Linux/CrOS: Use PR_SET_PTRACER for non-browser crashes.

chrome/app/breakpad_linux.cc

-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // For linux_syscall_support.h. This makes it safe to call embedded system
 // calls when in seccomp mode.
 #define SYS_SYSCALL_ENTRYPOINT "playground$syscallEntryPoint"
 
 #include "chrome/app/breakpad_linux.h"
 
 #include <fcntl.h>
@@ skipping 20 matching lines @@
 #include "breakpad/src/common/linux/linux_libc_support.h"
 #include "breakpad/src/common/memory.h"
 #include "chrome/common/child_process_logging.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/chrome_version_info_posix.h"
 #include "chrome/common/env_vars.h"
 #include "content/common/chrome_descriptors.h"
 #include "seccompsandbox/linux_syscall_support.h"
 
+#ifndef PR_SET_PTRACER
+#define PR_SET_PTRACER 0x59616d61
+#endif
+
 // Some versions of gcc are prone to warn about unused return values. In cases
 // where we either a) know the call cannot fail, or b) there is nothing we
 // can do when a call fails, we mark the return code as ignored. This avoids
 // spurious compiler warnings.
 #define IGNORE_RET(x) do { if (x); } while (0)
 
 static const char kUploadURL[] =
     "https://clients2.google.com/cr/report";
 
 static bool is_crash_reporter_enabled = false;
@@ skipping 662 matching lines @@
                       const bool upload,
                       const bool succeeded) {
   // WARNING: this code runs in a compromised context. It may not call into
   // libc nor allocate memory normally.
   if (!succeeded)
     return false;
 
   google_breakpad::PageAllocator allocator;
   const unsigned dump_path_len = my_strlen(dump_path);
   const unsigned minidump_id_len = my_strlen(minidump_id);
-  char *const path = reinterpret_cast<char*>(allocator.Alloc(
+  char* const path = reinterpret_cast<char*>(allocator.Alloc(
       dump_path_len + 1 /* '/' */ + minidump_id_len +
       4 /* ".dmp" */ + 1 /* NUL */));
   memcpy(path, dump_path, dump_path_len);
   path[dump_path_len] = '/';
   memcpy(path + dump_path_len + 1, minidump_id, minidump_id_len);
   memcpy(path + dump_path_len + 1 + minidump_id_len, ".dmp", 4);
   path[dump_path_len + 1 + minidump_id_len + 4] = 0;
 
   BreakpadInfo info;
   info.filename = path;
@@ skipping 48 matching lines @@
                                           CrashDoneNoUpload, NULL,
                                           true /* install handlers */);
   } else {
     new google_breakpad::ExceptionHandler(tmp_path.value().c_str(), NULL,
                                           CrashDoneUpload, NULL,
                                           true /* install handlers */);
   }
 }
 
 // Non-Browser = Extension, Gpu, Plugins, Ppapi and Renderer
-static bool
-NonBrowserCrashHandler(const void* crash_context, size_t crash_context_size,
-                       void* context) {
+static bool NonBrowserCrashHandler(const void* crash_context,
+                                   size_t crash_context_size,
+                                   void* context) {
   const int fd = reinterpret_cast<intptr_t>(context);
   int fds[2] = { -1, -1 };
   if (sys_socketpair(AF_UNIX, SOCK_STREAM, 0, fds) < 0) {
     static const char msg[] = "Failed to create socket for crash dumping.\n";
     sys_write(2, msg, sizeof(msg)-1);
     return false;
   }
+
+  // On kernels with ptrace protection, e.g. Ubuntu 10.10+, the browser cannot
+  // ptrace this crashing process and crash dumping will fail. When using the
+  // SUID sandbox, this crashing process is likely to be in its own PID
+  // namespace, and thus there is no way to permit only the browser process to
+  // ptrace it.
+  // The workaround is to allow all processes to ptrace this process if we
+  // reach this point, by passing -1 as the allowed PID. However, support for
+  // passing -1 as the PID won't reach kernels until around the Ubuntu 12.04
+  // timeframe.
+  sys_prctl(PR_SET_PTRACER, -1);
+
+  // Start constructing the message to send to the browser.
   char guid[kGuidSize + 1] = {0};
   char crash_url[kMaxActiveURLSize + 1] = {0};
   char distro[kDistroSize + 1] = {0};
   const size_t guid_len =
       std::min(my_strlen(child_process_logging::g_client_id), kGuidSize);
   const size_t crash_url_len =
       std::min(my_strlen(child_process_logging::g_active_url),
                kMaxActiveURLSize);
   const size_t distro_len =
       std::min(my_strlen(base::g_linux_distro), kDistroSize);
   memcpy(guid, child_process_logging::g_client_id, guid_len);
   memcpy(crash_url, child_process_logging::g_active_url, crash_url_len);
   memcpy(distro, base::g_linux_distro, distro_len);
 
