
1205 writer.AddBoundary();
1206 writer.AddPairString(model, android_build_info->model());
1207 writer.AddBoundary();
1208 writer.AddPairString(brand, android_build_info->brand());
1209 writer.AddBoundary();
1210 if (android_build_info->java_exception_info() != NULL) {
1211 writer.AddPairString(exception_info,
1212 android_build_info->java_exception_info());
1213 writer.AddBoundary();
1219 if (info.process_start_time > 0) {
1220 struct kernel_timeval tv;
1221 if (!sys_gettimeofday(&tv, NULL)) {
1222 uint64_t time = kernel_timeval_to_ms(&tv);
1223 if (time > info.process_start_time) {
1224 time -= info.process_start_time;
1225 char time_str[kUint64StringSize];
1226 const unsigned time_len = my_uint64_len(time);
1227 my_uint64tos(time_str, time, time_len);
1229 static const char process_time_msg[] = "ptime";
1230 writer.AddPairData(process_time_msg, sizeof(process_time_msg) - 1,
1231 time_str, time_len);
1232 writer.AddBoundary();
1238 if (info.process_type_length) {
1239 writer.AddPairString("ptype", info.process_type);
1240 writer.AddBoundary();
1244 if (info.distro_length) {
1245 static const char distro_msg[] = "lsb-release";
1246 writer.AddPairString(distro_msg, info.distro);
1247 writer.AddBoundary();
1251 if (info.oom_size) {
1252 char oom_size_str[kUint64StringSize];
1253 const unsigned oom_size_len = my_uint64_len(info.oom_size);
1254 my_uint64tos(oom_size_str, info.oom_size, oom_size_len);
1255 static const char oom_size_msg[] = "oom-size";
1256 writer.AddPairData(oom_size_msg, sizeof(oom_size_msg) - 1,
1257 oom_size_str, oom_size_len);
1258 writer.AddBoundary();
1262 if (info.crash_keys) {
1263 CrashKeyStorage::Iterator crash_key_iterator(*info.crash_keys);
1264 const CrashKeyStorage::Entry* entry;
1265 while ((entry = crash_key_iterator.Next())) {
1266 writer.AddPairString(entry->key, entry->value);
1267 writer.AddBoundary();
1272 writer.AddFileContents(g_dump_msg, dump_data, dump_size);
1273 #if defined(ADDRESS_SANITIZER)
1274 // Append a multipart boundary and the contents of the AddressSanitizer log.
1275 writer.AddBoundary();
1276 writer.AddFileContents(g_log_msg, log_data, log_size);
1281 IGNORE_RET(sys_close(temp_file_fd));
1283 #if defined(OS_ANDROID)
1284 if (info.filename) {
1285 int filename_length = my_strlen(info.filename);
1287 // If this was a file, we need to copy it to the right place and use the
1288 // right file name so it gets uploaded by the browser.
1289 const char msg[] = "Output crash dump file:";
1290 WriteLog(msg, sizeof(msg) - 1);
1291 WriteLog(info.filename, filename_length - 1);
1293 char pid_buf[kUint64StringSize];
1294 uint64_t pid_str_length = my_uint64_len(info.pid);
1295 my_uint64tos(pid_buf, info.pid, pid_str_length);
1297 // -1 because we won't need the null terminator on the original filename.
1298 unsigned done_filename_len = filename_length - 1 + pid_str_length;
1299 char* done_filename = reinterpret_cast<char*>(
1300 allocator.Alloc(done_filename_len));
1301 // Rename the file such that the pid is the suffix in order signal to other
1302 // processes that the minidump is complete. The advantage of using the pid
1303 // as the suffix is that it is trivial to associate the minidump with the
1305 // Finally, note strncpy prevents null terminators from
1306 // being copied. Pad the rest with 0's.
1307 my_strncpy(done_filename, info.filename, done_filename_len);
1308 // Append the suffix a null terminator should be added.
1309 my_strncat(done_filename, pid_buf, pid_str_length);
1310 // Rename the minidump file to signal that it is complete.
