| // Copyright 2014 The Crashpad Authors |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| #include "client/simulate_crash.h" |
| |
| #include <mach/mach.h> |
| #include <string.h> |
| #include <sys/types.h> |
| |
| #include <iterator> |
| |
| #include "base/strings/stringprintf.h" |
| #include "build/build_config.h" |
| #include "gtest/gtest.h" |
| #include "test/mac/mach_errors.h" |
| #include "test/mac/mach_multiprocess.h" |
| #include "util/mach/exc_server_variants.h" |
| #include "util/mach/exception_behaviors.h" |
| #include "util/mach/exception_ports.h" |
| #include "util/mach/mach_extensions.h" |
| #include "util/mach/mach_message.h" |
| #include "util/mach/mach_message_server.h" |
| #include "util/mach/symbolic_constants_mach.h" |
| #include "util/misc/implicit_cast.h" |
| |
| namespace crashpad { |
| namespace test { |
| namespace { |
| |
| class TestSimulateCrashMac final : public MachMultiprocess, |
| public UniversalMachExcServer::Interface { |
| public: |
| // Defines which targets the child should set an EXC_CRASH exception handler |
| // for. |
| enum ExceptionPortsTarget { |
| // The child should clear its EXC_CRASH handler for both its task and thread |
| // targets. SimulateCrash() will attempt to deliver the exception to the |
| // host target, which will fail if not running as root. In any case, the |
| // parent should not expect to receive any exception message from the child. |
| kExceptionPortsTargetNone = 0, |
| |
| // The child will set an EXC_CRASH handler for its task target, and clear it |
| // for its thread target. The parent runs an exception server to receive |
| // the child’s simulated crash message. |
| kExceptionPortsTargetTask, |
| |
| // The child will set an EXC_CRASH handler for its thread target, and clear |
| // it for its task target. The parent runs an exception server to receive |
| // the child’s simulated crash message. |
| kExceptionPortsTargetThread, |
| |
| // The child sets an EXC_CRASH handler for both its task and thread targets. |
| // The parent runs an exception server to receive the message expected to be |
| // delivered to the thread target, but returns an error code. The child will |
| // then fall back to trying the server registered for the task target, |
| // sending a second message to the parent. The server in the parent will |
| // handle this one successfully. |
| kExceptionPortsTargetBoth, |
| }; |
| |
| TestSimulateCrashMac(ExceptionPortsTarget target, |
| exception_behavior_t behavior, |
| thread_state_flavor_t flavor) |
| : MachMultiprocess(), |
| UniversalMachExcServer::Interface(), |
| target_(target), |
| behavior_(behavior), |
| flavor_(flavor), |
| succeed_(true) { |
| } |
| |
| TestSimulateCrashMac(const TestSimulateCrashMac&) = delete; |
| TestSimulateCrashMac& operator=(const TestSimulateCrashMac&) = delete; |
| |
| ~TestSimulateCrashMac() {} |
| |
| // UniversalMachExcServer::Interface: |
| kern_return_t CatchMachException(exception_behavior_t behavior, |
| exception_handler_t exception_port, |
| thread_t thread, |
| task_t task, |
| exception_type_t exception, |
| const mach_exception_data_type_t* code, |
| mach_msg_type_number_t code_count, |
| thread_state_flavor_t* flavor, |
| ConstThreadState old_state, |
| mach_msg_type_number_t old_state_count, |
| thread_state_t new_state, |
| mach_msg_type_number_t* new_state_count, |
| const mach_msg_trailer_t* trailer, |
| bool* destroy_complex_request) override { |
