1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // For linux_syscall_support.h. This makes it safe to call embedded system
6 // calls when in seccomp mode.
8 #include "components/crash/app/breakpad_linux.h"
14 #include <sys/socket.h>
16 #include <sys/types.h>
25 #include "base/base_switches.h"
26 #include "base/command_line.h"
27 #include "base/debug/crash_logging.h"
28 #include "base/debug/dump_without_crashing.h"
29 #include "base/files/file_path.h"
30 #include "base/linux_util.h"
31 #include "base/path_service.h"
32 #include "base/posix/eintr_wrapper.h"
33 #include "base/posix/global_descriptors.h"
34 #include "base/process/memory.h"
35 #include "base/strings/string_util.h"
36 #include "breakpad/src/client/linux/crash_generation/crash_generation_client.h"
37 #include "breakpad/src/client/linux/handler/exception_handler.h"
38 #include "breakpad/src/client/linux/minidump_writer/directory_reader.h"
39 #include "breakpad/src/common/linux/linux_libc_support.h"
40 #include "breakpad/src/common/memory.h"
41 #include "build/build_config.h"
42 #include "components/crash/app/breakpad_linux_impl.h"
43 #include "components/crash/app/crash_reporter_client.h"
44 #include "content/public/common/content_descriptors.h"
46 #if defined(OS_ANDROID)
47 #include <android/log.h>
50 #include "base/android/build_info.h"
51 #include "base/android/path_utils.h"
52 #include "base/debug/leak_annotations.h"
54 #include "third_party/lss/linux_syscall_support.h"
56 #if defined(ADDRESS_SANITIZER)
57 #include <ucontext.h> // for getcontext().
60 #if defined(OS_ANDROID)
61 #define STAT_STRUCT struct stat
62 #define FSTAT_FUNC fstat
64 #define STAT_STRUCT struct kernel_stat
65 #define FSTAT_FUNC sys_fstat
68 // Some versions of gcc are prone to warn about unused return values. In cases
69 // where we either a) know the call cannot fail, or b) there is nothing we
70 // can do when a call fails, we mark the return code as ignored. This avoids
71 // spurious compiler warnings.
72 #define IGNORE_RET(x) do { if (x); } while (0)
74 using crash_reporter::GetCrashReporterClient
;
75 using google_breakpad::ExceptionHandler
;
76 using google_breakpad::MinidumpDescriptor
;
82 #if !defined(OS_CHROMEOS)
83 const char kUploadURL
[] = "https://clients2.google.com/cr/report";
86 bool g_is_crash_reporter_enabled
= false;
87 uint64_t g_process_start_time
= 0;
89 char* g_crash_log_path
= nullptr;
90 ExceptionHandler
* g_breakpad
= nullptr;
92 #if defined(ADDRESS_SANITIZER)
93 const char* g_asan_report_str
= nullptr;
95 #if defined(OS_ANDROID)
96 char* g_process_type
= nullptr;
97 ExceptionHandler
* g_microdump
= nullptr;
98 const char* g_microdump_build_fingerprint
= nullptr;
99 const char* g_microdump_product_info
= nullptr;
102 CrashKeyStorage
* g_crash_keys
= nullptr;
104 // Writes the value |v| as 16 hex characters to the memory pointed at by
106 void write_uint64_hex(char* output
, uint64_t v
) {
107 static const char hextable
[] = "0123456789abcdef";
109 for (int i
= 15; i
>= 0; --i
) {
110 output
[i
] = hextable
[v
& 15];
115 // The following helper functions are for calculating uptime.
117 // Converts a struct timeval to milliseconds.
118 uint64_t timeval_to_ms(struct timeval
*tv
) {
119 uint64_t ret
= tv
->tv_sec
; // Avoid overflow by explicitly using a uint64_t.
121 ret
+= tv
->tv_usec
/ 1000;
125 // Converts a struct timeval to milliseconds.
126 uint64_t kernel_timeval_to_ms(struct kernel_timeval
*tv
) {
127 uint64_t ret
= tv
->tv_sec
; // Avoid overflow by explicitly using a uint64_t.
129 ret
+= tv
->tv_usec
/ 1000;
133 // String buffer size to use to convert a uint64_t to string.
134 const size_t kUint64StringSize
= 21;
136 void SetProcessStartTime() {
137 // Set the base process start time value.
139 if (!gettimeofday(&tv
, nullptr))
140 g_process_start_time
= timeval_to_ms(&tv
);
142 g_process_start_time
= 0;
145 // uint64_t version of my_int_len() from
146 // breakpad/src/common/linux/linux_libc_support.h. Return the length of the
147 // given, non-negative integer when expressed in base 10.
148 unsigned my_uint64_len(uint64_t i
) {
161 // uint64_t version of my_uitos() from
162 // breakpad/src/common/linux/linux_libc_support.h. Convert a non-negative
163 // integer to a string (not null-terminated).
164 void my_uint64tos(char* output
, uint64_t i
, unsigned i_len
) {
165 for (unsigned index
= i_len
; index
; --index
, i
/= 10)
166 output
[index
- 1] = '0' + (i
% 10);
169 #if !defined(OS_CHROMEOS)
170 bool my_isxdigit(char c
) {
171 return (c
>= '0' && c
<= '9') || ((c
| 0x20) >= 'a' && (c
| 0x20) <= 'f');
175 size_t LengthWithoutTrailingSpaces(const char* str
, size_t len
) {
176 while (len
> 0 && str
[len
- 1] == ' ') {
182 void SetClientIdFromCommandLine(const base::CommandLine
& command_line
) {
183 // Get the guid from the command line switch.
184 std::string switch_value
=
185 command_line
.GetSwitchValueASCII(switches::kEnableCrashReporter
);
186 GetCrashReporterClient()->SetCrashReporterClientIdFromGUID(switch_value
);
190 #if defined(OS_CHROMEOS)
191 const char g_sep
[] = ":";
193 const char g_rn
[] = "\r\n";
194 const char g_form_data_msg
[] = "Content-Disposition: form-data; name=\"";
195 const char g_quote_msg
[] = "\"";
196 const char g_dashdash_msg
[] = "--";
197 const char g_dump_msg
[] = "upload_file_minidump\"; filename=\"dump\"";
198 #if defined(ADDRESS_SANITIZER)
199 const char g_log_msg
[] = "upload_file_log\"; filename=\"log\"";
201 const char g_content_type_msg
[] = "Content-Type: application/octet-stream";
203 // MimeWriter manages an iovec for writing MIMEs to a file.
206 static const int kIovCapacity
= 30;
207 static const size_t kMaxCrashChunkSize
= 64;
209 MimeWriter(int fd
, const char* const mime_boundary
);
213 virtual void AddBoundary();
215 // Append end of file boundary.
216 virtual void AddEnd();
218 // Append key/value pair with specified sizes.
219 virtual void AddPairData(const char* msg_type
,
220 size_t msg_type_size
,
221 const char* msg_data
,
222 size_t msg_data_size
);
224 // Append key/value pair.
225 void AddPairString(const char* msg_type
,
226 const char* msg_data
) {
227 AddPairData(msg_type
, my_strlen(msg_type
), msg_data
, my_strlen(msg_data
));
230 // Append key/value pair, splitting value into chunks no larger than
231 // |chunk_size|. |chunk_size| cannot be greater than |kMaxCrashChunkSize|.
232 // The msg_type string will have a counter suffix to distinguish each chunk.
233 virtual void AddPairDataInChunks(const char* msg_type
,
234 size_t msg_type_size
,
235 const char* msg_data
,
236 size_t msg_data_size
,
238 bool strip_trailing_spaces
);
240 // Add binary file contents to be uploaded with the specified filename.
241 virtual void AddFileContents(const char* filename_msg
,
245 // Flush any pending iovecs to the output file.
247 IGNORE_RET(sys_writev(fd_
, iov_
, iov_index_
));
252 void AddItem(const void* base
, size_t size
);
253 // Minor performance trade-off for easier-to-maintain code.