1311 if (rename(info.filename, done_filename)) {
1312 const char failed_msg[] = "Failed to rename:";
1313 WriteLog(failed_msg, sizeof(failed_msg) - 1);
1314 WriteLog(info.filename, filename_length - 1);
1315 const char to_msg[] = "to";
1316 WriteLog(to_msg, sizeof(to_msg) - 1);
1317 WriteLog(done_filename, done_filename_len - 1);
1325 const pid_t child = sys_fork();
1327 // Spawned helper process.
1329 // This code is called both when a browser is crashing (in which case,
1330 // nothing really matters any more) and when a renderer/plugin crashes, in
1331 // which case we need to continue.
1333 // Since we are a multithreaded app, if we were just to fork(), we might
1334 // grab file descriptors which have just been created in another thread and
1335 // hold them open for too long.
1337 // Thus, we have to loop and try and close everything.
1338 const int fd = sys_open("/proc/self/fd", O_DIRECTORY | O_RDONLY, 0);
1340 for (unsigned i = 3; i < 8192; ++i)
1341 IGNORE_RET(sys_close(i));
1343 google_breakpad::DirectoryReader reader(fd);
1345 while (reader.GetNextEntry(&name)) {
1347 if (my_strtoui(&i, name) && i > 2 && i != fd)
1348 IGNORE_RET(sys_close(i));
1352 IGNORE_RET(sys_close(fd));
1355 IGNORE_RET(sys_setsid());
1357 // Leave one end of a pipe in the upload process and watch for it getting
1358 // closed by the upload process exiting.
1360 if (sys_pipe(fds) >= 0) {
1361 const pid_t upload_child = sys_fork();
1362 if (!upload_child) {
1364 IGNORE_RET(sys_close(fds[0]));
1365 IGNORE_RET(sys_dup2(fds[1], 3));
1366 ExecUploadProcessOrTerminate(info, temp_file, mime_boundary, exe_buf,
1371 if (upload_child > 0) {
1372 IGNORE_RET(sys_close(fds[1]));
1373 char id_buf[17]; // Crash report IDs are expected to be 16 chars.
1375 // Upload should finish in about 10 seconds. Add a few more 500 ms
1376 // internals to account for process startup time.
1377 for (size_t wait_count = 0; wait_count < 24; ++wait_count) {
1378 struct kernel_pollfd poll_fd;
1379 poll_fd.fd = fds[0];
1380 poll_fd.events = POLLIN | POLLPRI | POLLERR;
1381 int ret = sys_poll(&poll_fd, 1, 500);
1385 } else if (ret > 0) {
1386 // There is data to read.
1387 len = HANDLE_EINTR(sys_read(fds[0], id_buf, sizeof(id_buf) - 1));
1390 // ret == 0 -> timed out, continue waiting.
1393 // Write crash dump id to stderr.
1395 static const char msg[] = "\nCrash dump id: ";
1396 WriteLog(msg, sizeof(msg) - 1);
1397 WriteLog(id_buf, my_strlen(id_buf));
1400 // Write crash dump id to crash log as: seconds_since_epoch,crash_id
1401 struct kernel_timeval tv;
1402 if (g_crash_log_path && !sys_gettimeofday(&tv, NULL)) {
1403 uint64_t time = kernel_timeval_to_ms(&tv) / 1000;
1404 char time_str[kUint64StringSize];
1405 const unsigned time_len = my_uint64_len(time);
1406 my_uint64tos(time_str, time, time_len);
1408 int log_fd = sys_open(g_crash_log_path,
1409 O_CREAT | O_WRONLY | O_APPEND,
1412 sys_write(log_fd, time_str, time_len);
1413 sys_write(log_fd, ",", 1);
1414 sys_write(log_fd, id_buf, my_strlen(id_buf));
1415 sys_write(log_fd, "\n", 1);
1416 IGNORE_RET(sys_close(log_fd));
1420 if (sys_waitpid(upload_child, NULL, WNOHANG) == 0) {
1421 // Upload process is still around, kill it.
