Open
Bug 1251395
Opened 9 years ago
Updated 2 years ago
Include non-JIT, executable, private pages in crash dumps
Categories
(Toolkit :: Crash Reporting, defect, P3)
Toolkit
Crash Reporting
Tracking
()
NEW
People
(Reporter: bugzilla, Unassigned)
References
(Blocks 2 open bugs)
Details
(Whiteboard: inj+)
I've seen a couple of crashes cross my desk where they involve executable code written to pages of private, executable memory. I think that it would be very useful to sniff these out and include them in our crash reports.
Of course, we want to exclude legitimate JIT code and we don't want to significantly increase the size of our dumps.
|
Reporter | |
Comment 1•9 years ago
|
||
I have a POC that works on Win64. It added 5 memory pages to the dump. Two issues:
1) It calls RegisterAppMemory from the breakpad filter callback, which does heap allocation;
2) On Win64 I take advantage of the fact that we register our JIT code with the dynamic function table list. This provides a convenient approximation for distinguishing our JIT code from other stuff.
We need something like that on other platforms. Tagged VM would be nice, but without that my best idea is embedding a magic header at the beginning of each JITcode mapping. Yes, malware could easily fake this, but given that this is for crash reporting purposes, it seems like a waste of effort for malware to try to hide from it. Bottom line is that we need information that is globally accessible without memory allocation during exception handling.
|
|
Reporter | |
Updated•9 years ago
|
OS: Windows → Unspecified
|
||
Comment 2•9 years ago
|
||
You'd have to ask some JIT devs about the latter, I don't know that there's a great solution there. For the former, currently Breakpad keeps a list of registered memory regions and then writes them out using the callback from MinidumpWriteDump:
https://dxr.mozilla.org/mozilla-central/rev/d0be57e84807ce0853b2406de7ff6abb195ac898/toolkit/crashreporter/google-breakpad/src/client/windows/handler/exception_handler.cc#1002
https://dxr.mozilla.org/mozilla-central/rev/d0be57e84807ce0853b2406de7ff6abb195ac898/toolkit/crashreporter/google-breakpad/src/client/windows/handler/exception_handler.cc#872
We could refactor Breakpad to call a caller-supplied callback instead of having a list of memory regions, which might be a little messy but would let you do this during dump writing.
|
|
Reporter | |
Updated•7 years ago
|
Assignee: nobody → aklotz
Status: NEW → ASSIGNED
Priority: -- → P3
Whiteboard: inj+
|
|
Reporter | |
Updated•5 years ago
|
Assignee: aklotz → nobody
Status: ASSIGNED → NEW
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•