254 void AddString(const char* str
) {
255 AddItem(str
, my_strlen(str
));
257 void AddItemWithoutTrailingSpaces(const void* base
, size_t size
);
259 struct kernel_iovec iov_
[kIovCapacity
];
262 // Output file descriptor.
265 const char* const mime_boundary_
;
268 DISALLOW_COPY_AND_ASSIGN(MimeWriter
);
271 MimeWriter::MimeWriter(int fd
, const char* const mime_boundary
)
274 mime_boundary_(mime_boundary
) {
277 MimeWriter::~MimeWriter() {
280 void MimeWriter::AddBoundary() {
281 AddString(mime_boundary_
);
285 void MimeWriter::AddEnd() {
286 AddString(mime_boundary_
);
287 AddString(g_dashdash_msg
);
291 void MimeWriter::AddPairData(const char* msg_type
,
292 size_t msg_type_size
,
293 const char* msg_data
,
294 size_t msg_data_size
) {
295 AddString(g_form_data_msg
);
296 AddItem(msg_type
, msg_type_size
);
297 AddString(g_quote_msg
);
300 AddItem(msg_data
, msg_data_size
);
304 void MimeWriter::AddPairDataInChunks(const char* msg_type
,
305 size_t msg_type_size
,
306 const char* msg_data
,
307 size_t msg_data_size
,
309 bool strip_trailing_spaces
) {
310 if (chunk_size
> kMaxCrashChunkSize
)
314 size_t done
= 0, msg_length
= msg_data_size
;
317 char num
[kUint64StringSize
];
318 const unsigned num_len
= my_uint_len(++i
);
319 my_uitos(num
, i
, num_len
);
321 size_t chunk_len
= std::min(chunk_size
, msg_length
);
323 AddString(g_form_data_msg
);
324 AddItem(msg_type
, msg_type_size
);
325 AddItem(num
, num_len
);
326 AddString(g_quote_msg
);
329 if (strip_trailing_spaces
) {
330 AddItemWithoutTrailingSpaces(msg_data
+ done
, chunk_len
);
332 AddItem(msg_data
+ done
, chunk_len
);
339 msg_length
-= chunk_len
;
343 void MimeWriter::AddFileContents(const char* filename_msg
, uint8_t* file_data
,
345 AddString(g_form_data_msg
);
346 AddString(filename_msg
);
348 AddString(g_content_type_msg
);
351 AddItem(file_data
, file_size
);
355 void MimeWriter::AddItem(const void* base
, size_t size
) {
356 // Check if the iovec is full and needs to be flushed to output file.
357 if (iov_index_
== kIovCapacity
) {
360 iov_
[iov_index_
].iov_base
= const_cast<void*>(base
);
361 iov_
[iov_index_
].iov_len
= size
;
365 void MimeWriter::AddItemWithoutTrailingSpaces(const void* base
, size_t size
) {
366 AddItem(base
, LengthWithoutTrailingSpaces(static_cast<const char*>(base
),
370 #if defined(OS_CHROMEOS)
371 // This subclass is used on Chromium OS to report crashes in a format easy for
372 // the central crash reporting facility to understand.
373 // Format is <name>:<data length in decimal>:<data>
374 class CrashReporterWriter
: public MimeWriter
{
376 explicit CrashReporterWriter(int fd
);
378 void AddBoundary() override
;
380 void AddEnd() override
;
382 void AddPairData(const char* msg_type
,
383 size_t msg_type_size
,
384 const char* msg_data
,
385 size_t msg_data_size
) override
;
387 void AddPairDataInChunks(const char* msg_type
,
388 size_t msg_type_size
,
389 const char* msg_data
,
390 size_t msg_data_size
,
392 bool strip_trailing_spaces
) override
;
394 void AddFileContents(const char* filename_msg
,
396 size_t file_size
) override
;
399 DISALLOW_COPY_AND_ASSIGN(CrashReporterWriter
);
403 CrashReporterWriter::CrashReporterWriter(int fd
) : MimeWriter(fd
, "") {}
406 void CrashReporterWriter::AddBoundary() {}
407 void CrashReporterWriter::AddEnd() {}
409 void CrashReporterWriter::AddPairData(const char* msg_type
,
410 size_t msg_type_size
,
411 const char* msg_data
,
412 size_t msg_data_size
) {
413 char data
[kUint64StringSize
];
414 const unsigned data_len
= my_uint_len(msg_data_size
);
415 my_uitos(data
, msg_data_size
, data_len
);
417 AddItem(msg_type
, msg_type_size
);
419 AddItem(data
, data_len
);
421 AddItem(msg_data
, msg_data_size
);
425 void CrashReporterWriter::AddPairDataInChunks(const char* msg_type
,
426 size_t msg_type_size
,
427 const char* msg_data
,
428 size_t msg_data_size
,
430 bool strip_trailing_spaces
) {
431 if (chunk_size
> kMaxCrashChunkSize
)
436 size_t msg_length
= msg_data_size
;
439 char num
[kUint64StringSize
];
440 const unsigned num_len
= my_uint_len(++i
);
441 my_uitos(num
, i
, num_len
);
443 size_t chunk_len
= std::min(chunk_size
, msg_length
);
445 size_t write_len
= chunk_len
;
446 if (strip_trailing_spaces
) {
447 // Take care of this here because we need to know the exact length of
448 // what is going to be written.
449 write_len
= LengthWithoutTrailingSpaces(msg_data
+ done
, write_len
);
452 char data
[kUint64StringSize
];
453 const unsigned data_len
= my_uint_len(write_len
);
454 my_uitos(data
, write_len
, data_len
);
456 AddItem(msg_type
, msg_type_size
);
457 AddItem(num
, num_len
);
459 AddItem(data
, data_len
);
461 AddItem(msg_data
+ done
, write_len
);
465 msg_length
-= chunk_len
;
469 void CrashReporterWriter::AddFileContents(const char* filename_msg
,
472 char data
[kUint64StringSize
];
473 const unsigned data_len
= my_uint_len(file_size
);
474 my_uitos(data
, file_size
, data_len
);
476 AddString(filename_msg
);
478 AddItem(data
, data_len
);
480 AddItem(file_data
, file_size
);
483 #endif // defined(OS_CHROMEOS)
487 g_breakpad
->WriteMinidump();
489 #if defined(OS_ANDROID)
490 // If microdumps are enabled write also a microdump on the system log.
492 g_microdump
->WriteMinidump();
496 #if defined(OS_ANDROID)
497 const char kGoogleBreakpad
[] = "google-breakpad";
500 size_t WriteLog(const char* buf
, size_t nbytes
) {
501 #if defined(OS_ANDROID)
502 return __android_log_write(ANDROID_LOG_WARN
, kGoogleBreakpad
, buf
);
504 return sys_write(2, buf
, nbytes
);
508 size_t WriteNewline() {
509 return WriteLog("\n", 1);
512 #if defined(OS_ANDROID)
513 void AndroidLogWriteHorizontalRule() {
514 __android_log_write(ANDROID_LOG_WARN
, kGoogleBreakpad
,
515 "### ### ### ### ### ### ### ### ### ### ### ### ###");
518 // Android's native crash handler outputs a diagnostic tombstone to the device
519 // log. By returning false from the HandlerCallbacks, breakpad will reinstall
520 // the previous (i.e. native) signal handlers before returning from its own
521 // handler. A Chrome build fingerprint is written to the log, so that the
522 // specific build of Chrome and the location of the archived Chrome symbols can
523 // be determined directly from it.
