mirrors/gecko-dev
1
0
Fork 1
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-11-08 04:09:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
gecko-dev/ipc/glue/GeckoChildProcessHost.h
Gabriele Svelto a7c337103a Bug 1697895 - Register the WER runtime exception module in child processes r=KrisWright 
This patch sets up a few different things that will be used by the WER runtime
exception module when it needs to notify the main process of a child process
crash.

For every child process we allocate a structure in the main process called
WindowsErrorReportingData that contains three things:
- The address of the function used to notify the main process that there's a
  pending minidump for a given child process
- The PID of said child process
- The name of the minidump that has been generated

The first field is filled up by the main process and will be read by the WER
process when running the runtime exception module, the second and third fields
on the other hand start empty and will be written into by the runtime exception
module after it has generated a minidump.

I know this sounds scary. It is. But bear with me please.

When we register the runtime exception module we can pass it a single
pointer-sized parameter but we need to pass it at least another pointer that
includes data coming from the child process itself (this one is called
InProcessWindowsErrorReportingData). This data currently includes only the
process type but will also include certain annotations in the future
(e.g. bug 1711418). So here's what we do: we store a pointer to the parent
data structure in the child process command-line (cringe) and we read it
from the runtime exception module by reading the crashed process command-line
arguments and parsing them (double-cringe).

Armed with this information the WER runtime exception module can populate
the info for the generated minidump and then push it into the main process
by calling CreateRemoteThread() (which creates a new thread in the main
process, triple-cringe at this point).

Differential Revision: https://phabricator.services.mozilla.com/D115379
2021-06-11 09:59:49 +00:00