| *destroy_complex_request = true; |
| |
| // Check the entire exception message, because most or all of it was |
| // generated by SimulateCrash() instead of the kernel. |
| |
| EXPECT_EQ(behavior, behavior_); |
| EXPECT_EQ(exception_port, LocalPort()); |
| if (ExceptionBehaviorHasIdentity(behavior)) { |
| EXPECT_NE(thread, THREAD_NULL); |
| EXPECT_EQ(task, ChildTask()); |
| } else { |
| EXPECT_EQ(thread, THREAD_NULL); |
| EXPECT_EQ(task, TASK_NULL); |
| } |
| EXPECT_EQ(exception, kMachExceptionSimulated); |
| EXPECT_EQ(code_count, 2u); |
| if (code_count >= 1) { |
| EXPECT_EQ(code[0], 0); |
| } |
| if (code_count >= 2) { |
| EXPECT_EQ(code[1], 0); |
| } |
| if (!ExceptionBehaviorHasState(behavior)) { |
| EXPECT_EQ(*flavor, THREAD_STATE_NONE); |
| } else { |
| EXPECT_EQ(*flavor, flavor_); |
| switch (*flavor) { |
| #if defined(ARCH_CPU_X86_FAMILY) |
| case x86_THREAD_STATE: { |
| EXPECT_EQ(old_state_count, x86_THREAD_STATE_COUNT); |
| const x86_thread_state* state = |
| reinterpret_cast<const x86_thread_state*>(old_state); |
| switch (state->tsh.flavor) { |
| case x86_THREAD_STATE32: |
| EXPECT_EQ(implicit_cast<uint32_t>(state->tsh.count), |
| implicit_cast<uint32_t>(x86_THREAD_STATE32_COUNT)); |
| break; |
| case x86_THREAD_STATE64: |
| EXPECT_EQ(implicit_cast<uint32_t>(state->tsh.count), |
| implicit_cast<uint32_t>(x86_THREAD_STATE64_COUNT)); |
| break; |
| default: |
| ADD_FAILURE() << "unexpected tsh.flavor " << state->tsh.flavor; |
| break; |
| } |
| break; |
| } |
| case x86_FLOAT_STATE: { |
| EXPECT_EQ(old_state_count, x86_FLOAT_STATE_COUNT); |
| const x86_float_state* state = |
| reinterpret_cast<const x86_float_state*>(old_state); |
| switch (state->fsh.flavor) { |
| case x86_FLOAT_STATE32: |
| EXPECT_EQ(implicit_cast<uint32_t>(state->fsh.count), |
| implicit_cast<uint32_t>(x86_FLOAT_STATE32_COUNT)); |
| break; |
| case x86_FLOAT_STATE64: |
| EXPECT_EQ(implicit_cast<uint32_t>(state->fsh.count), |
| implicit_cast<uint32_t>(x86_FLOAT_STATE64_COUNT)); |
| break; |
| default: |
| ADD_FAILURE() << "unexpected fsh.flavor " << state->fsh.flavor; |
| break; |
| } |
| break; |
| } |
| case x86_DEBUG_STATE: { |
| EXPECT_EQ(old_state_count, x86_DEBUG_STATE_COUNT); |
| const x86_debug_state* state = |
| reinterpret_cast<const x86_debug_state*>(old_state); |
| switch (state->dsh.flavor) { |
| case x86_DEBUG_STATE32: |
| EXPECT_EQ(implicit_cast<uint32_t>(state->dsh.count), |
| implicit_cast<uint32_t>(x86_DEBUG_STATE32_COUNT)); |
| break; |
| case x86_DEBUG_STATE64: |
| EXPECT_EQ(implicit_cast<uint32_t>(state->dsh.count), |
| implicit_cast<uint32_t>(x86_DEBUG_STATE64_COUNT)); |
| break; |
| default: |
| ADD_FAILURE() << "unexpected dsh.flavor " << state->dsh.flavor; |
| break; |
| } |
| break; |
| } |
| case x86_THREAD_STATE32: |
| EXPECT_EQ(old_state_count, x86_THREAD_STATE32_COUNT); |
| break; |
| case x86_FLOAT_STATE32: |
| EXPECT_EQ(old_state_count, x86_FLOAT_STATE32_COUNT); |
| break; |
| case x86_DEBUG_STATE32: |
| EXPECT_EQ(old_state_count, x86_DEBUG_STATE32_COUNT); |
| break; |
| case x86_THREAD_STATE64: |
| EXPECT_EQ(old_state_count, x86_THREAD_STATE64_COUNT); |
| break; |
| case x86_FLOAT_STATE64: |
| EXPECT_EQ(old_state_count, x86_FLOAT_STATE64_COUNT); |
| break; |
| case x86_DEBUG_STATE64: |
| EXPECT_EQ(old_state_count, x86_DEBUG_STATE64_COUNT); |
| break; |
| #elif defined(ARCH_CPU_ARM64) |
| case ARM_UNIFIED_THREAD_STATE: { |
| EXPECT_EQ(old_state_count, ARM_UNIFIED_THREAD_STATE_COUNT); |