524 bool FinalizeCrashDoneAndroid(bool is_browser_process
) {
525 base::android::BuildInfo
* android_build_info
=
526 base::android::BuildInfo::GetInstance();
528 AndroidLogWriteHorizontalRule();
529 __android_log_write(ANDROID_LOG_WARN
, kGoogleBreakpad
,
530 "Chrome build fingerprint:");
531 __android_log_write(ANDROID_LOG_WARN
, kGoogleBreakpad
,
532 android_build_info
->package_version_name());
533 __android_log_write(ANDROID_LOG_WARN
, kGoogleBreakpad
,
534 android_build_info
->package_version_code());
535 __android_log_write(ANDROID_LOG_WARN
, kGoogleBreakpad
,
537 AndroidLogWriteHorizontalRule();
539 if (!is_browser_process
&&
540 android_build_info
->sdk_int() >= 18 &&
541 my_strcmp(android_build_info
->build_type(), "eng") != 0 &&
542 my_strcmp(android_build_info
->build_type(), "userdebug") != 0) {
543 // On JB MR2 and later, the system crash handler displays a dialog. For
544 // renderer crashes, this is a bad user experience and so this is disabled
545 // for user builds of Android.
546 // TODO(cjhopman): There should be some way to recover the crash stack from
547 // non-uploading user clients. See http://crbug.com/273706.
548 __android_log_write(ANDROID_LOG_WARN
,
550 "Tombstones are disabled on JB MR2+ user builds.");
551 AndroidLogWriteHorizontalRule();
558 bool CrashDone(const MinidumpDescriptor
& minidump
,
560 const bool succeeded
) {
561 // WARNING: this code runs in a compromised context. It may not call into
562 // libc nor allocate memory normally.
564 const char msg
[] = "Failed to generate minidump.";
565 WriteLog(msg
, sizeof(msg
) - 1);
569 DCHECK(!minidump
.IsFD());
571 BreakpadInfo info
= {0};
572 info
.filename
= minidump
.path();
573 info
.fd
= minidump
.fd();
574 #if defined(ADDRESS_SANITIZER)
575 google_breakpad::PageAllocator allocator
;
576 const size_t log_path_len
= my_strlen(minidump
.path());
577 char* log_path
= reinterpret_cast<char*>(allocator
.Alloc(log_path_len
+ 1));
578 my_memcpy(log_path
, minidump
.path(), log_path_len
);
579 my_memcpy(log_path
+ log_path_len
- 4, ".log", 4);
580 log_path
[log_path_len
] = '\0';
581 info
.log_filename
= log_path
;
583 info
.process_type
= "browser";
584 info
.process_type_length
= 7;
585 info
.distro
= base::g_linux_distro
;
586 info
.distro_length
= my_strlen(base::g_linux_distro
);
587 info
.upload
= upload
;
588 info
.process_start_time
= g_process_start_time
;
589 info
.oom_size
= base::g_oom_size
;
591 info
.crash_keys
= g_crash_keys
;
592 HandleCrashDump(info
);
593 #if defined(OS_ANDROID)
594 return FinalizeCrashDoneAndroid(true /* is_browser_process */);
600 // Wrapper function, do not add more code here.
601 bool CrashDoneNoUpload(const MinidumpDescriptor
& minidump
,
604 return CrashDone(minidump
, false, succeeded
);
607 #if !defined(OS_ANDROID)
608 // Wrapper function, do not add more code here.
609 bool CrashDoneUpload(const MinidumpDescriptor
& minidump
,
612 return CrashDone(minidump
, true, succeeded
);
616 #if defined(ADDRESS_SANITIZER)
618 void __asan_set_error_report_callback(void (*cb
)(const char*));
621 void AsanLinuxBreakpadCallback(const char* report
) {
622 g_asan_report_str
= report
;
623 // Send minidump here.
624 g_breakpad
->SimulateSignalDelivery(SIGKILL
);
628 void EnableCrashDumping(bool unattended
) {
629 g_is_crash_reporter_enabled
= true;
631 base::FilePath
tmp_path("/tmp");
632 PathService::Get(base::DIR_TEMP
, &tmp_path
);
634 base::FilePath
dumps_path(tmp_path
);
635 if (GetCrashReporterClient()->GetCrashDumpLocation(&dumps_path
)) {
636 base::FilePath logfile
=
637 dumps_path
.Append(GetCrashReporterClient()->GetReporterLogFilename());
638 std::string logfile_str
= logfile
.value();
639 const size_t crash_log_path_len
= logfile_str
.size() + 1;
640 g_crash_log_path
= new char[crash_log_path_len
];
641 strncpy(g_crash_log_path
, logfile_str
.c_str(), crash_log_path_len
);
644 MinidumpDescriptor
minidump_descriptor(dumps_path
.value());
645 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
646 switches::kFullMemoryCrashReport
)) {
647 minidump_descriptor
.set_size_limit(-1); // unlimited.
649 minidump_descriptor
.set_size_limit(kMaxMinidumpFileSize
);
651 #if defined(OS_ANDROID)
652 unattended
= true; // Android never uploads directly.
655 g_breakpad
= new ExceptionHandler(
660 true, // Install handlers.
661 -1); // Server file descriptor. -1 for in-process.
665 #if !defined(OS_ANDROID)
667 g_breakpad
= new ExceptionHandler(
672 true, // Install handlers.
673 -1); // Server file descriptor. -1 for in-process.
677 #if defined(OS_ANDROID)
678 bool MicrodumpCrashDone(const MinidumpDescriptor
& minidump
,
681 // WARNING: this code runs in a compromised context. It may not call into
682 // libc nor allocate memory normally.
684 static const char msg
[] = "Microdump crash handler failed.\n";
685 WriteLog(msg
, sizeof(msg
) - 1);
689 const bool is_browser_process
= (context
!= nullptr);
690 return FinalizeCrashDoneAndroid(is_browser_process
);
693 // The microdump handler does NOT upload anything. It just dumps out on the
694 // system console (logcat) a restricted and serialized variant of a minidump.
695 // See crbug.com/410294 for more details.
696 void InitMicrodumpCrashHandlerIfNecessary(const std::string
& process_type
) {
697 if (!GetCrashReporterClient()->ShouldEnableBreakpadMicrodumps())
700 VLOG(1) << "Enabling microdumps crash handler (process_type:"
701 << process_type
<< ")";
703 // The exception handler runs in a compromised context and cannot use c_str()
704 // as that would require the heap. Therefore, we have to guarantee that the
705 // build fingerprint and product info pointers are always valid.
706 const char* product_name
= nullptr;
707 const char* product_version
= nullptr;
708 GetCrashReporterClient()->GetProductNameAndVersion(&product_name
,
711 MinidumpDescriptor
descriptor(MinidumpDescriptor::kMicrodumpOnConsole
);
713 if (product_name
&& product_version
) {
714 g_microdump_product_info
= strdup(
715 (product_name
+ std::string(":") + product_version
).c_str());
716 ANNOTATE_LEAKING_OBJECT_PTR(g_microdump_product_info
);
717 descriptor
.SetMicrodumpProductInfo(g_microdump_product_info
);
720 const char* android_build_fp
=
721 base::android::BuildInfo::GetInstance()->android_build_fp();
722 if (android_build_fp
) {
723 g_microdump_build_fingerprint
= strdup(android_build_fp
);
724 ANNOTATE_LEAKING_OBJECT_PTR(g_microdump_build_fingerprint
);
725 descriptor
.SetMicrodumpBuildFingerprint(g_microdump_build_fingerprint
);
728 DCHECK(!g_microdump
);
729 bool is_browser_process
= process_type
.empty() || process_type
== "webview";
730 g_microdump
= new ExceptionHandler(
734 reinterpret_cast<void*>(is_browser_process
),
735 true, // Install handlers.
736 -1); // Server file descriptor. -1 for in-process.
740 bool CrashDoneInProcessNoUpload(
741 const google_breakpad::MinidumpDescriptor
& descriptor
,
743 const bool succeeded
) {
744 // WARNING: this code runs in a compromised context. It may not call into
745 // libc nor allocate memory normally.
747 static const char msg
[] = "Crash dump generation failed.\n";
748 WriteLog(msg
, sizeof(msg
) - 1);
752 // Start constructing the message to send to the browser.
