Description was changed from ========== Merge branch 'master' of https://chromium.googlesource.com/chromium/src into destroy_heap use heapdestroy() not ...
3 years, 9 months ago
(2017-02-28 23:58:32 UTC)
#1
Description was changed from
==========
Merge branch 'master' of https://chromium.googlesource.com/chromium/src into
destroy_heap
use heapdestroy() not rtldestroyheap(), plus some cleanups
destroy heap POC with test
destroy heap with hack POC
BUG=
==========
to
==========
Merge branch 'master' of https://chromium.googlesource.com/chromium/src into
destroy_heap
use heapdestroy() not rtldestroyheap(), plus some cleanups
destroy heap POC with test
destroy heap with hack POC
BUG=
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win10_chromium_x64_rel_ng
==========
liamjm (20p)
Description was changed from ========== Merge branch 'master' of https://chromium.googlesource.com/chromium/src into destroy_heap use heapdestroy() not ...
3 years, 9 months ago
(2017-03-01 00:10:49 UTC)
#2
Description was changed from
==========
Merge branch 'master' of https://chromium.googlesource.com/chromium/src into
destroy_heap
use heapdestroy() not rtldestroyheap(), plus some cleanups
destroy heap POC with test
destroy heap with hack POC
BUG=
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win10_chromium_x64_rel_ng
==========
to
==========
A heap is created by CSR client that is used to share memory between the client
and csrss.exe (the server). We destroy this heap to ensure all heaps are valid
(that any callers of GetProcessHeaps() receive valid heaps).
BUG=464430
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win10_chromium_x64_rel_ng
==========
Hi, Please have a look at this code, now with some tests of the heap ...
3 years, 9 months ago
(2017-03-22 18:48:21 UTC)
#4
Hi,
Please have a look at this code, now with some tests of the heap functions
Will Harris
https://codereview.chromium.org/2726733003/diff/100001/sandbox/win/src/heap_helper.cc File sandbox/win/src/heap_helper.cc (right): https://codereview.chromium.org/2726733003/diff/100001/sandbox/win/src/heap_helper.cc#newcode24 sandbox/win/src/heap_helper.cc:24: _HEAP* heap = reinterpret_cast<_HEAP*>(handle); is there any validation that ...
3 years, 9 months ago
(2017-03-22 19:21:49 UTC)
#5
this is looking good, but the tests still appear to be failing, can you take ...
3 years, 7 months ago
(2017-05-01 18:33:16 UTC)
#7
this is looking good, but the tests still appear to be failing, can you take
another look?
https://codereview.chromium.org/2726733003/diff/100001/sandbox/win/src/target...
File sandbox/win/src/target_services.cc (right):
https://codereview.chromium.org/2726733003/diff/100001/sandbox/win/src/target...
sandbox/win/src/target_services.cc:55: PVOID csr_port_heap =
sandbox::FindCsrPortHeap();
On 2017/04/14 17:27:20, liamjm (20p) wrote:
> On 2017/03/22 19:21:49, Will Harris wrote:
> > are we not already in sandbox namespace. hmm? strange
>
> Yeah...
> Just in an unnamed namespace at this point.
>
> We could move a couple of functions into the namespace, if desired.
yes it seems to make sense to move all these functions to the sandbox anonymous
namespace, and then remove the sandbox:: parts below
liamjm (20p)
On 2017/05/01 18:33:16, Will Harris wrote: > this is looking good, but the tests still ...
3 years, 7 months ago
(2017-05-03 17:50:15 UTC)
#8
On 2017/05/01 18:33:16, Will Harris wrote:
> this is looking good, but the tests still appear to be failing, can you take
> another look?
>
>
https://codereview.chromium.org/2726733003/diff/100001/sandbox/win/src/target...
> File sandbox/win/src/target_services.cc (right):
>
>
https://codereview.chromium.org/2726733003/diff/100001/sandbox/win/src/target...
> sandbox/win/src/target_services.cc:55: PVOID csr_port_heap =
> sandbox::FindCsrPortHeap();
> On 2017/04/14 17:27:20, liamjm (20p) wrote:
> > On 2017/03/22 19:21:49, Will Harris wrote:
> > > are we not already in sandbox namespace. hmm? strange
> >
> > Yeah...
> > Just in an unnamed namespace at this point.
> >
> > We could move a couple of functions into the namespace, if desired.
