chromium/src
0
Fork 0
Code Activity
Files
ddcf18f3b053a6904eb7419fb1e91f515a0c242c
src/content/browser/profiling_utils.cc
Sangbaek Park 23cea31a5d Fix use-of-uninitialized-value error by ChildProcessData on MSan tests 
MSan test failed after landing crrev.com/c/5932764 with the error
message: `WARNING: MemorySanitizer: use-of-uninitialized-value`.
```
Uninitialized value was created by an allocation of 'child_process_data' in the stack frame
```

Failure CI bot link: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20MSan%20Tests/51310/test-results?q=ExactID%3Aninja%3A%2F%2Fcomponents%3Acomponents_unittests%2FContentStabilityMetricsProviderTest.BrowserChildProcessObserverUtility+VHash%3Aa09c171ea35b3b9e

The landed CL is not the root cause of the MSan test failure but
just uncovered the potential `use-of-uninitialized-value` issue because
`ContentStabilityMetricsProvider::BrowserChildProcessCrashed()` reads
`sandbox_type` which was not set in the existing test cases.

Promoted `sandbox::mojom::Sandbox sandbox_type` as std::optional since
it can be invalid (or unknown) for some cases, plus the mojom
Enum doesn't have any proper one for invalid cases. `sandbox_type` can
be a lhs-value currently or in the future. For example, https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ui/webui/sandbox/sandbox_handler.cc;drc=e6fc2038d73ef96ff47deda3146d94d25530e13b;l=47

Tests:
```
autoninja -C out\Default metrics_unittests
out\Default\metrics_unittests --single-process-tests --gtest_filter=ContentStabilityMetricsProviderTest.*

autoninja -C out\Default sandbox_unittests
out\Default\sandbox_unittests
```

Bug: b:368672525
Change-Id: I435f5a879b23f557d5b1456e3754366528ce8685
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5949437
Reviewed-by: Luc Nguyen <lucnguyen@google.com>
Reviewed-by: David Schinazi <dschinazi@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Sangbaek Park <sangbaekpark@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1372950}
2024-10-23 21:43:11 +00:00

97 lines
3.3 KiB
C++
Raw Blame History

// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <memory>
#include <vector>
#include "base/command_line.h"
#include "base/functional/bind.h"
#include "base/functional/callback_forward.h"
#include "base/functional/callback_helpers.h"
#include "base/memory/ref_counted.h"
#include "base/path_service.h"
#include "base/rand_util.h"
#include "base/task/thread_pool.h"
#include "build/build_config.h"
#include "content/public/browser/browser_child_process_host_iterator.h"
#include "content/public/browser/browser_task_traits.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/child_process_data.h"
#include "content/public/browser/child_process_host.h"
#include "content/public/browser/gpu_utils.h"
#include "content/public/browser/render_process_host.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/profiling_utils.h"
#if BUILDFLAG(IS_WIN)
#include "sandbox/policy/mojom/sandbox.mojom-shared.h"
#endif
namespace content {
namespace {
// A refcounted class that runs a closure once it's destroyed.
class RefCountedScopedClosureRunner
: public base::RefCounted<RefCountedScopedClosureRunner> {
public:
RefCountedScopedClosureRunner(base::OnceClosure callback);
private:
friend class base::RefCounted<RefCountedScopedClosureRunner>;
~RefCountedScopedClosureRunner() = default;
base::ScopedClosureRunner destruction_callback_;
};
RefCountedScopedClosureRunner::RefCountedScopedClosureRunner(
base::OnceClosure callback)
: destruction_callback_(std::move(callback)) {}
} // namespace
void AskAllChildrenToDumpProfilingData(base::OnceClosure callback) {
if (base::CommandLine::ForCurrentProcess()->HasSwitch(
switches::kSingleProcess)) {
return;
}
auto closure_runner =
base::MakeRefCounted<RefCountedScopedClosureRunner>(std::move(callback));
// Ask all the renderer processes to dump their profiling data.
for (RenderProcessHost::iterator i(RenderProcessHost::AllHostsIterator());
!i.IsAtEnd(); i.Advance()) {
DCHECK(!i.GetCurrentValue()->GetProcess().is_current());
if (!i.GetCurrentValue()->IsInitializedAndNotDead())
continue;
i.GetCurrentValue()->DumpProfilingData(base::BindOnce(
[](scoped_refptr<RefCountedScopedClosureRunner>) {}, closure_runner));
}
// Ask all the other child processes to dump their profiling data
for (content::BrowserChildProcessHostIterator browser_child_iter;
!browser_child_iter.Done(); ++browser_child_iter) {
#if BUILDFLAG(IS_WIN)
// On Windows, elevated processes are never passed the profiling data file
// so cannot dump their data.
CHECK(browser_child_iter.GetData().sandbox_type.has_value());
if (browser_child_iter.GetData().sandbox_type ==
sandbox::mojom::Sandbox::kNoSandboxAndElevatedPrivileges) {
continue;
}
#endif
browser_child_iter.GetHost()->DumpProfilingData(base::BindOnce(
[](scoped_refptr<RefCountedScopedClosureRunner>) {}, closure_runner));
}
if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
switches::kInProcessGPU)) {
DumpGpuProfilingData(base::BindOnce(
[](scoped_refptr<RefCountedScopedClosureRunner>) {}, closure_runner));
}
}
} // namespace content
View Git Blame Copy Permalink