753 BreakpadInfo info
= {0};
754 info
.filename
= nullptr;
755 info
.fd
= descriptor
.fd();
756 info
.process_type
= g_process_type
;
757 info
.process_type_length
= my_strlen(g_process_type
);
758 info
.distro
= nullptr;
759 info
.distro_length
= 0;
761 info
.process_start_time
= g_process_start_time
;
763 info
.crash_keys
= g_crash_keys
;
764 HandleCrashDump(info
);
765 return FinalizeCrashDoneAndroid(false /* is_browser_process */);
768 void EnableNonBrowserCrashDumping(const std::string
& process_type
,
770 // This will guarantee that the BuildInfo has been initialized and subsequent
771 // calls will not require memory allocation.
772 base::android::BuildInfo::GetInstance();
773 SetClientIdFromCommandLine(*base::CommandLine::ForCurrentProcess());
775 // On Android, the current sandboxing uses process isolation, in which the
776 // child process runs with a different UID. That breaks the normal crash
777 // reporting where the browser process generates the minidump by inspecting
778 // the child process. This is because the browser process now does not have
779 // the permission to access the states of the child process (as it has a
781 // TODO(jcivelli): http://b/issue?id=6776356 we should use a watchdog
782 // process forked from the renderer process that generates the minidump.
783 if (minidump_fd
== -1) {
784 LOG(ERROR
) << "Minidump file descriptor not found, crash reporting will "
788 SetProcessStartTime();
791 g_is_crash_reporter_enabled
= true;
792 // Save the process type (it is leaked).
793 const size_t process_type_len
= process_type
.size() + 1;
794 g_process_type
= new char[process_type_len
];
795 strncpy(g_process_type
, process_type
.c_str(), process_type_len
);
796 new google_breakpad::ExceptionHandler(MinidumpDescriptor(minidump_fd
),
797 nullptr, CrashDoneInProcessNoUpload
, nullptr, true, -1);
800 // Non-Browser = Extension, Gpu, Plugins, Ppapi and Renderer
801 class NonBrowserCrashHandler
: public google_breakpad::CrashGenerationClient
{
803 NonBrowserCrashHandler()
804 : server_fd_(base::GlobalDescriptors::GetInstance()->Get(
808 ~NonBrowserCrashHandler() override
{}
810 bool RequestDump(const void* crash_context
,
811 size_t crash_context_size
) override
{
812 int fds
[2] = { -1, -1 };
813 if (sys_socketpair(AF_UNIX
, SOCK_STREAM
, 0, fds
) < 0) {
814 static const char msg
[] = "Failed to create socket for crash dumping.\n";
815 WriteLog(msg
, sizeof(msg
) - 1);
819 // Start constructing the message to send to the browser.
820 char b
; // Dummy variable for sys_read below.
821 const char* b_addr
= &b
; // Get the address of |b| so we can create the
822 // expected /proc/[pid]/syscall content in the
823 // browser to convert namespace tids.
825 // The length of the control message:
826 static const unsigned kControlMsgSize
= sizeof(int);
827 static const unsigned kControlMsgSpaceSize
= CMSG_SPACE(kControlMsgSize
);
828 static const unsigned kControlMsgLenSize
= CMSG_LEN(kControlMsgSize
);
830 struct kernel_msghdr msg
;
831 my_memset(&msg
, 0, sizeof(struct kernel_msghdr
));
832 struct kernel_iovec iov
[kCrashIovSize
];
833 iov
[0].iov_base
= const_cast<void*>(crash_context
);
834 iov
[0].iov_len
= crash_context_size
;
835 iov
[1].iov_base
= &b_addr
;
836 iov
[1].iov_len
= sizeof(b_addr
);
837 iov
[2].iov_base
= &fds
[0];
838 iov
[2].iov_len
= sizeof(fds
[0]);
839 iov
[3].iov_base
= &g_process_start_time
;
840 iov
[3].iov_len
= sizeof(g_process_start_time
);
841 iov
[4].iov_base
= &base::g_oom_size
;
842 iov
[4].iov_len
= sizeof(base::g_oom_size
);
843 google_breakpad::SerializedNonAllocatingMap
* serialized_map
;
844 iov
[5].iov_len
= g_crash_keys
->Serialize(
845 const_cast<const google_breakpad::SerializedNonAllocatingMap
**>(
847 iov
[5].iov_base
= serialized_map
;
848 #if !defined(ADDRESS_SANITIZER)
849 static_assert(5 == kCrashIovSize
- 1, "kCrashIovSize should equal 6");
851 iov
[6].iov_base
= const_cast<char*>(g_asan_report_str
);
852 iov
[6].iov_len
= kMaxAsanReportSize
+ 1;
853 static_assert(6 == kCrashIovSize
- 1, "kCrashIovSize should equal 7");
857 msg
.msg_iovlen
= kCrashIovSize
;
858 char cmsg
[kControlMsgSpaceSize
];
859 my_memset(cmsg
, 0, kControlMsgSpaceSize
);
860 msg
.msg_control
= cmsg
;
861 msg
.msg_controllen
= sizeof(cmsg
);
863 struct cmsghdr
*hdr
= CMSG_FIRSTHDR(&msg
);
864 hdr
->cmsg_level
= SOL_SOCKET
;
865 hdr
->cmsg_type
= SCM_RIGHTS
;
866 hdr
->cmsg_len
= kControlMsgLenSize
;
867 ((int*)CMSG_DATA(hdr
))[0] = fds
[1];
869 if (HANDLE_EINTR(sys_sendmsg(server_fd_
, &msg
, 0)) < 0) {
870 static const char errmsg
[] = "Failed to tell parent about crash.\n";
871 WriteLog(errmsg
, sizeof(errmsg
) - 1);
872 IGNORE_RET(sys_close(fds
[0]));
873 IGNORE_RET(sys_close(fds
[1]));
876 IGNORE_RET(sys_close(fds
[1]));
878 if (HANDLE_EINTR(sys_read(fds
[0], &b
, 1)) != 1) {
879 static const char errmsg
[] = "Parent failed to complete crash dump.\n";
880 WriteLog(errmsg
, sizeof(errmsg
) - 1);
882 IGNORE_RET(sys_close(fds
[0]));
888 // The pipe FD to the browser process, which will handle the crash dumping.
889 const int server_fd_
;
891 DISALLOW_COPY_AND_ASSIGN(NonBrowserCrashHandler
);
894 void EnableNonBrowserCrashDumping() {
895 g_is_crash_reporter_enabled
= true;
896 // We deliberately leak this object.
899 g_breakpad
= new ExceptionHandler(
900 MinidumpDescriptor("/tmp"), // Unused but needed or Breakpad will assert.
906 g_breakpad
->set_crash_generation_client(new NonBrowserCrashHandler());
908 #endif // defined(OS_ANDROID)
910 void SetCrashKeyValue(const base::StringPiece
& key
,
911 const base::StringPiece
& value
) {
912 g_crash_keys
->SetKeyValue(key
.data(), value
.data());
915 void ClearCrashKey(const base::StringPiece
& key
) {
916 g_crash_keys
->RemoveKey(key
.data());
919 // GetCrashReporterClient() cannot call any Set methods until after
921 void InitCrashKeys() {
922 g_crash_keys
= new CrashKeyStorage
;
923 GetCrashReporterClient()->RegisterCrashKeys();
924 base::debug::SetCrashKeyReportingFunctions(&SetCrashKeyValue
, &ClearCrashKey
);
927 // Miscellaneous initialization functions to call after Breakpad has been
929 void PostEnableBreakpadInitialization() {
930 SetProcessStartTime();
933 base::debug::SetDumpWithoutCrashingFunction(&DumpProcess
);
934 #if defined(ADDRESS_SANITIZER)
935 // Register the callback for AddressSanitizer error reporting.