   char b;  // Dummy variable for sys_read below.
   const char* b_addr = &b;  // Get the address of |b| so we can create the
                             // expected /proc/[pid]/syscall content in the
                             // browser to convert namespace tids.
 
   // The length of the control message:
-  static const unsigned kControlMsgSize = CMSG_SPACE(2*sizeof(int));
+  static const unsigned kControlMsgSize = sizeof(fds);
+  static const unsigned kControlMsgSpaceSize = CMSG_SPACE(kControlMsgSize);
+  static const unsigned kControlMsgLenSize = CMSG_LEN(kControlMsgSize);
 
   const size_t kIovSize = 7;
   struct kernel_msghdr msg;
   my_memset(&msg, 0, sizeof(struct kernel_msghdr));
   struct kernel_iovec iov[kIovSize];
   iov[0].iov_base = const_cast<void*>(crash_context);
   iov[0].iov_len = crash_context_size;
   iov[1].iov_base = guid;
   iov[1].iov_len = kGuidSize + 1;
   iov[2].iov_base = crash_url;
   iov[2].iov_len = kMaxActiveURLSize + 1;
   iov[3].iov_base = distro;
   iov[3].iov_len = kDistroSize + 1;
   iov[4].iov_base = &b_addr;
   iov[4].iov_len = sizeof(b_addr);
   iov[5].iov_base = &fds[0];
   iov[5].iov_len = sizeof(fds[0]);
   iov[6].iov_base = &process_start_time;
   iov[6].iov_len = sizeof(process_start_time);
 
   msg.msg_iov = iov;
   msg.msg_iovlen = kIovSize;
-  char cmsg[kControlMsgSize];
-  my_memset(cmsg, 0, kControlMsgSize);
+  char cmsg[kControlMsgSpaceSize];
+  my_memset(cmsg, 0, kControlMsgSpaceSize);
   msg.msg_control = cmsg;
   msg.msg_controllen = sizeof(cmsg);
 
   struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
   hdr->cmsg_level = SOL_SOCKET;
   hdr->cmsg_type = SCM_RIGHTS;
-  hdr->cmsg_len = CMSG_LEN(2*sizeof(int));
+  hdr->cmsg_len = kControlMsgLenSize;
   ((int*) CMSG_DATA(hdr))[0] = fds[0];
   ((int*) CMSG_DATA(hdr))[1] = fds[1];
 
   if (HANDLE_EINTR(sys_sendmsg(fd, &msg, 0)) < 0) {
     static const char msg[] = "Failed to tell parent about crash.\n";
     sys_write(2, msg, sizeof(msg)-1);
     IGNORE_RET(sys_close(fds[1]));
     return false;
   }
   IGNORE_RET(sys_close(fds[1]));
@@ skipping 55 matching lines @@
   struct timeval tv;
   if (!gettimeofday(&tv, NULL))
     process_start_time = timeval_to_ms(&tv);
   else
     process_start_time = 0;
 }
 
 bool IsCrashReporterEnabled() {
   return is_crash_reporter_enabled;
 }