>
> yes it seems to make sense to move all these functions to the sandbox
anonymous
> namespace, and then remove the sandbox:: parts below
Blarg. Broke the compile. Fixed this and move the namespace inside sandbox in
target_services.cc.
Still need to ensure that tests pass on win version < 10. Please wait until this
before reviewing.
liamjm (20p)
On 2017/05/03 17:50:15, liamjm (20p) wrote: > On 2017/05/01 18:33:16, Will Harris wrote: > > ...
3 years, 7 months ago
(2017-05-03 19:33:11 UTC)
#9
On 2017/05/03 17:50:15, liamjm (20p) wrote:
> On 2017/05/01 18:33:16, Will Harris wrote:
> > this is looking good, but the tests still appear to be failing, can you take
> > another look?
> >
> >
>
https://codereview.chromium.org/2726733003/diff/100001/sandbox/win/src/target...
> > File sandbox/win/src/target_services.cc (right):
> >
> >
>
https://codereview.chromium.org/2726733003/diff/100001/sandbox/win/src/target...
> > sandbox/win/src/target_services.cc:55: PVOID csr_port_heap =
> > sandbox::FindCsrPortHeap();
> > On 2017/04/14 17:27:20, liamjm (20p) wrote:
> > > On 2017/03/22 19:21:49, Will Harris wrote:
> > > > are we not already in sandbox namespace. hmm? strange
> > >
> > > Yeah...
> > > Just in an unnamed namespace at this point.
> > >
> > > We could move a couple of functions into the namespace, if desired.
> >
> > yes it seems to make sense to move all these functions to the sandbox
> anonymous
> > namespace, and then remove the sandbox:: parts below
>
> Blarg. Broke the compile. Fixed this and move the namespace inside sandbox in
> target_services.cc.
>
> Still need to ensure that tests pass on win version < 10. Please wait until
this
> before reviewing.
Trybots passed across range of OSes.
PTAL, thanks.
liamjm (20p)
3 years, 7 months ago
(2017-05-03 19:33:19 UTC)
#10
Will Harris
Description was changed from ========== A heap is created by CSR client that is used ...
3 years, 7 months ago
(2017-05-03 19:35:30 UTC)
#11
Description was changed from
==========
A heap is created by CSR client that is used to share memory between the client
and csrss.exe (the server). We destroy this heap to ensure all heaps are valid
(that any callers of GetProcessHeaps() receive valid heaps).
BUG=464430
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win10_chromium_x64_rel_ng
==========
to
==========
CSRSS lockdown: destroy CSRSS heap
A heap is created by CSR client that is used to share memory between the client
and csrss.exe (the server). We destroy this heap to ensure all heaps are valid
(that any callers of GetProcessHeaps() receive valid heaps).
BUG=464430
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win10_chromium_x64_rel_ng
==========
Will Harris
lgtm
3 years, 7 months ago
(2017-05-03 19:36:27 UTC)
#12
lgtm
liamjm (20p)
The CQ bit was checked by liamjm@chromium.org
3 years, 7 months ago
(2017-05-03 19:37:38 UTC)
#13
CQ is committing da patch. Bot data: {"patchset_id": 240001, "attempt_start_ts": 1493843634293140, "parent_rev": "f51689179bfbf2a29e2870e5d5081b51fa49a6a1", "commit_rev": "6a8fe629a1676d9de015dbac090145119e2c62ef"}
3 years, 7 months ago
(2017-05-03 22:40:51 UTC)
#18
CQ is committing da patch.
Bot data: {"patchset_id": 240001, "attempt_start_ts": 1493843634293140,
"parent_rev": "f51689179bfbf2a29e2870e5d5081b51fa49a6a1", "commit_rev":
"6a8fe629a1676d9de015dbac090145119e2c62ef"}
commit-bot: I haz the power
Description was changed from ========== CSRSS lockdown: destroy CSRSS heap A heap is created by ...
3 years, 7 months ago
(2017-05-03 22:41:05 UTC)
#19
Message was sent while issue was closed.
Description was changed from
==========
CSRSS lockdown: destroy CSRSS heap
A heap is created by CSR client that is used to share memory between the client
and csrss.exe (the server). We destroy this heap to ensure all heaps are valid
(that any callers of GetProcessHeaps() receive valid heaps).
BUG=464430
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win10_chromium_x64_rel_ng
==========
to
==========
CSRSS lockdown: destroy CSRSS heap
A heap is created by CSR client that is used to share memory between the client
and csrss.exe (the server). We destroy this heap to ensure all heaps are valid
(that any callers of GetProcessHeaps() receive valid heaps).