936 __asan_set_error_report_callback(AsanLinuxBreakpadCallback
);
942 void LoadDataFromFD(google_breakpad::PageAllocator
& allocator
,
943 int fd
, bool close_fd
, uint8_t** file_data
, size_t* size
) {
945 if (FSTAT_FUNC(fd
, &st
) != 0) {
946 static const char msg
[] = "Cannot upload crash dump: stat failed\n";
947 WriteLog(msg
, sizeof(msg
) - 1);
949 IGNORE_RET(sys_close(fd
));
953 *file_data
= reinterpret_cast<uint8_t*>(allocator
.Alloc(st
.st_size
));
955 static const char msg
[] = "Cannot upload crash dump: cannot alloc\n";
956 WriteLog(msg
, sizeof(msg
) - 1);
958 IGNORE_RET(sys_close(fd
));
961 my_memset(*file_data
, 0xf, st
.st_size
);
964 int byte_read
= sys_read(fd
, *file_data
, *size
);
965 if (byte_read
== -1) {
966 static const char msg
[] = "Cannot upload crash dump: read failed\n";
967 WriteLog(msg
, sizeof(msg
) - 1);
969 IGNORE_RET(sys_close(fd
));
974 IGNORE_RET(sys_close(fd
));
977 void LoadDataFromFile(google_breakpad::PageAllocator
& allocator
,
978 const char* filename
,
979 int* fd
, uint8_t** file_data
, size_t* size
) {
980 // WARNING: this code runs in a compromised context. It may not call into
981 // libc nor allocate memory normally.
982 *fd
= sys_open(filename
, O_RDONLY
, 0);
986 static const char msg
[] = "Cannot upload crash dump: failed to open\n";
987 WriteLog(msg
, sizeof(msg
) - 1);
991 LoadDataFromFD(allocator
, *fd
, true, file_data
, size
);
994 // Spawn the appropriate upload process for the current OS:
995 // - generic Linux invokes wget.
996 // - ChromeOS invokes crash_reporter.
997 // |dumpfile| is the path to the dump data file.
998 // |mime_boundary| is only used on Linux.
999 // |exe_buf| is only used on CrOS and is the crashing process' name.
1000 void ExecUploadProcessOrTerminate(const BreakpadInfo
& info
,
1001 const char* dumpfile
,
1002 const char* mime_boundary
,
1003 const char* exe_buf
,
1004 google_breakpad::PageAllocator
* allocator
) {
1005 #if defined(OS_CHROMEOS)
1006 // CrOS uses crash_reporter instead of wget to report crashes,
1007 // it needs to know where the crash dump lives and the pid and uid of the
1008 // crashing process.
1009 static const char kCrashReporterBinary
[] = "/sbin/crash_reporter";
1011 char pid_buf
[kUint64StringSize
];
1012 uint64_t pid_str_length
= my_uint64_len(info
.pid
);
1013 my_uint64tos(pid_buf
, info
.pid
, pid_str_length
);
1014 pid_buf
[pid_str_length
] = '\0';
1016 char uid_buf
[kUint64StringSize
];
1017 uid_t uid
= geteuid();
1018 uint64_t uid_str_length
= my_uint64_len(uid
);
1019 my_uint64tos(uid_buf
, uid
, uid_str_length
);
1020 uid_buf
[uid_str_length
] = '\0';
1022 const char kChromeFlag
[] = "--chrome=";
1023 size_t buf_len
= my_strlen(dumpfile
) + sizeof(kChromeFlag
);
1024 char* chrome_flag
= reinterpret_cast<char*>(allocator
->Alloc(buf_len
));
1025 chrome_flag
[0] = '\0';
1026 my_strlcat(chrome_flag
, kChromeFlag
, buf_len
);
1027 my_strlcat(chrome_flag
, dumpfile
, buf_len
);
1029 const char kPidFlag
[] = "--pid=";
1030 buf_len
= my_strlen(pid_buf
) + sizeof(kPidFlag
);
1031 char* pid_flag
= reinterpret_cast<char*>(allocator
->Alloc(buf_len
));
1033 my_strlcat(pid_flag
, kPidFlag
, buf_len
);
1034 my_strlcat(pid_flag
, pid_buf
, buf_len
);
1036 const char kUidFlag
[] = "--uid=";
1037 buf_len
= my_strlen(uid_buf
) + sizeof(kUidFlag
);
1038 char* uid_flag
= reinterpret_cast<char*>(allocator
->Alloc(buf_len
));
1040 my_strlcat(uid_flag
, kUidFlag
, buf_len
);
1041 my_strlcat(uid_flag
, uid_buf
, buf_len
);
1043 const char kExeBuf
[] = "--exe=";
1044 buf_len
= my_strlen(exe_buf
) + sizeof(kExeBuf
);
1045 char* exe_flag
= reinterpret_cast<char*>(allocator
->Alloc(buf_len
));
1047 my_strlcat(exe_flag
, kExeBuf
, buf_len
);
1048 my_strlcat(exe_flag
, exe_buf
, buf_len
);
1050 const char* args
[] = {
1051 kCrashReporterBinary
,
1058 static const char msg
[] = "Cannot upload crash dump: cannot exec "
1059 "/sbin/crash_reporter\n";
1061 // Compress |dumpfile| with gzip.
1062 const pid_t gzip_child
= sys_fork();
1063 if (gzip_child
< 0) {
1064 static const char msg
[] = "sys_fork() for gzip process failed.\n";
1065 WriteLog(msg
, sizeof(msg
) - 1);
1070 const char* args
[] = {
1072 "-f", // Do not prompt to verify before overwriting.
1076 execve(args
[0], const_cast<char**>(args
), environ
);
1077 static const char msg
[] = "Cannot exec gzip.\n";
1078 WriteLog(msg
, sizeof(msg
) - 1);
1081 // Wait for gzip process.
1083 if (sys_waitpid(gzip_child
, &status
, 0) != gzip_child
||
1084 !WIFEXITED(status
) || WEXITSTATUS(status
) != 0) {
1085 static const char msg
[] = "sys_waitpid() for gzip process failed.\n";
1086 WriteLog(msg
, sizeof(msg
) - 1);
1087 sys_kill(gzip_child
, SIGKILL
);
1091 static const char kGzipExtension
[] = ".gz";
1092 const size_t gzip_file_size
= my_strlen(dumpfile
) + sizeof(kGzipExtension
);
1093 char* const gzip_file
= reinterpret_cast<char*>(allocator
->Alloc(
1095 my_strlcpy(gzip_file
, dumpfile
, gzip_file_size
);
1096 my_strlcat(gzip_file
, kGzipExtension
, gzip_file_size
);
1098 // Rename |gzip_file| to |dumpfile| (the original file was deleted by gzip).
1099 if (rename(gzip_file
, dumpfile
)) {
1100 static const char msg
[] = "Failed to rename gzipped file.\n";
1101 WriteLog(msg
, sizeof(msg
) - 1);
1105 // The --header argument to wget looks like:
1106 // --header=Content-Encoding: gzip
1107 // --header=Content-Type: multipart/form-data; boundary=XYZ
1108 // where the boundary has two fewer leading '-' chars
1109 static const char header_content_encoding
[] =
1110 "--header=Content-Encoding: gzip";
1111 static const char header_msg
[] =
1112 "--header=Content-Type: multipart/form-data; boundary=";
1113 const size_t header_content_type_size
=
1114 sizeof(header_msg
) - 1 + my_strlen(mime_boundary
) - 2 + 1;
1115 char* const header_content_type
= reinterpret_cast<char*>(allocator
->Alloc(
1116 header_content_type_size
));
1117 my_strlcpy(header_content_type
, header_msg
, header_content_type_size
);
1118 my_strlcat(header_content_type
, mime_boundary
+ 2, header_content_type_size
);
1120 // The --post-file argument to wget looks like:
1121 // --post-file=/tmp/...
1122 static const char post_file_msg
[] = "--post-file=";
1123 const size_t post_file_size
=
1124 sizeof(post_file_msg
) - 1 + my_strlen(dumpfile
) + 1;
1125 char* const post_file
= reinterpret_cast<char*>(allocator
->Alloc(
1127 my_strlcpy(post_file
, post_file_msg
, post_file_size
);
1128 my_strlcat(post_file
, dumpfile
, post_file_size
);
1130 static const char kWgetBinary
[] = "/usr/bin/wget";
1131 const char* args
[] = {
1133 header_content_encoding
,
1134 header_content_type
,
1137 "--timeout=10", // Set a timeout so we don't hang forever.
