Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(356)

Issue 2242953002: winheap_dump: handle errors gracefully (Closed)

Created:
4 years, 4 months ago by liamjm (20p)
Modified:
4 years, 2 months ago
CC:
chromium-reviews, tracing+reviews_chromium.org, wfh+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

winheap_dump: handle errors gracefully In bug 464430 we are aiming to lockdown CSRSS. However this causes a problem with the dumping of the heap, which has necessitated the change to base/trace_event/winheap_dump_provider_win.cc The dumping of the heaps get a list of process heaps (for the renderer) and dumps each of these. One of these heaps is the one used by CSRSS for its communication between the client (this process) and the CSRSS server (csrss.exe). For more background see [0] and [1]. When the handle to ALPC port to CSRSS is closed in the sandbox lockdown, the server destroys this heap. However as this is only meant to happen as part of process termination, there is no cleanup inside the client process. So the client process is left thinking this process heap exists, when it does not. It is possible to destroy this heap right before the ALPC port is closed, however the 2 options I've experimented with both require use of undocumented features. This is not desired in general, and from my observations, the internal heap structures change a lot from version to version, so we really can't rely on them. The solution implemented here is to handle the invalid heaps when they are being dumped, by gracefully supporting failures, rather than CHECK()ing. In particular, the call to HeapLock() is performing the heap validation for us, if this fails we assume that we can't read the heap, which is now considered ok. As an extra check, we add a CHECK() to ensure that at least one heap was dumped successfully. It would be an option, perhaps, to plumb through this lockdown state in to the heap dumping code, however that would require a very large amount of changes so it has not been done. [0]: http://j00ru.vexillium.org/?p=527 [1]: https://github.com/dynamorio/drmemory/issues/1221 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win10_chromium_x64_rel_ng BUG=464430 Committed: https://crrev.com/c56e1ffa7c82070f974f065c1a5b0bc99165d32e Cr-Commit-Position: refs/heads/master@{#425523}

Patch Set 1 #

Patch Set 2 : winheap_dump: handle errors gracefully #

Patch Set 3 : Merge branch 'master' of https://chromium.googlesource.com/chromium/src into winheap_dump #

Total comments: 12

Patch Set 4 : changes from review #

Patch Set 5 : rebase and move changes to new file as old one was deleted #

Patch Set 6 : adjust line breaks on comment #

Total comments: 2

Patch Set 7 : switch params to check, and match signedness #

Unified diffs Side-by-side diffs Delta from patch set Stats (+24 lines, -7 lines) Patch
M base/trace_event/malloc_dump_provider.cc View 1 2 3 4 5 6 2 chunks +24 lines, -7 lines 0 comments Download

Messages

Total messages: 26 (10 generated)
liamjm (20p)
danakj@chromium.org: Please review changes in
4 years, 4 months ago (2016-08-12 21:41:49 UTC) #5
Will Harris
(background) This l-g-t-m as the approach we think is best to unblock the CSRSS lockdown ...
4 years, 4 months ago (2016-08-12 21:45:36 UTC) #6
danakj
> As an extra check, we add a CHECK() to ensure that at least one ...
4 years, 4 months ago (2016-08-15 23:42:03 UTC) #7
danakj
https://codereview.chromium.org/2242953002/diff/40001/base/trace_event/winheap_dump_provider_win.cc File base/trace_event/winheap_dump_provider_win.cc (right): https://codereview.chromium.org/2242953002/diff/40001/base/trace_event/winheap_dump_provider_win.cc#newcode114 base/trace_event/winheap_dump_provider_win.cc:114: if (::IsBadReadPtr(heap_info->heap_id, 0x100)) { On 2016/08/15 23:42:03, danakj wrote: ...
4 years, 4 months ago (2016-08-15 23:43:51 UTC) #8
Will Harris
(Context: liamjm is only 20% on chrome security so replies to this CL might come ...
4 years, 4 months ago (2016-08-16 16:08:01 UTC) #9
danakj
On Tue, Aug 16, 2016 at 9:08 AM, <wfh@chromium.org> wrote: > (Context: liamjm is only ...
4 years, 4 months ago (2016-08-16 17:35:36 UTC) #10
liamjm (20p)
Hi all, I'm heading out on vacation for the month of September. I really wanted ...
4 years, 3 months ago (2016-09-01 23:19:06 UTC) #11
liamjm (20p)
https://codereview.chromium.org/2242953002/diff/40001/base/trace_event/winheap_dump_provider_win.cc File base/trace_event/winheap_dump_provider_win.cc (right): https://codereview.chromium.org/2242953002/diff/40001/base/trace_event/winheap_dump_provider_win.cc#newcode96 base/trace_event/winheap_dump_provider_win.cc:96: CHECK(all_heap_info.allocated_size != 0); On 2016/08/15 23:42:03, danakj wrote: > ...
4 years, 2 months ago (2016-10-11 18:57:31 UTC) #12
Primiano Tucci (use gerrit)
ehm I think this file doesn't exist anymore and has been merged in the malloc ...
4 years, 2 months ago (2016-10-11 19:52:34 UTC) #14
liamjm (20p)
On 2016/10/11 19:52:34, Primiano Tucci wrote: > ehm I think this file doesn't exist anymore ...
4 years, 2 months ago (2016-10-11 20:58:48 UTC) #15
liamjm (20p)
On 2016/10/11 20:58:48, liamjm (20p) wrote: > On 2016/10/11 19:52:34, Primiano Tucci wrote: > > ...
4 years, 2 months ago (2016-10-11 21:37:11 UTC) #16
Primiano Tucci (use gerrit)
LGTM with 1 comment https://codereview.chromium.org/2242953002/diff/100001/base/trace_event/malloc_dump_provider.cc File base/trace_event/malloc_dump_provider.cc (right): https://codereview.chromium.org/2242953002/diff/100001/base/trace_event/malloc_dump_provider.cc#newcode188 base/trace_event/malloc_dump_provider.cc:188: CHECK_EQ(heap_info_errors, 1); you really want ...
4 years, 2 months ago (2016-10-12 16:39:25 UTC) #17
liamjm (20p)
Thanks! https://codereview.chromium.org/2242953002/diff/100001/base/trace_event/malloc_dump_provider.cc File base/trace_event/malloc_dump_provider.cc (right): https://codereview.chromium.org/2242953002/diff/100001/base/trace_event/malloc_dump_provider.cc#newcode188 base/trace_event/malloc_dump_provider.cc:188: CHECK_EQ(heap_info_errors, 1); On 2016/10/12 16:39:25, Primiano Tucci wrote: ...
4 years, 2 months ago (2016-10-14 16:47:08 UTC) #18
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2242953002/120001
4 years, 2 months ago (2016-10-14 23:43:22 UTC) #22
commit-bot: I haz the power
Committed patchset #7 (id:120001)
4 years, 2 months ago (2016-10-15 01:05:09 UTC) #24
commit-bot: I haz the power
4 years, 2 months ago (2016-10-15 01:07:57 UTC) #26
Message was sent while issue was closed.
Patchset 7 (id:??) landed as
https://crrev.com/c56e1ffa7c82070f974f065c1a5b0bc99165d32e
Cr-Commit-Position: refs/heads/master@{#425523}

Powered by Google App Engine
This is Rietveld 408576698