Chromium Code Reviews Chromium Code Reviews
Issue 2054303002:
Kill child processes on bad Mojo messages (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@bad-message| OLD | NEW |
|---|---|
| 1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Represents the browser side of the browser <--> renderer communication | 5 // Represents the browser side of the browser <--> renderer communication |
| 6 // channel. There will be one RenderProcessHost per renderer process. | 6 // channel. There will be one RenderProcessHost per renderer process. |
| 7 | 7 |
| 8 #include "content/browser/renderer_host/render_process_host_impl.h" | 8 #include "content/browser/renderer_host/render_process_host_impl.h" |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 766 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 777 if (!renderer_prefix.empty()) | 777 if (!renderer_prefix.empty()) |
| 778 cmd_line->PrependWrapper(renderer_prefix); | 778 cmd_line->PrependWrapper(renderer_prefix); |
| 779 AppendRendererCommandLine(cmd_line); | 779 AppendRendererCommandLine(cmd_line); |
| 780 cmd_line->AppendSwitchASCII(switches::kProcessChannelID, channel_id); | 780 cmd_line->AppendSwitchASCII(switches::kProcessChannelID, channel_id); |
| 781 | 781 |
| 782 // Spawn the child process asynchronously to avoid blocking the UI thread. | 782 // Spawn the child process asynchronously to avoid blocking the UI thread. |
| 783 // As long as there's no renderer prefix, we can use the zygote process | 783 // As long as there's no renderer prefix, we can use the zygote process |
| 784 // at this stage. | 784 // at this stage. |
| 785 child_process_launcher_.reset(new ChildProcessLauncher( | 785 child_process_launcher_.reset(new ChildProcessLauncher( |
| 786 new RendererSandboxedProcessLauncherDelegate(channel_.get()), cmd_line, | 786 new RendererSandboxedProcessLauncherDelegate(channel_.get()), cmd_line, |
| 787 GetID(), this, child_token_)); | 787 GetID(), this, child_token_, |
| 788 base::Bind(&RenderProcessHostImpl::OnMojoProcessError, | |
| 789 weak_factory_.GetWeakPtr()))); | |
| 788 | 790 |
| 789 fast_shutdown_started_ = false; | 791 fast_shutdown_started_ = false; |
| 790 } | 792 } |
| 791 | 793 |
| 792 if (!gpu_observer_registered_) { | 794 if (!gpu_observer_registered_) { |
| 793 gpu_observer_registered_ = true; | 795 gpu_observer_registered_ = true; |
| 794 ui::GpuSwitchingManager::GetInstance()->AddObserver(this); | 796 ui::GpuSwitchingManager::GetInstance()->AddObserver(this); |
| 795 } | 797 } |
| 796 | 798 |
| 797 power_monitor_broadcaster_.Init(); | 799 power_monitor_broadcaster_.Init(); |
| (...skipping 1822 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2620 // sent a RenderProcessHostDestroyed notification, and we must observe our | 2622 // sent a RenderProcessHostDestroyed notification, and we must observe our |
| 2621 // contract that says that will be the last call. | 2623 // contract that says that will be the last call. |
| 2622 if (deleting_soon_) | 2624 if (deleting_soon_) |
| 2623 return; | 2625 return; |
| 2624 | 2626 |
| 2625 RendererClosedDetails details{base::TERMINATION_STATUS_LAUNCH_FAILED, | 2627 RendererClosedDetails details{base::TERMINATION_STATUS_LAUNCH_FAILED, |
| 2626 error_code}; | 2628 error_code}; |
| 2627 ProcessDied(true, &details); | 2629 ProcessDied(true, &details); |
| 2628 } | 2630 } |
| 2629 | 2631 |
| 2632 void RenderProcessHostImpl::OnMojoProcessError(const std::string& error) { | |
| 2633 // The ReceivedBadMessage call below will trigger a DumpWithoutCrashing. Alias | |
| 2634 // enough information here so that we can determine what the bad message was. | |
| 2635 base::debug::Alias(&error); | |
| 2636 bad_message::ReceivedBadMessage(this, | |
| 2637 bad_message::RPH_MOJO_PROCESS_ERROR); | |
| 2638 LOG(ERROR) << "Killing render process process: " << error; | |
|
jam
2016/06/13 18:30:39
nit: no need, since bad_message::ReceivedBadMessag
Ken Rockot(use gerrit already)
2016/06/13 22:36:40
The message logged by ReceivedBadMessage is not pa
| |
| 2639 } | |
| 2640 | |
| 2630 scoped_refptr<AudioRendererHost> RenderProcessHostImpl::audio_renderer_host() | 2641 scoped_refptr<AudioRendererHost> RenderProcessHostImpl::audio_renderer_host() |
| 2631 const { | 2642 const { |
| 2632 return audio_renderer_host_; | 2643 return audio_renderer_host_; |
| 2633 } | 2644 } |
| 2634 | 2645 |
| 2635 void RenderProcessHostImpl::OnUserMetricsRecordAction( | 2646 void RenderProcessHostImpl::OnUserMetricsRecordAction( |
| 2636 const std::string& action) { | 2647 const std::string& action) { |
| 2637 RecordComputedAction(action); | 2648 RecordComputedAction(action); |
| 2638 } | 2649 } |
| 2639 | 2650 |
| (...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2800 | 2811 |
| 2801 // Skip widgets in other processes. | 2812 // Skip widgets in other processes. |
| 2802 if (rvh->GetProcess()->GetID() != GetID()) | 2813 if (rvh->GetProcess()->GetID() != GetID()) |
| 2803 continue; | 2814 continue; |
| 2804 | 2815 |
| 2805 rvh->OnWebkitPreferencesChanged(); | 2816 rvh->OnWebkitPreferencesChanged(); |
| 2806 } | 2817 } |
| 2807 } | 2818 } |
| 2808 | 2819 |
| 2809 } // namespace content | 2820 } // namespace content |
| OLD | NEW |