1138 "--tries=1", // Don't retry if the upload fails.
1139 "-O", // output reply to fd 3
1143 static const char msg
[] = "Cannot upload crash dump: cannot exec "
1146 execve(args
[0], const_cast<char**>(args
), environ
);
1147 WriteLog(msg
, sizeof(msg
) - 1);
1151 // Runs in the helper process to wait for the upload process running
1152 // ExecUploadProcessOrTerminate() to finish. Returns the number of bytes written
1153 // to |fd| and save the written contents to |buf|.
1154 // |buf| needs to be big enough to hold |bytes_to_read| + 1 characters.
1155 size_t WaitForCrashReportUploadProcess(int fd
, size_t bytes_to_read
,
1157 size_t bytes_read
= 0;
1159 // Upload should finish in about 10 seconds. Add a few more 500 ms
1160 // internals to account for process startup time.
1161 for (size_t wait_count
= 0; wait_count
< 24; ++wait_count
) {
1162 struct kernel_pollfd poll_fd
;
1164 poll_fd
.events
= POLLIN
| POLLPRI
| POLLERR
;
1165 int ret
= sys_poll(&poll_fd
, 1, 500);
1169 } else if (ret
> 0) {
1170 // There is data to read.
1171 ssize_t len
= HANDLE_EINTR(
1172 sys_read(fd
, buf
+ bytes_read
, bytes_to_read
- bytes_read
));
1176 if (bytes_read
== bytes_to_read
)
1179 // |ret| == 0 -> timed out, continue waiting.
1180 // or |bytes_read| < |bytes_to_read| still, keep reading.
1182 buf
[bytes_to_read
] = 0; // Always NUL terminate the buffer.
1186 // |buf| should be |expected_len| + 1 characters in size and nullptr terminated.
1187 bool IsValidCrashReportId(const char* buf
, size_t bytes_read
,
1188 size_t expected_len
) {
1189 if (bytes_read
!= expected_len
)
1191 #if defined(OS_CHROMEOS)
1192 return my_strcmp(buf
, "_sys_cr_finished") == 0;
1194 for (size_t i
= 0; i
< bytes_read
; ++i
) {
1195 if (!my_isxdigit(buf
[i
]))
1202 // |buf| should be |expected_len| + 1 characters in size and nullptr terminated.
1203 void HandleCrashReportId(const char* buf
, size_t bytes_read
,
1204 size_t expected_len
) {
1206 if (!IsValidCrashReportId(buf
, bytes_read
, expected_len
)) {
1207 #if defined(OS_CHROMEOS)
1208 static const char msg
[] =
1209 "System crash-reporter failed to process crash report.";
1211 static const char msg
[] = "Failed to get crash dump id.";
1213 WriteLog(msg
, sizeof(msg
) - 1);
1216 static const char id_msg
[] = "Report Id: ";
1217 WriteLog(id_msg
, sizeof(id_msg
) - 1);
1218 WriteLog(buf
, bytes_read
);
1223 #if defined(OS_CHROMEOS)
1224 static const char msg
[] = "Crash dump received by crash_reporter\n";
1225 WriteLog(msg
, sizeof(msg
) - 1);
1227 // Write crash dump id to stderr.
1228 static const char msg
[] = "Crash dump id: ";
1229 WriteLog(msg
, sizeof(msg
) - 1);
1230 WriteLog(buf
, my_strlen(buf
));
1233 // Write crash dump id to crash log as: seconds_since_epoch,crash_id
1234 struct kernel_timeval tv
;
1235 if (g_crash_log_path
&& !sys_gettimeofday(&tv
, nullptr)) {
1236 uint64_t time
= kernel_timeval_to_ms(&tv
) / 1000;
1237 char time_str
[kUint64StringSize
];
1238 const unsigned time_len
= my_uint64_len(time
);
1239 my_uint64tos(time_str
, time
, time_len
);
1241 const int kLogOpenFlags
= O_CREAT
| O_WRONLY
| O_APPEND
| O_CLOEXEC
;
1242 int log_fd
= sys_open(g_crash_log_path
, kLogOpenFlags
, 0600);
1244 sys_write(log_fd
, time_str
, time_len
);
1245 sys_write(log_fd
, ",", 1);
1246 sys_write(log_fd
, buf
, my_strlen(buf
));
1247 sys_write(log_fd
, "\n", 1);
1248 IGNORE_RET(sys_close(log_fd
));
1254 #if defined(OS_CHROMEOS)
1255 const char* GetCrashingProcessName(const BreakpadInfo
& info
,
1256 google_breakpad::PageAllocator
* allocator
) {
1257 // Symlink to process binary is at /proc/###/exe.
1258 char linkpath
[kUint64StringSize
+ sizeof("/proc/") + sizeof("/exe")] =
1260 uint64_t pid_value_len
= my_uint64_len(info
.pid
);
1261 my_uint64tos(linkpath
+ sizeof("/proc/") - 1, info
.pid
, pid_value_len
);
1262 linkpath
[sizeof("/proc/") - 1 + pid_value_len
] = '\0';
1263 my_strlcat(linkpath
, "/exe", sizeof(linkpath
));
1265 const int kMaxSize
= 4096;
1266 char* link
= reinterpret_cast<char*>(allocator
->Alloc(kMaxSize
));
1268 ssize_t size
= readlink(linkpath
, link
, kMaxSize
);
1269 if (size
< kMaxSize
&& size
> 0) {
1270 // readlink(2) doesn't add a terminating NUL, so do it now.
1273 const char* name
= my_strrchr(link
, '/');
1279 // Either way too long, or a read error.
1280 return "chrome-crash-unknown-process";
1284 void HandleCrashDump(const BreakpadInfo
& info
) {
1286 bool keep_fd
= false;
1289 google_breakpad::PageAllocator allocator
;
1290 const char* exe_buf
= nullptr;
1292 if (GetCrashReporterClient()->HandleCrashDump(info
.filename
)) {
1296 #if defined(OS_CHROMEOS)
1297 // Grab the crashing process' name now, when it should still be available.
1298 // If we try to do this later in our grandchild the crashing process has
1299 // already terminated.
1300 exe_buf
= GetCrashingProcessName(info
, &allocator
);
1303 if (info
.fd
!= -1) {
1304 // Dump is provided with an open FD.
1308 // The FD is pointing to the end of the file.
1309 // Rewind, we'll read the data next.
1310 if (lseek(dumpfd
, 0, SEEK_SET
) == -1) {
1311 static const char msg
[] = "Cannot upload crash dump: failed to "
1312 "reposition minidump FD\n";
1313 WriteLog(msg
, sizeof(msg
) - 1);
1314 IGNORE_RET(sys_close(dumpfd
));
1317 LoadDataFromFD(allocator
, info
.fd
, false, &dump_data
, &dump_size
);
1319 // Dump is provided with a path.
1321 LoadDataFromFile(allocator
, info
.filename
, &dumpfd
, &dump_data
, &dump_size
);
1324 // TODO(jcivelli): make log work when using FDs.
1325 #if defined(ADDRESS_SANITIZER)
1329 // Load the AddressSanitizer log into log_data.
1330 LoadDataFromFile(allocator
, info
.log_filename
, &logfd
, &log_data
, &log_size
);
1333 // We need to build a MIME block for uploading to the server. Since we are
1334 // going to fork and run wget, it needs to be written to a temp file.
1335 const int ufd
= sys_open("/dev/urandom", O_RDONLY
, 0);
1337 static const char msg
[] = "Cannot upload crash dump because /dev/urandom"
1339 WriteLog(msg
, sizeof(msg
) - 1);
1343 static const char temp_file_template
[] =
1344 "/tmp/chromium-upload-XXXXXXXXXXXXXXXX";
1345 char temp_file
[sizeof(temp_file_template
)];
1346 int temp_file_fd
= -1;
1348 temp_file_fd
= dumpfd
;
1349 // Rewind the destination, we are going to overwrite it.