300 lines
10 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef __IPC_GLUE_GECKOCHILDPROCESSHOST_H__
#define __IPC_GLUE_GECKOCHILDPROCESSHOST_H__
#include "base/file_path.h"
#include "base/process_util.h"
#include "base/waitable_event.h"
#include "chrome/common/child_process_host.h"
#include "chrome/common/ipc_message.h"
#include "mozilla/ipc/FileDescriptor.h"
#include "mozilla/Atomics.h"
#include "mozilla/Buffer.h"
#include "mozilla/LinkedList.h"
#include "mozilla/Monitor.h"
#include "mozilla/MozPromise.h"
#include "mozilla/StaticMutex.h"
#include "mozilla/StaticPtr.h"
#include "mozilla/UniquePtr.h"
#include "nsCOMPtr.h"
#include "nsExceptionHandler.h"
#include "nsXULAppAPI.h" // for GeckoProcessType
#include "nsString.h"
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
# include "sandboxBroker.h"
#endif
#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
# include "mozilla/Sandbox.h"
#endif
struct _MacSandboxInfo;
typedef _MacSandboxInfo MacSandboxInfo;
namespace mozilla {
namespace ipc {
struct LaunchError {};
typedef mozilla::MozPromise<base::ProcessHandle, LaunchError, false>
ProcessHandlePromise;
struct LaunchResults {
base::ProcessHandle mHandle = 0;
#ifdef XP_MACOSX
task_t mChildTask = MACH_PORT_NULL;
#endif
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
RefPtr<AbstractSandboxBroker> mSandboxBroker;
#endif
};
typedef mozilla::MozPromise<LaunchResults, LaunchError, false>
ProcessLaunchPromise;
class GeckoChildProcessHost : public ChildProcessHost,
public LinkedListElement<GeckoChildProcessHost> {
protected:
typedef mozilla::Monitor Monitor;
typedef std::vector<std::string> StringVector;
public:
typedef base::ProcessHandle ProcessHandle;
explicit GeckoChildProcessHost(GeckoProcessType aProcessType,
bool aIsFileContent = false);
// Causes the object to be deleted, on the I/O thread, after any
// pending asynchronous work (like launching) is complete. This
// method can be called from any thread. If called from the I/O
// thread itself, deletion won't happen until the event loop spins;
// otherwise, it could happen immediately.
//
// GeckoChildProcessHost instances must not be deleted except
// through this method.
void Destroy();
static uint32_t GetUniqueID();
// Does not block. The IPC channel may not be initialized yet, and
// the child process may or may not have been created when this
// method returns.
bool AsyncLaunch(StringVector aExtraOpts = StringVector());
virtual bool WaitUntilConnected(int32_t aTimeoutMs = 0);
// Block until the IPC channel for our subprocess is initialized and
// the OS process is created. The subprocess may or may not have
// connected back to us when this method returns.
//
// NB: on POSIX, this method is relatively cheap, and doesn't
// require disk IO. On win32 however, it requires at least the
// analogue of stat(). This difference induces a semantic
// difference in this method: on POSIX, when we return, we know the
// subprocess has been created, but we don't know whether its
// executable image can be loaded. On win32, we do know that when
// we return. But we don't know if dynamic linking succeeded on
// either platform.
bool LaunchAndWaitForProcessHandle(StringVector aExtraOpts = StringVector());
bool WaitForProcessHandle();
// Block until the child process has been created and it connects to
// the IPC channel, meaning it's fully initialized. (Or until an
// error occurs.)
bool SyncLaunch(StringVector aExtraOpts = StringVector(),
int32_t timeoutMs = 0);
virtual void OnChannelConnected(int32_t peer_pid) override;
virtual void OnMessageReceived(IPC::Message&& aMsg) override;
virtual void OnChannelError() override;
virtual void GetQueuedMessages(std::queue<IPC::Message>& queue) override;
// Resolves to the process handle when it's available (see
// LaunchAndWaitForProcessHandle); use with AsyncLaunch.
RefPtr<ProcessHandlePromise> WhenProcessHandleReady();
virtual void InitializeChannel();
virtual bool CanShutdown() override { return true; }
using ChildProcessHost::TakeChannel;
IPC::Channel* GetChannel() { return channelp(); }
ChannelId GetChannelId() { return channel_id(); }
// Returns a "borrowed" handle to the child process - the handle returned
// by this function must not be closed by the caller.
ProcessHandle GetChildProcessHandle() { return mChildProcessHandle; }
GeckoProcessType GetProcessType() { return mProcessType; }
#ifdef XP_MACOSX
task_t GetChildTask() { return mChildTask; }
#endif
#ifdef XP_WIN
static void CacheNtDllThunk();
void AddHandleToShare(HANDLE aHandle) {
mLaunchOptions->handles_to_inherit.push_back(aHandle);
}
#else
void AddFdToRemap(int aSrcFd, int aDstFd) {
mLaunchOptions->fds_to_remap.push_back(std::make_pair(aSrcFd, aDstFd));
}
#endif
/**
* Must run on the IO thread. Cause the OS process to exit and
* ensure its OS resources are cleaned up.