| const arm_unified_thread_state* state = |
| reinterpret_cast<const arm_unified_thread_state*>(old_state); |
| EXPECT_EQ(state->ash.flavor, |
| implicit_cast<uint32_t>(ARM_THREAD_STATE64)); |
| if (state->ash.flavor == ARM_THREAD_STATE64) { |
| EXPECT_EQ(state->ash.count, |
| implicit_cast<uint32_t>(ARM_THREAD_STATE64_COUNT)); |
| } |
| break; |
| } |
| case ARM_THREAD_STATE64: |
| EXPECT_EQ(old_state_count, ARM_THREAD_STATE64_COUNT); |
| break; |
| case ARM_NEON_STATE64: |
| EXPECT_EQ(old_state_count, ARM_NEON_STATE64_COUNT); |
| break; |
| case ARM_DEBUG_STATE64: |
| EXPECT_EQ(old_state_count, ARM_DEBUG_STATE64_COUNT); |
| break; |
| #else |
| #error Port to your CPU architecture |
| #endif |
| default: |
| ADD_FAILURE() << "unexpected flavor " << *flavor; |
| break; |
| } |
| |
| // Attempt to set a garbage thread state, which would cause the child to |
| // crash inside SimulateCrash() if it actually succeeded. This tests that |
| // SimulateCrash() ignores new_state instead of attempting to set the |
| // state as the kernel would do. This operates in conjunction with the |
| // |true| argument to ExcServerSuccessfulReturnValue() below. |
| *new_state_count = old_state_count; |
| size_t new_state_size = sizeof(natural_t) * old_state_count; |
| memset(new_state, 0xa5, new_state_size); |
| } |
| |
| if (!succeed_) { |
| // The client has registered EXC_CRASH handlers for both its thread and |
| // task targets, and sent a simulated exception message to its |
| // thread-level EXC_CRASH handler. To test that it will fall back to |
| // trying the task-level EXC_CRASH handler, return a failure code, which |
| // should cause SimulateCrash() to try the next target. |
| EXPECT_EQ(target_, kExceptionPortsTargetBoth); |
| return KERN_ABORTED; |
| } |
| |
| ExcServerCopyState( |
| behavior, old_state, old_state_count, new_state, new_state_count); |
| |
| return ExcServerSuccessfulReturnValue(exception, behavior, true); |
| } |
| |
| private: |
| // MachMultiprocess: |
| |
| void MachMultiprocessParent() override { |
| if (target_ == kExceptionPortsTargetNone) { |
| // The child does not have any EXC_CRASH handlers registered for its |
| // thread or task targets, so no exception message is expected to be |
| // generated. Don’t run the server at all. |
| return; |
| } |
| |
| UniversalMachExcServer universal_mach_exc_server(this); |
| |
| mach_msg_return_t mr; |
| if (target_ == kExceptionPortsTargetBoth) { |
| // The client has registered EXC_CRASH handlers for both its thread and |
| // task targets. Run a server that will return a failure code when the |
| // exception message is sent to the thread target, which will cause the |
| // client to fall back to the task target and send another message. |
| succeed_ = false; |
| mr = MachMessageServer::Run(&universal_mach_exc_server, |
| LocalPort(), |
| MACH_MSG_OPTION_NONE, |
| MachMessageServer::kOneShot, |
| MachMessageServer::kReceiveLargeError, |
| kMachMessageTimeoutWaitIndefinitely); |
| EXPECT_EQ(mr, MACH_MSG_SUCCESS) |
| << MachErrorMessage(mr, "MachMessageServer::Run"); |
| } |
| |
| succeed_ = true; |
| mr = MachMessageServer::Run(&universal_mach_exc_server, |
| LocalPort(), |
| MACH_MSG_OPTION_NONE, |
| MachMessageServer::kOneShot, |
| MachMessageServer::kReceiveLargeError, |
| kMachMessageTimeoutWaitIndefinitely); |
| EXPECT_EQ(mr, MACH_MSG_SUCCESS) |
| << MachErrorMessage(mr, "MachMessageServer::Run"); |
| } |
| |
| void MachMultiprocessChild() override { |