1350 if (lseek(dumpfd
, 0, SEEK_SET
) == -1) {
1351 static const char msg
[] = "Cannot upload crash dump: failed to "
1352 "reposition minidump FD (2)\n";
1353 WriteLog(msg
, sizeof(msg
) - 1);
1354 IGNORE_RET(sys_close(dumpfd
));
1359 my_memcpy(temp_file
, temp_file_template
, sizeof(temp_file_template
));
1361 for (unsigned i
= 0; i
< 10; ++i
) {
1363 sys_read(ufd
, &t
, sizeof(t
));
1364 write_uint64_hex(temp_file
+ sizeof(temp_file
) - (16 + 1), t
);
1366 temp_file_fd
= sys_open(temp_file
, O_WRONLY
| O_CREAT
| O_EXCL
, 0600);
1367 if (temp_file_fd
>= 0)
1371 if (temp_file_fd
< 0) {
1372 static const char msg
[] = "Failed to create temporary file in /tmp: "
1373 "cannot upload crash dump\n";
1374 WriteLog(msg
, sizeof(msg
) - 1);
1375 IGNORE_RET(sys_close(ufd
));
1379 temp_file_fd
= sys_open(info
.filename
, O_WRONLY
, 0600);
1380 if (temp_file_fd
< 0) {
1381 static const char msg
[] = "Failed to save crash dump: failed to open\n";
1382 WriteLog(msg
, sizeof(msg
) - 1);
1383 IGNORE_RET(sys_close(ufd
));
1389 // The MIME boundary is 28 hyphens, followed by a 64-bit nonce and a NUL.
1390 char mime_boundary
[28 + 16 + 1];
1391 my_memset(mime_boundary
, '-', 28);
1392 uint64_t boundary_rand
;
1393 sys_read(ufd
, &boundary_rand
, sizeof(boundary_rand
));
1394 write_uint64_hex(mime_boundary
+ 28, boundary_rand
);
1395 mime_boundary
[28 + 16] = 0;
1396 IGNORE_RET(sys_close(ufd
));
1398 // The MIME block looks like this:
1400 // Content-Disposition: form-data; name="prod" \r\n \r\n
1401 // Chrome_Linux \r\n
1403 // Content-Disposition: form-data; name="ver" \r\n \r\n
1408 // Content-Disposition: form-data; name="ptime" \r\n \r\n
1413 // Content-Disposition: form-data; name="ptype" \r\n \r\n
1418 // Content-Disposition: form-data; name="lsb-release" \r\n \r\n
1423 // Content-Disposition: form-data; name="oom-size" \r\n \r\n
1427 // zero or more (up to CrashKeyStorage::num_entries = 64):
1428 // Content-Disposition: form-data; name=crash-key-name \r\n
1429 // crash-key-value \r\n
1432 // Content-Disposition: form-data; name="dump"; filename="dump" \r\n
1433 // Content-Type: application/octet-stream \r\n \r\n
1435 // \r\n BOUNDARY -- \r\n
1437 #if defined(OS_CHROMEOS)
1438 CrashReporterWriter
writer(temp_file_fd
);
1440 MimeWriter
writer(temp_file_fd
, mime_boundary
);
1443 const char* product_name
= "";
1444 const char* version
= "";
1446 GetCrashReporterClient()->GetProductNameAndVersion(&product_name
, &version
);
1448 writer
.AddBoundary();
1449 writer
.AddPairString("prod", product_name
);
1450 writer
.AddBoundary();
1451 writer
.AddPairString("ver", version
);
1452 writer
.AddBoundary();
1454 char pid_value_buf
[kUint64StringSize
];
1455 uint64_t pid_value_len
= my_uint64_len(info
.pid
);
1456 my_uint64tos(pid_value_buf
, info
.pid
, pid_value_len
);
1457 static const char pid_key_name
[] = "pid";
1458 writer
.AddPairData(pid_key_name
, sizeof(pid_key_name
) - 1,
1459 pid_value_buf
, pid_value_len
);
1460 writer
.AddBoundary();
1462 #if defined(OS_ANDROID)
1463 // Addtional MIME blocks are added for logging on Android devices.
1464 static const char android_build_id
[] = "android_build_id";
1465 static const char android_build_fp
[] = "android_build_fp";
1466 static const char device
[] = "device";
1467 static const char model
[] = "model";
1468 static const char brand
[] = "brand";
1469 static const char exception_info
[] = "exception_info";
1471 base::android::BuildInfo
* android_build_info
=
1472 base::android::BuildInfo::GetInstance();
1473 writer
.AddPairString(
1474 android_build_id
, android_build_info
->android_build_id());
1475 writer
.AddBoundary();
1476 writer
.AddPairString(
1477 android_build_fp
, android_build_info
->android_build_fp());
1478 writer
.AddBoundary();
1479 writer
.AddPairString(device
, android_build_info
->device());
1480 writer
.AddBoundary();
1481 writer
.AddPairString(model
, android_build_info
->model());
1482 writer
.AddBoundary();
1483 writer
.AddPairString(brand
, android_build_info
->brand());
1484 writer
.AddBoundary();
1485 if (android_build_info
->java_exception_info() != nullptr) {
1486 writer
.AddPairString(exception_info
,
1487 android_build_info
->java_exception_info());
1488 writer
.AddBoundary();
1494 if (info
.process_start_time
> 0) {
1495 struct kernel_timeval tv
;
1496 if (!sys_gettimeofday(&tv
, nullptr)) {
1497 uint64_t time
= kernel_timeval_to_ms(&tv
);
1498 if (time
> info
.process_start_time
) {
1499 time
-= info
.process_start_time
;
1500 char time_str
[kUint64StringSize
];
1501 const unsigned time_len
= my_uint64_len(time
);
1502 my_uint64tos(time_str
, time
, time_len
);
1504 static const char process_time_msg
[] = "ptime";
1505 writer
.AddPairData(process_time_msg
, sizeof(process_time_msg
) - 1,
1506 time_str
, time_len
);
1507 writer
.AddBoundary();
1513 if (info
.process_type_length
) {
1514 writer
.AddPairString("ptype", info
.process_type
);
1515 writer
.AddBoundary();
1519 if (info
.distro_length
) {
1520 static const char distro_msg
[] = "lsb-release";
1521 writer
.AddPairString(distro_msg
, info
.distro
);
1522 writer
.AddBoundary();
1526 if (info
.oom_size
) {
1527 char oom_size_str
[kUint64StringSize
];
1528 const unsigned oom_size_len
= my_uint64_len(info
.oom_size
);
1529 my_uint64tos(oom_size_str
, info
.oom_size
, oom_size_len
);
1530 static const char oom_size_msg
[] = "oom-size";
1531 writer
.AddPairData(oom_size_msg
, sizeof(oom_size_msg
) - 1,
1532 oom_size_str
, oom_size_len
);
1533 writer
.AddBoundary();
1537 if (info
.crash_keys
) {
1538 CrashKeyStorage::Iterator
crash_key_iterator(*info
.crash_keys
);
1539 const CrashKeyStorage::Entry
* entry
;
1540 while ((entry
= crash_key_iterator
.Next())) {
1541 writer
.AddPairString(entry
->key
, entry
->value
);
1542 writer
.AddBoundary();
1547 writer
.AddFileContents(g_dump_msg
, dump_data
, dump_size
);
1548 #if defined(ADDRESS_SANITIZER)
1549 // Append a multipart boundary and the contents of the AddressSanitizer log.
1550 writer
.AddBoundary();
1551 writer
.AddFileContents(g_log_msg
, log_data
, log_size
);
1556 IGNORE_RET(sys_close(temp_file_fd
));
1558 #if defined(OS_ANDROID)
1559 if (info
.filename
) {
1560 size_t filename_length
= my_strlen(info
.filename
);
1562 // If this was a file, we need to copy it to the right place and use the
1563 // right file name so it gets uploaded by the browser.
