Update Crashpad to 3e065b11d0cad1742f4cc4cf8acb8fa075f364ca

3e065b11d0ca linux, mac: disable cfi-icall for cross-dso calls

Change-Id: I92931ffe81b3004149b33017853d8c1e0548141d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2404066Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#806003}

third_party/crashpad/README.chromium

@@ -2,7 +2,7 @@ Name: Crashpad
 Short Name: crashpad
 URL: https://crashpad.chromium.org/
 Version: unknown
-Revision: 9a5a789123d7528d1c1cb71e66134fe0d7a9d37a
+Revision: 3e065b11d0cad1742f4cc4cf8acb8fa075f364ca
 License: Apache 2.0
 License File: crashpad/LICENSE
 Security Critical: yes

third_party/crashpad/crashpad/client/pthread_create_linux.cc

@@ -17,6 +17,7 @@
 
 #include "base/logging.h"
 #include "client/crashpad_client.h"
+#include "util/misc/no_cfi_icall.h"
 
 namespace {
 
@@ -45,13 +46,12 @@ __attribute__((visibility("default"))) int pthread_create(
     const pthread_attr_t* attr,
     StartRoutineType start_routine,
     void* arg) {
-  static const auto next_pthread_create = []() {
-    const auto next_pthread_create =
-        reinterpret_cast<decltype(pthread_create)*>(
-            dlsym(RTLD_NEXT, "pthread_create"));
-    CHECK(next_pthread_create) << "dlsym: " << dlerror();
-    return next_pthread_create;
-  }();
+  static const crashpad::NoCfiIcall<decltype(pthread_create)*>
+      next_pthread_create([]() {
+        const auto next_pthread_create = dlsym(RTLD_NEXT, "pthread_create");
+        CHECK(next_pthread_create) << "dlsym: " << dlerror();
+        return next_pthread_create;
+      }());
 
   StartParams* params = new StartParams;
   params->start_routine = start_routine;

third_party/crashpad/crashpad/compat/BUILD.gn

@@ -62,7 +62,7 @@ template("compat_target") {
   } else {
     static_library(target_name) {
       forward_variables_from(invoker, "*", [ "configs" ])
-      if (!(defined(configs))) {
+      if (!defined(configs)) {
         configs = []
       }
       if (defined(invoker.configs)) {
@@ -116,8 +116,6 @@ compat_target("compat") {
 
   if (crashpad_is_android) {
     sources += [
-      "android/android/api-level.cc",
-      "android/android/api-level.h",
       "android/dlfcn_internal.cc",
       "android/dlfcn_internal.h",
       "android/elf.h",
@@ -166,7 +164,7 @@ compat_target("compat") {
     "..:crashpad_config",
   ]
 
-  deps = []
+  deps = [ "../util:no_cfi_icall" ]
 
   if (!crashpad_is_mac) {
     deps += [ "../third_party/xnu" ]

third_party/crashpad/crashpad/compat/android/android/api-level.cc

-// Copyright 2018 The Crashpad Authors. All rights reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <android/api-level.h>
-
-#include <dlfcn.h>
-#include <limits.h>
-#include <stdlib.h>
-#include <sys/system_properties.h>
-
-#include "dlfcn_internal.h"
-
-#if __NDK_MAJOR__ < 20
-
-extern "C" {
-
-int android_get_device_api_level() {
-  using FuncType = int (*)();
-  static const FuncType bionic_get_device_api_level =
-      reinterpret_cast<FuncType>(
-          crashpad::internal::Dlsym(RTLD_NEXT, "android_get_device_api_level"));
-
-  if (bionic_get_device_api_level) {
-    return bionic_get_device_api_level();
-  }
-
-  char api_string[PROP_VALUE_MAX];
-  int length = __system_property_get("ro.build.version.sdk", api_string);
-  if (length <= 0) {
-    return -1;
-  }
-
-  int api_level = atoi(api_string);
-  return api_level > 0 ? api_level : -1;
-}
-
-}  // extern "C"
-
-#endif  // __NDK_MAJOR__ < 20

