diff options
author | Lars Volker <lv@cloudera.com> | 2017-05-10 14:09:11 +0200 |
---|---|---|
committer | Mike Frysinger <vapier@chromium.org> | 2017-05-10 18:02:37 +0000 |
commit | 54a54702a1b76853263584d71f53fec45860220e (patch) | |
tree | 1be27278e37846cecedc7a1cb0612910309d1418 /src | |
parent | Fixing breakpad on old linux kernel (diff) | |
download | breakpad-54a54702a1b76853263584d71f53fec45860220e.tar.xz |
Fix race in ExceptionHandler::GenerateDump()
When writing a minidump on Linux, we called clone() in
linux/handler/exception_handler.cc with the CLONE_FILES flag. If the
parent process died while the child waited for the continuation signal,
the write side of the pipe 'fdes' stayed open in the child. The child
would not receive a SIGPIPE and would wait forever.
To fix this, we clone without CLONE_FILES and then close the
read-side of fdes in the master before the ptrace call. That way, if the
master dies, the child will receive a SIGPIPE and will die, too.
To test this I added a sleep() call before SendContinueSignalToChild()
and then killed the master, manually observing that the child would die,
too.
Bug: 728
Change-Id: Ifd72de835a34e7d9852ae1a362e707fdc6c96c7e
Reviewed-on: https://chromium-review.googlesource.com/464708
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/client/linux/handler/exception_handler.cc | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/client/linux/handler/exception_handler.cc b/src/client/linux/handler/exception_handler.cc index d372a10c..e9ec2bad 100644 --- a/src/client/linux/handler/exception_handler.cc +++ b/src/client/linux/handler/exception_handler.cc @@ -414,9 +414,14 @@ struct ThreadArgument { int ExceptionHandler::ThreadEntry(void *arg) { const ThreadArgument *thread_arg = reinterpret_cast<ThreadArgument*>(arg); + // Close the write end of the pipe. This allows us to fail if the parent dies + // while waiting for the continue signal. + sys_close(thread_arg->handler->fdes[1]); + // Block here until the crashing process unblocks us when // we're allowed to use ptrace thread_arg->handler->WaitForContinueSignal(); + sys_close(thread_arg->handler->fdes[0]); return thread_arg->handler->DoDump(thread_arg->pid, thread_arg->context, thread_arg->context_size) == false; @@ -523,21 +528,22 @@ bool ExceptionHandler::GenerateDump(CrashContext *context) { } const pid_t child = sys_clone( - ThreadEntry, stack, CLONE_FILES | CLONE_FS | CLONE_UNTRACED, - &thread_arg, NULL, NULL, NULL); + ThreadEntry, stack, CLONE_FS | CLONE_UNTRACED, &thread_arg, NULL, NULL, + NULL); if (child == -1) { sys_close(fdes[0]); sys_close(fdes[1]); return false; } + // Close the read end of the pipe. + sys_close(fdes[0]); // Allow the child to ptrace us sys_prctl(PR_SET_PTRACER, child, 0, 0, 0); SendContinueSignalToChild(); int status; const int r = HANDLE_EINTR(sys_waitpid(child, &status, __WALL)); - sys_close(fdes[0]); sys_close(fdes[1]); if (r == -1) { |