summaryrefslogtreecommitdiffstats
path: root/security/sandbox/linux/glue
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /security/sandbox/linux/glue
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloadUXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/sandbox/linux/glue')
-rw-r--r--security/sandbox/linux/glue/SandboxCrash.cpp137
-rw-r--r--security/sandbox/linux/glue/moz.build29
2 files changed, 166 insertions, 0 deletions
diff --git a/security/sandbox/linux/glue/SandboxCrash.cpp b/security/sandbox/linux/glue/SandboxCrash.cpp
new file mode 100644
index 000000000..87a75e845
--- /dev/null
+++ b/security/sandbox/linux/glue/SandboxCrash.cpp
@@ -0,0 +1,137 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This file needs to be linked into libxul, so it can access the JS
+// stack and the crash reporter. Everything else in this directory
+// should be able to be linked into its own shared library, in order
+// to be able to isolate sandbox/chromium from ipc/chromium.
+
+#include "SandboxInternal.h"
+#include "SandboxLogging.h"
+
+#include <unistd.h>
+#include <sys/syscall.h>
+
+#include "mozilla/Unused.h"
+#include "mozilla/dom/Exceptions.h"
+#include "nsContentUtils.h"
+#ifdef MOZ_CRASHREPORTER
+#include "nsExceptionHandler.h"
+#endif
+#include "mozilla/StackWalk.h"
+#include "nsString.h"
+#include "nsThreadUtils.h"
+
+namespace mozilla {
+
+// Log JS stack info in the same place as the sandbox violation
+// message. Useful in case the responsible code is JS and all we have
+// are logs and a minidump with the C++ stacks (e.g., on TBPL).
+static void
+SandboxLogJSStack(void)
+{
+ if (!NS_IsMainThread()) {
+ // This might be a worker thread... or it might be a non-JS
+ // thread, or a non-NSPR thread. There's isn't a good API for
+ // dealing with this, yet.
+ return;
+ }
+ if (!nsContentUtils::XPConnect()) {
+ // There is no content (e.g., the process is a media plugin), in
+ // which case this will probably crash and definitely not work.
+ return;
+ }
+ nsCOMPtr<nsIStackFrame> frame = dom::GetCurrentJSStack();
+ // If we got a stack, we must have a current JSContext. This is icky. :(
+ // Would be better if GetCurrentJSStack() handed out the JSContext it ended up
+ // using or something.
+ JSContext* cx = frame ? nsContentUtils::GetCurrentJSContext() : nullptr;
+ for (int i = 0; frame != nullptr; ++i) {
+ nsAutoString fileName, funName;
+ int32_t lineNumber;
+
+ // Don't stop unwinding if an attribute can't be read.
+ fileName.SetIsVoid(true);
+ Unused << frame->GetFilename(cx, fileName);
+ lineNumber = 0;
+ Unused << frame->GetLineNumber(cx, &lineNumber);
+ funName.SetIsVoid(true);
+ Unused << frame->GetName(cx, funName);
+
+ if (!funName.IsVoid() || !fileName.IsVoid()) {
+ SANDBOX_LOG_ERROR("JS frame %d: %s %s line %d", i,
+ funName.IsVoid() ?
+ "(anonymous)" : NS_ConvertUTF16toUTF8(funName).get(),
+ fileName.IsVoid() ?
+ "(no file)" : NS_ConvertUTF16toUTF8(fileName).get(),
+ lineNumber);
+ }
+
+ nsCOMPtr<nsIStackFrame> nextFrame;
+ nsresult rv = frame->GetCaller(cx, getter_AddRefs(nextFrame));
+ NS_ENSURE_SUCCESS_VOID(rv);
+ frame = nextFrame;
+ }
+}
+
+static void SandboxPrintStackFrame(uint32_t aFrameNumber, void *aPC, void *aSP,
+ void *aClosure)
+{
+ char buf[1024];
+ MozCodeAddressDetails details;
+
+ MozDescribeCodeAddress(aPC, &details);
+ MozFormatCodeAddressDetails(buf, sizeof(buf), aFrameNumber, aPC, &details);
+ SANDBOX_LOG_ERROR("frame %s", buf);
+}
+
+static void
+SandboxLogCStack()
+{
+ // Skip 3 frames: one for this module, one for the signal handler in
+ // libmozsandbox, and one for the signal trampoline.
+ //
+ // Warning: this might not print any stack frames. MozStackWalk
+ // can't walk past the signal trampoline on ARM (bug 968531), and
+ // x86 frame pointer walking may or may not work (bug 1082276).
+
+ MozStackWalk(SandboxPrintStackFrame, /* skip */ 3, /* max */ 0,
+ nullptr, 0, nullptr);
+ SANDBOX_LOG_ERROR("end of stack.");
+}
+
+static void
+SandboxCrash(int nr, siginfo_t *info, void *void_context)
+{
+ pid_t pid = getpid(), tid = syscall(__NR_gettid);
+ bool dumped = false;
+
+#ifdef MOZ_CRASHREPORTER
+ dumped = CrashReporter::WriteMinidumpForSigInfo(nr, info, void_context);
+#endif
+ if (!dumped) {
+ SANDBOX_LOG_ERROR("crash reporter is disabled (or failed);"
+ " trying stack trace:");
+ SandboxLogCStack();
+ }
+
+ // Do this last, in case it crashes or deadlocks.
+ SandboxLogJSStack();
+
+ // Try to reraise, so the parent sees that this process crashed.
+ // (If tgkill is forbidden, then seccomp will raise SIGSYS, which
+ // also accomplishes that goal.)
+ signal(SIGSYS, SIG_DFL);
+ syscall(__NR_tgkill, pid, tid, nr);
+}
+
+static void __attribute__((constructor))
+SandboxSetCrashFunc()
+{
+ gSandboxCrashFunc = SandboxCrash;
+}
+
+} // namespace mozilla
diff --git a/security/sandbox/linux/glue/moz.build b/security/sandbox/linux/glue/moz.build
new file mode 100644
index 000000000..0d40dcd63
--- /dev/null
+++ b/security/sandbox/linux/glue/moz.build
@@ -0,0 +1,29 @@
+# -*- Mode: python; python-indent: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SOURCES += [
+ '../../chromium/base/strings/safe_sprintf.cc',
+ '../SandboxLogging.cpp',
+ 'SandboxCrash.cpp',
+]
+
+# Avoid Chromium logging dependency, because this is going into
+# libxul. See also the comment in SandboxLogging.h.
+SOURCES['../../chromium/base/strings/safe_sprintf.cc'].flags += ['-DNDEBUG']
+
+LOCAL_INCLUDES += [
+ '/security/sandbox/chromium',
+ '/security/sandbox/linux',
+]
+
+USE_LIBS += [
+ 'mozsandbox',
+]
+
+FINAL_LIBRARY = 'xul'
+
+if CONFIG['GNU_CXX']:
+ CXXFLAGS += ['-Wno-error=shadow']