1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5  * You can obtain one at http://mozilla.org/MPL/2.0/. */
6 
7 // This file needs to be linked into libxul, so it can access the JS
8 // stack and the crash reporter.  Everything else in this directory
9 // should be able to be linked into its own shared library, in order
10 // to be able to isolate sandbox/chromium from ipc/chromium.
11 
12 #include "SandboxInternal.h"
13 #include "SandboxLogging.h"
14 
15 #include <unistd.h>
16 #include <sys/syscall.h>
17 
18 #include "mozilla/StackWalk.h"
19 #include "mozilla/Unused.h"
20 #include "mozilla/dom/Exceptions.h"
21 #include "nsContentUtils.h"
22 #include "nsExceptionHandler.h"
23 #include "nsIException.h"  // for nsIStackFrame
24 #include "nsString.h"
25 #include "nsThreadUtils.h"
26 
27 namespace mozilla {
28 
29 // Log JS stack info in the same place as the sandbox violation
30 // message.  Useful in case the responsible code is JS and all we have
31 // are logs and a minidump with the C++ stacks (e.g., on TBPL).
SandboxLogJSStack(void)32 static void SandboxLogJSStack(void) {
33   if (!NS_IsMainThread()) {
34     // This might be a worker thread... or it might be a non-JS
35     // thread, or a non-NSPR thread.  There's isn't a good API for
36     // dealing with this, yet.
37     return;
38   }
39   if (!nsContentUtils::XPConnect()) {
40     // There is no content (e.g., the process is a media plugin), in
41     // which case this will probably crash and definitely not work.
42     return;
43   }
44   nsCOMPtr<nsIStackFrame> frame = dom::GetCurrentJSStack();
45   // If we got a stack, we must have a current JSContext.  This is icky.  :(
46   // Would be better if GetCurrentJSStack() handed out the JSContext it ended up
47   // using or something.
48   JSContext *cx = frame ? nsContentUtils::GetCurrentJSContext() : nullptr;
49   for (int i = 0; frame != nullptr; ++i) {
50     nsAutoString fileName, funName;
51     int32_t lineNumber;
52 
53     // Don't stop unwinding if an attribute can't be read.
54     fileName.SetIsVoid(true);
55     frame->GetFilename(cx, fileName);
56     lineNumber = frame->GetLineNumber(cx);
57     funName.SetIsVoid(true);
58     frame->GetName(cx, funName);
59 
60     if (!funName.IsVoid() || !fileName.IsVoid()) {
61       SANDBOX_LOG_ERROR("JS frame %d: %s %s line %d", i,
62                         funName.IsVoid() ? "(anonymous)"
63                                          : NS_ConvertUTF16toUTF8(funName).get(),
64                         fileName.IsVoid()
65                             ? "(no file)"
66                             : NS_ConvertUTF16toUTF8(fileName).get(),
67                         lineNumber);
68     }
69 
70     frame = frame->GetCaller(cx);
71   }
72 }
73 
SandboxPrintStackFrame(uint32_t aFrameNumber,void * aPC,void * aSP,void * aClosure)74 static void SandboxPrintStackFrame(uint32_t aFrameNumber, void *aPC, void *aSP,
75                                    void *aClosure) {
76   char buf[1024];
77   MozCodeAddressDetails details;
78 
79   MozDescribeCodeAddress(aPC, &details);
80   MozFormatCodeAddressDetails(buf, sizeof(buf), aFrameNumber, aPC, &details);
81   SANDBOX_LOG_ERROR("frame %s", buf);
82 }
83 
SandboxLogCStack()84 static void SandboxLogCStack() {
85   // Skip 3 frames: one for this module, one for the signal handler in
86   // libmozsandbox, and one for the signal trampoline.
87   //
88   // Warning: this might not print any stack frames.  MozStackWalk
89   // can't walk past the signal trampoline on ARM (bug 968531), and
90   // x86 frame pointer walking may or may not work (bug 1082276).
91 
92   MozStackWalk(SandboxPrintStackFrame, /* skip */ 3, /* max */ 0, nullptr);
93   SANDBOX_LOG_ERROR("end of stack.");
94 }
95 
SandboxCrash(int nr,siginfo_t * info,void * void_context)96 static void SandboxCrash(int nr, siginfo_t *info, void *void_context) {
97   pid_t pid = getpid(), tid = syscall(__NR_gettid);
98   bool dumped = CrashReporter::WriteMinidumpForSigInfo(nr, info, void_context);
99 
100   if (!dumped) {
101     SANDBOX_LOG_ERROR(
102         "crash reporter is disabled (or failed);"
103         " trying stack trace:");
104     SandboxLogCStack();
105   }
106 
107   // Do this last, in case it crashes or deadlocks.
108   SandboxLogJSStack();
109 
110   // Try to reraise, so the parent sees that this process crashed.
111   // (If tgkill is forbidden, then seccomp will raise SIGSYS, which
112   // also accomplishes that goal.)
113   signal(SIGSYS, SIG_DFL);
114   syscall(__NR_tgkill, pid, tid, nr);
115 }
116 
SandboxSetCrashFunc()117 static void __attribute__((constructor)) SandboxSetCrashFunc() {
118   gSandboxCrashFunc = SandboxCrash;
119 }
120 
121 }  // namespace mozilla
122