BUG=464430
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win10_chromium_x64_rel_ng
Review-Url: https://codereview.chromium.org/2726733003
Cr-Commit-Position: refs/heads/master@{#469175}
Committed:
https://chromium.googlesource.com/chromium/src/+/6a8fe629a1676d9de015dbac0901...
==========
commit-bot: I haz the power
Committed patchset #13 (id:240001) as https://chromium.googlesource.com/chromium/src/+/6a8fe629a1676d9de015dbac090145119e2c62ef
3 years, 7 months ago
(2017-05-03 22:41:06 UTC)
#20
drive-by https://codereview.chromium.org/2726733003/diff/240001/sandbox/win/src/heap_helper.cc File sandbox/win/src/heap_helper.cc (right): https://codereview.chromium.org/2726733003/diff/240001/sandbox/win/src/heap_helper.cc#newcode51 sandbox/win/src/heap_helper.cc:51: LOG(ERROR) << "Unable to get flags for this ...
3 years, 7 months ago
(2017-05-03 23:26:05 UTC)
#22
3 years, 7 months ago
(2017-05-03 23:28:24 UTC)
#23
Message was sent while issue was closed.
On 2017/05/03 23:26:05, dcheng wrote:
> drive-by
>
>
https://codereview.chromium.org/2726733003/diff/240001/sandbox/win/src/heap_h...
> File sandbox/win/src/heap_helper.cc (right):
>
>
https://codereview.chromium.org/2726733003/diff/240001/sandbox/win/src/heap_h...
> sandbox/win/src/heap_helper.cc:51: LOG(ERROR) << "Unable to get flags for this
> heap";
> Is there a reason these are LOG(ERROR) instead of DLOG? It doesn't seem
> particularly actionable to end users and takes up binary space (logging
strings
> aren't dropped, even in official builds).
This is true, I wonder why presubmit didn't pick this up...
The reason why LOG(ERROR) is used is because sandbox/win uses this a lot. We
probably need a bug to just clean these all up.
Bret
I just pulled and this is causing all my tabs to be sad as soon ...
3 years, 7 months ago
(2017-05-06 00:00:13 UTC)
#24
Message was sent while issue was closed.
I just pulled and this is causing all my tabs to be sad as soon as they start
up. Replacing "return false" with "return true" in CsrssDisconnectCleanup makes
it stop.
Will Harris
On 2017/05/06 00:00:13, Bret Sepulveda wrote: > I just pulled and this is causing all ...
3 years, 7 months ago
(2017-05-06 02:29:30 UTC)
#25
Message was sent while issue was closed.
On 2017/05/06 00:00:13, Bret Sepulveda wrote:
> I just pulled and this is causing all my tabs to be sad as soon as they start
> up. Replacing "return false" with "return true" in CsrssDisconnectCleanup
makes
> it stop.
which is strange, because the code has been in since 60.0.3089.0. Are you
running with --enable-features=EnableCsrssLockdown?
Bret
On 2017/05/06 02:29:30, Will Harris wrote: > On 2017/05/06 00:00:13, Bret Sepulveda wrote: > > ...
3 years, 7 months ago
(2017-05-09 23:31:46 UTC)
#26
Message was sent while issue was closed.
On 2017/05/06 02:29:30, Will Harris wrote:
> On 2017/05/06 00:00:13, Bret Sepulveda wrote:
> > I just pulled and this is causing all my tabs to be sad as soon as they
start
> > up. Replacing "return false" with "return true" in CsrssDisconnectCleanup
> makes
> > it stop.
>
> which is strange, because the code has been in since 60.0.3089.0. Are you
> running with --enable-features=EnableCsrssLockdown?
I hadn't pulled in a while, and I wasn't running with any flags.
I pulled again and it's not happening now, but I noticed you didn't actually
change anything, so I'm very confused. At least it's not causing me trouble any
more.
Issue 2726733003: CSRSS lockdown: destroy CSRSS heap
(Closed)
Created 3 years, 9 months ago by liamjm (20p)
Modified 3 years, 7 months ago
Reviewers: penny, Will Harris, dcheng
Base URL:
Comments: 16
Chromium Code Reviews
Issue
2726733003:
CSRSS lockdown: destroy CSRSS heap (Closed)