third_party/crashpad/crashpad/compat/android/android/api-level.h

-// Copyright 2018 The Crashpad Authors. All rights reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef CRASHPAD_COMPAT_ANDROID_ANDROID_API_LEVEL_H_
-#define CRASHPAD_COMPAT_ANDROID_ANDROID_API_LEVEL_H_
-
-#include_next <android/api-level.h>
-#include <android/ndk-version.h>
-
-#include <sys/cdefs.h>
-
-#if __NDK_MAJOR__ < 20
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-// Returns the API level of the device or -1 if it can't be determined. This
-// function is provided by NDK r20.
-int android_get_device_api_level();
-
-#ifdef __cplusplus
-}  // extern "C"
-#endif
-
-#endif  // __NDK_MAJOR__ < 20
-
-#endif  // CRASHPAD_COMPAT_ANDROID_ANDROID_API_LEVEL_H_

third_party/crashpad/crashpad/compat/android/sys/epoll.cc

@@ -19,13 +19,14 @@
 #include <unistd.h>
 
 #include "dlfcn_internal.h"
+#include "util/misc/no_cfi_icall.h"
 
 #if __ANDROID_API__ < 21
 
 extern "C" {
 
 int epoll_create1(int flags) {
-  static const auto epoll_create1_p = reinterpret_cast<int (*)(int)>(
+  static const crashpad::NoCfiIcall<decltype(epoll_create1)*> epoll_create1_p(
       crashpad::internal::Dlsym(RTLD_DEFAULT, "epoll_create1"));
   return epoll_create1_p ? epoll_create1_p(flags)
                          : syscall(SYS_epoll_create1, flags);

third_party/crashpad/crashpad/compat/android/sys/mman_mmap.cc

@@ -20,6 +20,7 @@
 #include <unistd.h>
 
 #include "dlfcn_internal.h"
+#include "util/misc/no_cfi_icall.h"
 
 #if defined(__USE_FILE_OFFSET64) && __ANDROID_API__ < 21
 
@@ -88,8 +89,7 @@ extern "C" {
 void* mmap(void* addr, size_t size, int prot, int flags, int fd, off_t offset) {
   // Use the system’s mmap64() wrapper if available. It will be available on
   // Android 5.0 (“Lollipop”) and later.
-  using Mmap64Type = void* (*)(void*, size_t, int, int, int, off64_t);
-  static const Mmap64Type mmap64 = reinterpret_cast<Mmap64Type>(
+  static const crashpad::NoCfiIcall<decltype(LocalMmap64)*> mmap64(
       crashpad::internal::Dlsym(RTLD_DEFAULT, "mmap64"));
   if (mmap64) {
     return mmap64(addr, size, prot, flags, fd, offset);

third_party/crashpad/crashpad/compat/compat.gyp

@@ -19,9 +19,13 @@
   'targets': [
     {
       'target_name': 'crashpad_compat',
+      'dependencies': [
+        '../util/no_cfi_icall.gyp:no_cfi_icall',
+      ],
+      'include_dirs': [
+        '..',
+      ],
       'sources': [
-        'android/android/api-level.cc',
-        'android/android/api-level.h',
         'android/dlfcn_internal.cc',
         'android/dlfcn_internal.h',
         'android/elf.h',

third_party/crashpad/crashpad/compat/linux/sys/mman_memfd_create.cc

@@ -18,14 +18,15 @@
 #include <sys/syscall.h>
 #include <unistd.h>
 
+#include "util/misc/no_cfi_icall.h"
+
 #if defined(__GLIBC__)
 
 extern "C" {
 
 int memfd_create(const char* name, unsigned int flags) {
-  using MemfdCreateType = int (*)(const char*, int);
-  static const MemfdCreateType next_memfd_create =
-      reinterpret_cast<MemfdCreateType>(dlsym(RTLD_NEXT, "memfd_create"));
+  static const crashpad::NoCfiIcall<decltype(memfd_create)*> next_memfd_create(
+      dlsym(RTLD_NEXT, "memfd_create"));
   return next_memfd_create ? next_memfd_create(name, flags)
                            : syscall(SYS_memfd_create, name, flags);
 }

third_party/crashpad/crashpad/handler/BUILD.gn

@@ -181,6 +181,8 @@ if (crashpad_is_android) {
 
     sources = [ "linux/handler_trampoline.cc" ]
 