1422 sys_kill(upload_child, SIGKILL);
1428 IGNORE_RET(sys_unlink(info.filename));
1429 #if defined(ADDRESS_SANITIZER)
1430 IGNORE_RET(sys_unlink(info.log_filename));
1432 IGNORE_RET(sys_unlink(temp_file));
1436 // Main browser process.
1439 (void) HANDLE_EINTR(sys_waitpid(child, NULL, 0));
1442 void InitCrashReporter(const std::string& process_type) {
1443 #if defined(OS_ANDROID)
1444 // This will guarantee that the BuildInfo has been initialized and subsequent
1445 // calls will not require memory allocation.
1446 base::android::BuildInfo::GetInstance();
1448 // Determine the process type and take appropriate action.
1449 const CommandLine& parsed_command_line = *CommandLine::ForCurrentProcess();
1450 if (parsed_command_line.HasSwitch(switches::kDisableBreakpad))
1453 if (process_type.empty()) {
1454 bool enable_breakpad = GetBreakpadClient()->GetCollectStatsConsent() ||
1455 GetBreakpadClient()->IsRunningUnattended();
1457 !parsed_command_line.HasSwitch(switches::kDisableBreakpad);
1458 if (!enable_breakpad) {
1459 enable_breakpad = parsed_command_line.HasSwitch(
1460 switches::kEnableCrashReporterForTesting);
1462 if (!enable_breakpad) {
1463 VLOG(1) << "Breakpad disabled";
1467 EnableCrashDumping(GetBreakpadClient()->IsRunningUnattended());
1468 } else if (GetBreakpadClient()->EnableBreakpadForProcess(process_type)) {
1469 #if defined(OS_ANDROID)
1470 NOTREACHED() << "Breakpad initialized with InitCrashReporter() instead of "
1471 "InitNonBrowserCrashReporter in " << process_type << " process.";
1474 // We might be chrooted in a zygote or renderer process so we cannot call
1475 // GetCollectStatsConsent because that needs access the the user's home
1476 // dir. Instead, we set a command line flag for these processes.
1477 // Even though plugins are not chrooted, we share the same code path for
1479 if (!parsed_command_line.HasSwitch(switches::kEnableCrashReporter))
1481 SetClientIdFromCommandLine(parsed_command_line);
1482 EnableNonBrowserCrashDumping();
1483 VLOG(1) << "Non Browser crash dumping enabled for: " << process_type;
1484 #endif // #if defined(OS_ANDROID)
1487 SetProcessStartTime();
1490 base::debug::SetDumpWithoutCrashingFunction(&DumpProcess);
1491 #if defined(ADDRESS_SANITIZER)
1492 // Register the callback for AddressSanitizer error reporting.
1493 __asan_set_error_report_callback(AsanLinuxBreakpadCallback);
1496 g_crash_keys = new CrashKeyStorage;
1497 GetBreakpadClient()->RegisterCrashKeys();
1498 base::debug::SetCrashKeyReportingFunctions(
1499 &SetCrashKeyValue, &ClearCrashKey);
1502 #if defined(OS_ANDROID)
1503 void InitNonBrowserCrashReporterForAndroid(const std::string& process_type) {
1504 const CommandLine* command_line = CommandLine::ForCurrentProcess();
1505 if (command_line->HasSwitch(switches::kEnableCrashReporter)) {
1506 // On Android we need to provide a FD to the file where the minidump is
1507 // generated as the renderer and browser run with different UIDs
1508 // (preventing the browser from inspecting the renderer process).
1509 int minidump_fd = base::GlobalDescriptors::GetInstance()->MaybeGet(
1510 GetBreakpadClient()->GetAndroidMinidumpDescriptor());
1511 if (minidump_fd == base::kInvalidPlatformFileValue) {
1512 NOTREACHED() << "Could not find minidump FD, crash reporting disabled.";
1514 EnableNonBrowserCrashDumping(process_type, minidump_fd);
1518 #endif // OS_ANDROID
1520 bool IsCrashReporterEnabled() {
1521 return g_is_crash_reporter_enabled;
1524 } // namespace breakpad