gecko-dev/toolkit/crashreporter
Gabriele Svelto 06a240a0f3 Bug 1628399 - Make sure that the main process can't access a crash report before it's fully populated r=KrisWright
In bug 1614933 we changed the order in which the crash annotations are sent
from a crashed content process to the main process in order to prevent a
deadlock that would arise if the child process would block writing into the
pipe used to sent the annotations.

This unfortunately introduced a race that I had missed. Here's the sequence of
event when generating a crash in the child process:

1) The child process enters the exception handler
2) It requests a dump from the main process and wait
3) Once the dump is written, the child process wakes up again and writes out
   the crash annotations
4) The child process quits

One the main process side it looks like this:

1) The crash generation thread receives a request to generate a dump
2) The dump is written out, the crash generation thread notifies the content
   process that it can resume execution. During this step the finished
   minidump is recorded in the `OnChildProcessDumpRequested()` callback.
3) The crash generation thread reads the crash annotations sent by the content
   process and finalizes the crash report
4) The main process grabs the finalized crash report

The key issue here is that the main process in step 4 is woken up when the
content process dies. Notice how there's no synchronization between the crash
generation thread and the main thread in the main process: if the crash
generation thread takes too long reading the crash annotations the main thread
might see an incomplete or missing crash report; that's because the event that
wakes it up - the content process ending execution - can happen in parallel
with step 3.

This is an issue that was accidentally introduced in Windows by bug 1614933
but was already present in both Linux and macOS. It was just very unlikely to
happen.

This patch fixes the issue by splitting step 3 in the main process in two
different stages: in the main process we grab the generated minidump in
`OnChildProcessDumpRequested()`, Breakpad then unblocks the child process and
we read the annotations in `OnChildProcessDumpWritten()`. We grab the
`dumpMapLock` Mutex in the latter and release it in the former to ensure that
the main process will have to wait for the crash report to be finalized when
`TakeCrashedChildProcess()` is called. This might appear somewhat confusing
and even causes debug builds to spit a harmless warning (we don't want Mutexes
to be taken and released from different scopes if we can help it).

To implement the above behavior in Breakpad a new callback was introduced in
Windows, an existing one was used under macOS and an unused one was used under
Linux. This accounts for the different way in which minidumps are generated on
the three platforms.

Differential Revision: https://phabricator.services.mozilla.com/D74496
2020-05-18 20:34:48 +00:00
..
breakpad-client Bug 1628399 - Make sure that the main process can't access a crash report before it's fully populated r=KrisWright 2020-05-18 20:34:48 +00:00
breakpad-patches Bug 1615713 - Update breakpad to upstream revision 5bba75bfd6ec386b8e3af0b91332388a378135bf r=gsvelto 2020-03-19 22:52:26 +00:00
breakpad-windows-libxul
breakpad-windows-standalone
client Bug 1578917: Force macOS Aqua appearance on for content processes, crash reporter and updater. r=mstange 2020-04-24 18:37:57 +00:00
content Bug 1609823 Make about:crashes an HTML file r=ntim 2020-03-11 19:15:12 +00:00
docs
google-breakpad Bug 1634205 - Support Gecko Profiler and Base Profiler on FreeBSD r=mstange 2020-05-06 17:44:19 +00:00
injector
minidump-analyzer Bug 1607804 - Store ModuleSignatureInfo as stringified JSON instead of as an actual JSON object r=froydnj 2020-01-13 14:07:09 +00:00
rust Bug 1617369 - Reformat toolkit/crashreporter/ & toolkit/library/rust/ using rustfmt r=gsvelto 2020-02-25 07:44:53 +00:00
test Bug 1536556 - Replace raw thrown Cr.ERRORs with Components.Exception. r=mossop,remote-protocol-reviewers,marionette-reviewers,whimboo,necko-reviewers,geckoview-reviewers,valentin,agi 2020-05-05 17:41:36 +00:00
tools Bug 1622687 - toolkit/crashreporter/: Make it flake8 compliant r=gsvelto,rstewart 2020-04-16 14:40:31 +00:00
CrashAnnotations.cpp Bug 1627367 - Remove the content process crash annotation blacklist r=KrisWright 2020-04-08 22:59:15 +00:00
CrashAnnotations.h.in Bug 1627367 - Remove the content process crash annotation blacklist r=KrisWright 2020-04-08 22:59:15 +00:00
CrashAnnotations.yaml Bug 1605209 - Annotate JSWindowActor's message exchanges to determine which actor is on the stack of a crash;r=gsvelto,nika 2020-04-17 10:56:21 +00:00
CrashReports.jsm Bug 1608281 - Automated rewrite away from reading properties on the global `this` in JSM files - round 1 r=mossop 2020-01-29 21:50:04 +00:00
CrashSubmit.jsm Bug 1620556 - Automatic code fixes for Prettier 1.19.1 upgrade. r=Standard8,remote-protocol-reviewers,marionette-reviewers,webcompat-reviewers,perftest-reviewers,sparky,whimboo,denschub 2020-03-13 23:38:52 +00:00
InjectCrashReporter.cpp
InjectCrashReporter.h
LoadLibraryRemote.cpp
LoadLibraryRemote.h
ThreadAnnotation.cpp Bug 1625138 - Part 41: Remove no longer needed includes for mozilla/TypeTraits. r=froydnj 2020-03-28 16:00:09 +00:00
ThreadAnnotation.h Bug 1622452 - Remove the remote exception handler when a content process shuts down r=froydnj 2020-03-19 14:06:31 +00:00
crashreporter.mozbuild
generate_crash_reporter_sources.py Bug 1627367 - Remove the content process crash annotation blacklist r=KrisWright 2020-04-08 22:59:15 +00:00
jar.mn Bug 1609823 Make about:crashes an HTML file r=ntim 2020-03-11 19:15:12 +00:00
mac_utils.h
mac_utils.mm
moz.build Bug 1616630 - Use py3_action for GENERATED_FILES that already support it; r=firefox-build-system-reviewers,kvark,rstewart 2020-02-21 00:05:17 +00:00
nsDummyExceptionHandler.cpp Bug 1629300 - Add back CreateNotificationPipeForChild for Tier3 after bug 1623961. r=KrisWright 2020-04-13 21:38:51 +00:00
nsExceptionHandler.cpp Bug 1628399 - Make sure that the main process can't access a crash report before it's fully populated r=KrisWright 2020-05-18 20:34:48 +00:00
nsExceptionHandler.h Bug 1614933 - Gather content processes' crash annotations at exception time instead of using IPC; r=froydnj 2020-04-08 06:55:40 +00:00
nsExceptionHandlerUtils.cpp
nsExceptionHandlerUtils.h
update-breakpad.sh