+    deps = [ "../util:no_cfi_icall" ]
+
     ldflags = [ "-llog" ]
 
     if (crashpad_is_in_chromium) {

third_party/crashpad/crashpad/handler/linux/handler_trampoline.cc

@@ -16,6 +16,8 @@
 #include <dlfcn.h>
 #include <stdlib.h>
 
+#include "util/misc/no_cfi_icall.h"
+
 // The first argument passed to the trampoline is the name of the native library
 // exporting the symbol `CrashpadHandlerMain`. The remaining arguments are the
 // same as for `HandlerMain()`.
@@ -34,8 +36,8 @@ int main(int argc, char* argv[]) {
   }
 
   using MainType = int (*)(int, char*[]);
-  MainType crashpad_main =
-      reinterpret_cast<MainType>(dlsym(handle, "CrashpadHandlerMain"));
+  const crashpad::NoCfiIcall<MainType> crashpad_main(
+      dlsym(handle, "CrashpadHandlerMain"));
   if (!crashpad_main) {
     __android_log_print(ANDROID_LOG_FATAL, kTag, "dlsym: %s", dlerror());
     return EXIT_FAILURE;

third_party/crashpad/crashpad/util/BUILD.gn

@@ -575,6 +575,7 @@ static_library("util") {
   }
 
   public_deps = [
+    ":no_cfi_icall",
     "../compat",
     "../third_party/zlib",
   ]
@@ -668,6 +669,14 @@ if (!crashpad_is_android && !crashpad_is_ios) {
   }
 }
 
+# This exists as a separate target from util so that compat may depend on it
+# without cycles.
+source_set("no_cfi_icall") {
+  sources = [ "misc/no_cfi_icall.h" ]
+  public_deps = [ "../third_party/mini_chromium:base" ]
+  public_configs = [ "..:crashpad_config" ]
+}
+
 source_set("util_test") {
   testonly = true
 
@@ -685,6 +694,7 @@ source_set("util_test") {
     "misc/from_pointer_cast_test.cc",
     "misc/initialization_state_dcheck_test.cc",
     "misc/initialization_state_test.cc",
+    "misc/no_cfi_icall_test.cc",
     "misc/paths_test.cc",
     "misc/random_string_test.cc",
     "misc/range_set_test.cc",

third_party/crashpad/crashpad/util/mach/exception_types.cc

@@ -26,6 +26,7 @@
 #include "base/mac/mach_logging.h"
 #include "util/mac/mac_util.h"
 #include "util/mach/mach_extensions.h"
+#include "util/misc/no_cfi_icall.h"
 #include "util/numeric/in_range_cast.h"
 
 #if __MAC_OS_X_VERSION_MAX_ALLOWED >= __MAC_10_9
@@ -84,8 +85,8 @@ namespace {
 int ProcGetWakemonParams(pid_t pid, int* rate_hz, int* flags) {
 #if __MAC_OS_X_VERSION_MAX_ALLOWED < __MAC_10_9
   // proc_get_wakemon_params() isn’t in the SDK. Look it up dynamically.
-  static ProcGetWakemonParamsType proc_get_wakemon_params =
-      GetProcGetWakemonParams();
+  static crashpad::NoCfiIcall<ProcGetWakemonParamsType> proc_get_wakemon_params(
+      GetProcGetWakemonParams());
 #endif
 
