1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 // This file needs to be linked into libxul, so it can access the JS
8 // stack and the crash reporter. Everything else in this directory
9 // should be able to be linked into its own shared library, in order
10 // to be able to isolate sandbox/chromium from ipc/chromium.
11
12 #include "SandboxInternal.h"
13 #include "SandboxLogging.h"
14
15 #include <unistd.h>
16 #include <sys/syscall.h>
17
18 #include "mozilla/StackWalk.h"
19 #include "mozilla/Unused.h"
20 #include "mozilla/dom/Exceptions.h"
21 #include "nsContentUtils.h"
22 #include "nsExceptionHandler.h"
23 #include "nsIException.h" // for nsIStackFrame
24 #include "nsString.h"
25 #include "nsThreadUtils.h"
26
27 namespace mozilla {
28
29 // Log JS stack info in the same place as the sandbox violation
30 // message. Useful in case the responsible code is JS and all we have
31 // are logs and a minidump with the C++ stacks (e.g., on TBPL).
SandboxLogJSStack(void)32 static void SandboxLogJSStack(void) {
33 if (!NS_IsMainThread()) {
34 // This might be a worker thread... or it might be a non-JS
35 // thread, or a non-NSPR thread. There's isn't a good API for
36 // dealing with this, yet.
37 return;
38 }
39 if (!nsContentUtils::XPConnect()) {
40 // There is no content (e.g., the process is a media plugin), in
41 // which case this will probably crash and definitely not work.
42 return;
43 }
44 nsCOMPtr<nsIStackFrame> frame = dom::GetCurrentJSStack();
45 // If we got a stack, we must have a current JSContext. This is icky. :(
46 // Would be better if GetCurrentJSStack() handed out the JSContext it ended up
47 // using or something.
48 JSContext *cx = frame ? nsContentUtils::GetCurrentJSContext() : nullptr;
49 for (int i = 0; frame != nullptr; ++i) {
50 nsAutoString fileName, funName;
51 int32_t lineNumber;
52
53 // Don't stop unwinding if an attribute can't be read.
54 fileName.SetIsVoid(true);
55 frame->GetFilename(cx, fileName);
56 lineNumber = frame->GetLineNumber(cx);
57 funName.SetIsVoid(true);
58 frame->GetName(cx, funName);
59
60 if (!funName.IsVoid() || !fileName.IsVoid()) {
61 SANDBOX_LOG_ERROR("JS frame %d: %s %s line %d", i,
62 funName.IsVoid() ? "(anonymous)"
63 : NS_ConvertUTF16toUTF8(funName).get(),
64 fileName.IsVoid()
65 ? "(no file)"
66 : NS_ConvertUTF16toUTF8(fileName).get(),
67 lineNumber);
68 }
69
70 frame = frame->GetCaller(cx);
71 }
72 }
73
SandboxPrintStackFrame(uint32_t aFrameNumber,void * aPC,void * aSP,void * aClosure)74 static void SandboxPrintStackFrame(uint32_t aFrameNumber, void *aPC, void *aSP,
75 void *aClosure) {
76 char buf[1024];
77 MozCodeAddressDetails details;
78
79 MozDescribeCodeAddress(aPC, &details);
80 MozFormatCodeAddressDetails(buf, sizeof(buf), aFrameNumber, aPC, &details);
81 SANDBOX_LOG_ERROR("frame %s", buf);
82 }
83
SandboxLogCStack()84 static void SandboxLogCStack() {
85 // Skip 3 frames: one for this module, one for the signal handler in
86 // libmozsandbox, and one for the signal trampoline.
87 //
88 // Warning: this might not print any stack frames. MozStackWalk
89 // can't walk past the signal trampoline on ARM (bug 968531), and
90 // x86 frame pointer walking may or may not work (bug 1082276).
91
92 MozStackWalk(SandboxPrintStackFrame, /* skip */ 3, /* max */ 0, nullptr);
93 SANDBOX_LOG_ERROR("end of stack.");
94 }
95
SandboxCrash(int nr,siginfo_t * info,void * void_context)96 static void SandboxCrash(int nr, siginfo_t *info, void *void_context) {
97 pid_t pid = getpid(), tid = syscall(__NR_gettid);
98 bool dumped = CrashReporter::WriteMinidumpForSigInfo(nr, info, void_context);
99
100 if (!dumped) {
101 SANDBOX_LOG_ERROR(
102 "crash reporter is disabled (or failed);"
103 " trying stack trace:");
104 SandboxLogCStack();
105 }
106
107 // Do this last, in case it crashes or deadlocks.
108 SandboxLogJSStack();
109
110 // Try to reraise, so the parent sees that this process crashed.
111 // (If tgkill is forbidden, then seccomp will raise SIGSYS, which
112 // also accomplishes that goal.)
113 signal(SIGSYS, SIG_DFL);
114 syscall(__NR_tgkill, pid, tid, nr);
115 }
116
SandboxSetCrashFunc()117 static void __attribute__((constructor)) SandboxSetCrashFunc() {
118 gSandboxCrashFunc = SandboxCrash;
119 }
120
121 } // namespace mozilla
122