*/
void Join();
// For bug 943174: Skip the EnsureProcessTerminated call in the destructor.
void SetAlreadyDead();
#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
// Start the sandbox from the child process.
static bool StartMacSandbox(int aArgc, char** aArgv,
std::string& aErrorMessage);
// The sandbox type that will be use when sandboxing is
// enabled in the derived class and FillMacSandboxInfo
// has not been overridden.
static MacSandboxType GetDefaultMacSandboxType() {
return MacSandboxType_Utility;
};
// Must be called before the process is launched. Determines if
// child processes will be launched with OS_ACTIVITY_MODE set to
// "disabled" or not. When |mDisableOSActivityMode| is set to true,
// child processes will be launched with OS_ACTIVITY_MODE
// disabled to avoid connection attempts to diagnosticd(8) which are
// blocked in child processes due to sandboxing.
void DisableOSActivityMode();
#endif
typedef std::function<void(GeckoChildProcessHost*)> GeckoProcessCallback;
// Iterates over all instances and calls aCallback with each one of them.
// This method will lock any addition/removal of new processes
// so you need to make sure the callback is as fast as possible.
//
// To reiterate: the callbacks are executed synchronously.
static void GetAll(const GeckoProcessCallback& aCallback);
friend class BaseProcessLauncher;
friend class PosixProcessLauncher;
friend class WindowsProcessLauncher;
protected:
~GeckoChildProcessHost();
GeckoProcessType mProcessType;
bool mIsFileContent;
Monitor mMonitor;
FilePath mProcessPath;
// GeckoChildProcessHost holds the launch options so they can be set
// up on the main thread using main-thread-only APIs like prefs, and
// then used for the actual launch on another thread. This pointer
// is set to null to free the options after the child is launched.
UniquePtr<base::LaunchOptions> mLaunchOptions;
// This value must be accessed while holding mMonitor.
enum {
// This object has been constructed, but the OS process has not
// yet.
CREATING_CHANNEL = 0,
// The IPC channel for our subprocess has been created, but the OS
// process has still not been created.
CHANNEL_INITIALIZED,
// The OS process has been created, but it hasn't yet connected to
// our IPC channel.
PROCESS_CREATED,
// The process is launched and connected to our IPC channel. All
// is well.
PROCESS_CONNECTED,
PROCESS_ERROR
} mProcessState;
void PrepareLaunch();
#ifdef XP_WIN
void InitWindowsGroupID();
nsString mGroupId;
CrashReporter::WindowsErrorReportingData mWerData;
# ifdef MOZ_SANDBOX
RefPtr<AbstractSandboxBroker> mSandboxBroker;
std::vector<std::wstring> mAllowedFilesRead;
bool mEnableSandboxLogging;
int32_t mSandboxLevel;
# endif
#endif // XP_WIN
ProcessHandle mChildProcessHandle;
#if defined(OS_MACOSX)
task_t mChildTask;
#endif
RefPtr<ProcessHandlePromise> mHandlePromise;
#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
bool mDisableOSActivityMode;
#endif
bool OpenPrivilegedHandle(base::ProcessId aPid);
#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
// Override this method to return true to launch the child process
// using the Mac utility (by default) sandbox. Override
// FillMacSandboxInfo() to change the sandbox type and settings.
virtual bool IsMacSandboxLaunchEnabled() { return false; }
// Fill a MacSandboxInfo to configure the sandbox
virtual bool FillMacSandboxInfo(MacSandboxInfo& aInfo);
// Adds the command line arguments needed to enable
// sandboxing of the child process at startup before
// the child event loop is up.
virtual bool AppendMacSandboxParams(StringVector& aArgs);
#endif
private:
DISALLOW_EVIL_CONSTRUCTORS(GeckoChildProcessHost);
// Removes the instance from sGeckoChildProcessHosts
void RemoveFromProcessList();
// In between launching the subprocess and handing off its IPC
// channel, there's a small window of time in which *we* might still
// be the channel listener, and receive messages. That's bad
// because we have no idea what to do with those messages. So queue
// them here until we hand off the eventual listener.
//
// FIXME/cjones: this strongly indicates bad design. Shame on us.
std::queue<IPC::Message> mQueue;
// Linux-Only. Set this up before we're called from a different thread.
nsCString mTmpDirName;
// Mac and Windows. Set this up before we're called from a different thread.
nsCOMPtr<nsIFile> mProfileDir;
mozilla::Atomic<bool> mDestroying;
static uint32_t sNextUniqueID;
static StaticAutoPtr<LinkedList<GeckoChildProcessHost>>
sGeckoChildProcessHosts;
#ifdef XP_WIN
static StaticAutoPtr<Buffer<IMAGE_THUNK_DATA>> sCachedNtDllThunk;
#endif
static StaticMutex sMutex;
};
nsCOMPtr<nsIEventTarget> GetIPCLauncher();
} /* namespace ipc */
} /* namespace mozilla */
#endif /* __IPC_GLUE_GECKOCHILDPROCESSHOST_H__ */
Reference in a new issue View git blame Copy permalink