1564 const char msg
[] = "Output crash dump file:";
1565 WriteLog(msg
, sizeof(msg
) - 1);
1566 WriteLog(info
.filename
, filename_length
);
1568 char pid_buf
[kUint64StringSize
];
1569 size_t pid_str_length
= my_uint64_len(info
.pid
);
1570 my_uint64tos(pid_buf
, info
.pid
, pid_str_length
);
1571 pid_buf
[pid_str_length
] = 0; // my_uint64tos() doesn't null-terminate.
1573 size_t done_filename_len
= filename_length
+ pid_str_length
+ 1;
1574 char* done_filename
= reinterpret_cast<char*>(
1575 allocator
.Alloc(done_filename_len
));
1576 // Rename the file such that the pid is the suffix in order signal to other
1577 // processes that the minidump is complete. The advantage of using the pid
1578 // as the suffix is that it is trivial to associate the minidump with the
1580 my_strlcpy(done_filename
, info
.filename
, done_filename_len
);
1581 my_strlcat(done_filename
, pid_buf
, done_filename_len
);
1582 // Rename the minidump file to signal that it is complete.
1583 if (rename(info
.filename
, done_filename
)) {
1584 const char failed_msg
[] = "Failed to rename:";
1585 WriteLog(failed_msg
, sizeof(failed_msg
) - 1);
1586 WriteLog(info
.filename
, filename_length
);
1587 const char to_msg
[] = "to";
1588 WriteLog(to_msg
, sizeof(to_msg
) - 1);
1589 WriteLog(done_filename
, done_filename_len
- 1);
1597 const pid_t child
= sys_fork();
1599 // Spawned helper process.
1601 // This code is called both when a browser is crashing (in which case,
1602 // nothing really matters any more) and when a renderer/plugin crashes, in
1603 // which case we need to continue.
1605 // Since we are a multithreaded app, if we were just to fork(), we might
1606 // grab file descriptors which have just been created in another thread and
1607 // hold them open for too long.
1609 // Thus, we have to loop and try and close everything.
1610 const int fd
= sys_open("/proc/self/fd", O_DIRECTORY
| O_RDONLY
, 0);
1612 for (unsigned i
= 3; i
< 8192; ++i
)
1613 IGNORE_RET(sys_close(i
));
1615 google_breakpad::DirectoryReader
reader(fd
);
1617 while (reader
.GetNextEntry(&name
)) {
1619 if (my_strtoui(&i
, name
) && i
> 2 && i
!= fd
)
1620 IGNORE_RET(sys_close(i
));
1624 IGNORE_RET(sys_close(fd
));
1627 IGNORE_RET(sys_setsid());
1629 // Leave one end of a pipe in the upload process and watch for it getting
1630 // closed by the upload process exiting.
1632 if (sys_pipe(fds
) >= 0) {
1633 const pid_t upload_child
= sys_fork();
1634 if (!upload_child
) {
1636 IGNORE_RET(sys_close(fds
[0]));
1637 IGNORE_RET(sys_dup2(fds
[1], 3));
1638 ExecUploadProcessOrTerminate(info
, temp_file
, mime_boundary
, exe_buf
,
1643 if (upload_child
> 0) {
1644 IGNORE_RET(sys_close(fds
[1]));
1646 const size_t kCrashIdLength
= 16;
1647 char id_buf
[kCrashIdLength
+ 1];
1649 WaitForCrashReportUploadProcess(fds
[0], kCrashIdLength
, id_buf
);
1650 HandleCrashReportId(id_buf
, bytes_read
, kCrashIdLength
);
1652 if (sys_waitpid(upload_child
, nullptr, WNOHANG
) == 0) {
1653 // Upload process is still around, kill it.
1654 sys_kill(upload_child
, SIGKILL
);
1660 IGNORE_RET(sys_unlink(info
.filename
));
1661 #if defined(ADDRESS_SANITIZER)
1662 IGNORE_RET(sys_unlink(info
.log_filename
));
1664 IGNORE_RET(sys_unlink(temp_file
));
1668 // Main browser process.
1671 (void) HANDLE_EINTR(sys_waitpid(child
, nullptr, 0));
1674 void InitCrashReporter(const std::string
& process_type
) {
1675 #if defined(OS_ANDROID)
1676 // This will guarantee that the BuildInfo has been initialized and subsequent
1677 // calls will not require memory allocation.
1678 base::android::BuildInfo::GetInstance();
1680 // Handler registration is LIFO. Install the microdump handler first, such
1681 // that if conventional minidump crash reporting is enabled below, it takes
1682 // precedence (i.e. its handler is run first) over the microdump handler.
1683 InitMicrodumpCrashHandlerIfNecessary(process_type
);
1685 // Determine the process type and take appropriate action.
1686 const base::CommandLine
& parsed_command_line
=
1687 *base::CommandLine::ForCurrentProcess();
1688 if (parsed_command_line
.HasSwitch(switches::kDisableBreakpad
))
1691 if (process_type
.empty()) {
1692 bool enable_breakpad
= GetCrashReporterClient()->GetCollectStatsConsent() ||
1693 GetCrashReporterClient()->IsRunningUnattended();
1695 !parsed_command_line
.HasSwitch(switches::kDisableBreakpad
);
1696 if (!enable_breakpad
) {
1697 enable_breakpad
= parsed_command_line
.HasSwitch(
1698 switches::kEnableCrashReporterForTesting
);
1700 if (!enable_breakpad
) {
1701 VLOG(1) << "Breakpad disabled";
1706 EnableCrashDumping(GetCrashReporterClient()->IsRunningUnattended());
1707 } else if (GetCrashReporterClient()->EnableBreakpadForProcess(process_type
)) {
1708 #if defined(OS_ANDROID)
1709 NOTREACHED() << "Breakpad initialized with InitCrashReporter() instead of "
1710 "InitNonBrowserCrashReporter in " << process_type
<< " process.";
1713 // We might be chrooted in a zygote or renderer process so we cannot call
1714 // GetCollectStatsConsent because that needs access the the user's home
1715 // dir. Instead, we set a command line flag for these processes.
1716 // Even though plugins are not chrooted, we share the same code path for
1718 if (!parsed_command_line
.HasSwitch(switches::kEnableCrashReporter
))
1721 SetClientIdFromCommandLine(parsed_command_line
);
1722 EnableNonBrowserCrashDumping();
1723 VLOG(1) << "Non Browser crash dumping enabled for: " << process_type
;
1724 #endif // #if defined(OS_ANDROID)
1727 PostEnableBreakpadInitialization();
1730 #if defined(OS_ANDROID)
1731 void InitNonBrowserCrashReporterForAndroid(const std::string
& process_type
) {
1732 const base::CommandLine
* command_line
=
1733 base::CommandLine::ForCurrentProcess();
1735 // Handler registration is LIFO. Install the microdump handler first, such
1736 // that if conventional minidump crash reporting is enabled below, it takes
1737 // precedence (i.e. its handler is run first) over the microdump handler.
1738 InitMicrodumpCrashHandlerIfNecessary(process_type
);
1740 if (command_line
->HasSwitch(switches::kEnableCrashReporter
)) {
1741 // On Android we need to provide a FD to the file where the minidump is
1742 // generated as the renderer and browser run with different UIDs
1743 // (preventing the browser from inspecting the renderer process).
1744 int minidump_fd
= base::GlobalDescriptors::GetInstance()->MaybeGet(
1745 GetCrashReporterClient()->GetAndroidMinidumpDescriptor());
1746 if (minidump_fd
< 0) {
1747 NOTREACHED() << "Could not find minidump FD, crash reporting disabled.";
1750 EnableNonBrowserCrashDumping(process_type
, minidump_fd
);
1754 #endif // OS_ANDROID
1756 bool IsCrashReporterEnabled() {
1757 return g_is_crash_reporter_enabled
;
1760 } // namespace breakpad