 #if __MAC_OS_X_VERSION_MIN_REQUIRED < __MAC_10_9

third_party/crashpad/crashpad/util/misc/no_cfi_icall.h

+// Copyright 2020 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef CRASHPAD_UTIL_MISC_NO_CFI_ICALL_H_
+#define CRASHPAD_UTIL_MISC_NO_CFI_ICALL_H_
+
+#include <type_traits>
+#include <utility>
+
+#include "base/compiler_specific.h"
+#include "base/macros.h"
+#include "build/build_config.h"
+
+#if defined(OS_WIN)
+#include <windows.h>
+#endif  // OS_WIN
+
+namespace crashpad {
+
+namespace {
+
+template <typename Functor>
+struct FunctorTraits;
+
+template <typename R, typename... Args>
+struct FunctorTraits<R (*)(Args...)> {
+  template <typename Function, typename... RunArgs>
+  DISABLE_CFI_ICALL static R Invoke(Function&& function, RunArgs&&... args) {
+    return std::forward<Function>(function)(std::forward<RunArgs>(args)...);
+  }
+};
+
+template <typename R, typename... Args>
+struct FunctorTraits<R (*)(Args..., ...)> {
+  template <typename Function, typename... RunArgs>
+  DISABLE_CFI_ICALL static R Invoke(Function&& function, RunArgs&&... args) {
+    return std::forward<Function>(function)(std::forward<RunArgs>(args)...);
+  }
+};
+
+#if defined(OS_WIN) && defined(ARCH_CPU_X86)
+template <typename R, typename... Args>
+struct FunctorTraits<R(__stdcall*)(Args...)> {
+  template <typename... RunArgs>
+  DISABLE_CFI_ICALL static R Invoke(R(__stdcall* function)(Args...),
+                                    RunArgs&&... args) {
+    return function(std::forward<RunArgs>(args)...);
+  }
+};
+#endif  // OS_WIN && ARCH_CPU_X86
+
+}  // namespace
+
+//! \brief Disables cfi-icall for calls made through a function pointer.
+//!
+//! Clang provides several Control-Flow-Integrity (CFI) sanitizers, among them,
+//! cfi-icall, which attempts to verify that the dynamic type of a function
+//! matches the static type of the function pointer used to call it.
+//!
+//! https://clang.llvm.org/docs/ControlFlowIntegrity.html#indirect-function-call-checking
+//!
+//! However, cfi-icall does not have enough information to check indirect calls
+//! to functions in other modules, such as through the pointers returned by
+//! `dlsym()`. In these cases, CFI aborts the program upon executing the
+//! indirect call.
+//!
+//! This class encapsulates cross-DSO function pointers to disable cfi-icall
+//! precisely when calling these pointers.
+template <typename Functor>
+class NoCfiIcall {
+ public:
+  //! \brief Constructs this object.
+  //!
+  //! \param function A pointer to the function to be called.
+  explicit NoCfiIcall(Functor function) : function_(function) {}
+
+  //! \see NoCfiIcall
+  template <typename PointerType,
+            typename = std::enable_if_t<
+                std::is_same<typename std::remove_cv<PointerType>::type,
+                             void*>::value>>
+  explicit NoCfiIcall(PointerType function)
+      : function_(reinterpret_cast<Functor>(function)) {}
+
+#if defined(OS_WIN)
+  //! \see NoCfiIcall
+  template <typename = std::enable_if_t<
+                !std::is_same<typename std::remove_cv<Functor>::type,
+                              FARPROC>::value>>
+  explicit NoCfiIcall(FARPROC function)
+      : function_(reinterpret_cast<Functor>(function)) {}
+#endif  // OS_WIN
+
+  ~NoCfiIcall() = default;
+
+  //! \brief Calls the function without sanitization by cfi-icall.
+  template <typename... RunArgs>
+  decltype(auto) operator()(RunArgs&&... args) const {
+    return FunctorTraits<Functor>::Invoke(function_,
+                                          std::forward<RunArgs>(args)...);
+  }
+
+  //! \brief Returns `true` if not `nullptr`.
+  operator bool() const { return function_ != nullptr; }
+
+ private:
+  Functor function_;
+
+  DISALLOW_COPY_AND_ASSIGN(NoCfiIcall);
+};
+
+}  // namespace crashpad
+
+#endif  // CRASHPAD_UTIL_MISC_NO_CFI_ICALL_H_