| bool task_valid = target_ == kExceptionPortsTargetTask || |
| target_ == kExceptionPortsTargetBoth; |
| ExceptionPorts task_exception_ports(ExceptionPorts::kTargetTypeTask, |
| TASK_NULL); |
| ASSERT_TRUE(task_exception_ports.SetExceptionPort( |
| EXC_MASK_CRASH, |
| task_valid ? RemotePort() : MACH_PORT_NULL, |
| behavior_, |
| flavor_)); |
| |
| bool thread_valid = target_ == kExceptionPortsTargetThread || |
| target_ == kExceptionPortsTargetBoth; |
| ExceptionPorts thread_exception_ports(ExceptionPorts::kTargetTypeThread, |
| THREAD_NULL); |
| ASSERT_TRUE(thread_exception_ports.SetExceptionPort( |
| EXC_MASK_CRASH, |
| thread_valid ? RemotePort() : MACH_PORT_NULL, |
| behavior_, |
| flavor_)); |
| |
| CRASHPAD_SIMULATE_CRASH(); |
| } |
| |
| ExceptionPortsTarget target_; |
| exception_behavior_t behavior_; |
| thread_state_flavor_t flavor_; |
| bool succeed_; |
| }; |
| |
| TEST(SimulateCrash, SimulateCrash) { |
| static constexpr TestSimulateCrashMac::ExceptionPortsTarget kTargets[] = { |
| TestSimulateCrashMac::kExceptionPortsTargetNone, |
| TestSimulateCrashMac::kExceptionPortsTargetTask, |
| TestSimulateCrashMac::kExceptionPortsTargetThread, |
| TestSimulateCrashMac::kExceptionPortsTargetBoth, |
| }; |
| |
| static constexpr exception_behavior_t kBehaviors[] = { |
| EXCEPTION_DEFAULT, |
| EXCEPTION_STATE, |
| EXCEPTION_STATE_IDENTITY, |
| EXCEPTION_DEFAULT | kMachExceptionCodes, |
| EXCEPTION_STATE | kMachExceptionCodes, |
| EXCEPTION_STATE_IDENTITY | kMachExceptionCodes, |
| }; |
| |
| static constexpr thread_state_flavor_t kFlavors[] = { |
| #if defined(ARCH_CPU_X86_FAMILY) |
| x86_THREAD_STATE, |
| x86_FLOAT_STATE, |
| x86_DEBUG_STATE, |
| #if defined(ARCH_CPU_X86) |
| x86_THREAD_STATE32, |
| x86_FLOAT_STATE32, |
| x86_DEBUG_STATE32, |
| #elif defined(ARCH_CPU_X86_64) |
| x86_THREAD_STATE64, |
| x86_FLOAT_STATE64, |
| x86_DEBUG_STATE64, |
| #endif |
| #elif defined(ARCH_CPU_ARM64) |
| ARM_UNIFIED_THREAD_STATE, |
| ARM_THREAD_STATE64, |
| ARM_NEON_STATE64, |
| ARM_DEBUG_STATE64, |
| #else |
| #error Port to your CPU architecture |
| #endif |
| }; |
| |
| for (size_t target_index = 0; target_index < std::size(kTargets); |
| ++target_index) { |
| TestSimulateCrashMac::ExceptionPortsTarget target = kTargets[target_index]; |
| SCOPED_TRACE(base::StringPrintf( |
| "target_index %zu, target %d", target_index, target)); |
| |
| for (size_t behavior_index = 0; behavior_index < std::size(kBehaviors); |
| ++behavior_index) { |
| exception_behavior_t behavior = kBehaviors[behavior_index]; |
| SCOPED_TRACE(base::StringPrintf( |
| "behavior_index %zu, behavior %s", |
| behavior_index, |
| ExceptionBehaviorToString(behavior, kUseFullName | kUnknownIsNumeric) |
| .c_str())); |
| |
| if (!ExceptionBehaviorHasState(behavior)) { |
| TestSimulateCrashMac test_simulate_crash_mac( |
| target, behavior, THREAD_STATE_NONE); |
| test_simulate_crash_mac.Run(); |
| } else { |
| for (size_t flavor_index = 0; flavor_index < std::size(kFlavors); |
| ++flavor_index) { |
| thread_state_flavor_t flavor = kFlavors[flavor_index]; |
| SCOPED_TRACE(base::StringPrintf( |
| "flavor_index %zu, flavor %s", |
| flavor_index, |
| ThreadStateFlavorToString( |
| flavor, kUseFullName | kUnknownIsNumeric).c_str())); |
| |
| TestSimulateCrashMac test_simulate_crash_mac( |
| target, behavior, flavor); |
| test_simulate_crash_mac.Run(); |
| } |
| } |
| } |
| } |
| } |
| |
| } // namespace |
| } // namespace test |
| } // namespace crashpad |