third_party/crashpad/crashpad/util/misc/no_cfi_icall_test.cc

+// Copyright 2020 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "util/misc/no_cfi_icall.h"
+
+#include <stdio.h>
+
+#include "build/build_config.h"
+#include "gtest/gtest.h"
+
+#if defined(OS_WIN)
+#include <windows.h>
+
+#include "util/win/get_function.h"
+#else
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <unistd.h>
+#endif
+
+namespace crashpad {
+namespace test {
+namespace {
+
+TEST(NoCfiIcall, NullptrIsFalse) {
+  NoCfiIcall<void (*)(void)> call(nullptr);
+  ASSERT_FALSE(call);
+}
+
+TEST(NoCfiIcall, SameDSOICall) {
+  static int (*func)() = []() { return 42; };
+  NoCfiIcall<decltype(func)> call(func);
+  ASSERT_TRUE(call);
+  ASSERT_EQ(call(), 42);
+}
+
+TEST(NoCfiIcall, CrossDSOICall) {
+#if defined(OS_WIN)
+  static const NoCfiIcall<decltype(GetCurrentProcessId)*> call(
+      GET_FUNCTION_REQUIRED(L"kernel32.dll", GetCurrentProcessId));
+  ASSERT_TRUE(call);
+  EXPECT_EQ(call(), GetCurrentProcessId());
+#else
+  static const NoCfiIcall<decltype(getpid)*> call(dlsym(RTLD_NEXT, "getpid"));
+  ASSERT_TRUE(call);
+  EXPECT_EQ(call(), getpid());
+#endif
+}
+
+TEST(NoCfiIcall, Args) {
+#if !defined(OS_WIN)
+  static const NoCfiIcall<decltype(snprintf)*> call(
+      dlsym(RTLD_NEXT, "snprintf"));
+  ASSERT_TRUE(call);
+
+  char buf[1024];
+
+  // Regular args.
+  memset(buf, 0, sizeof(buf));
+  ASSERT_GT(call(buf, sizeof(buf), "Hello!"), 0);
+  EXPECT_STREQ(buf, "Hello!");
+
+  // Variadic args.
+  memset(buf, 0, sizeof(buf));
+  ASSERT_GT(call(buf, sizeof(buf), "%s, %s!", "Hello", "World"), 0);
+  EXPECT_STREQ(buf, "Hello, World!");
+#endif
+}
+
+}  // namespace
+}  // namespace test
+}  // namespace crashpad

third_party/crashpad/crashpad/util/no_cfi_icall.gyp

+# Copyright 2020 The Crashpad Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{
+  'includes': [
+    '../build/crashpad.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'no_cfi_icall',
+      'type': 'static_library',
+      'dependencies': [
+        '../third_party/mini_chromium/mini_chromium.gyp:base',
+      ],
+      'include_dirs': [
+        '..',
+        '<(INTERMEDIATE_DIR)',
+      ],
+      'sources': [
+        'misc/no_cfi_icall.h',
+      ],
+      'export_dependent_settings': [
+        '../third_party/mini_chromium/mini_chromium.gyp:base',
+      ],
+    },
+  ],
+}

third_party/crashpad/crashpad/util/util_test.gyp

@@ -21,6 +21,7 @@
       'target_name': 'crashpad_util_test',
       'type': 'executable',
       'dependencies': [
+        'no_cfi_icall.gyp:no_cfi_icall',
         'util.gyp:crashpad_util',
         '../client/client.gyp:crashpad_client',
         '../compat/compat.gyp:crashpad_compat',
@@ -79,6 +80,7 @@
         'misc/from_pointer_cast_test.cc',
         'misc/initialization_state_dcheck_test.cc',
         'misc/initialization_state_test.cc',
+        'misc/no_cfi_icall_test.cc',
         'misc/paths_test.cc',
         'misc/scoped_forbid_return_test.cc',
         'misc/random_string_test.cc',