New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 646853 link

Starred by 1 user
Status: Fixed
Owner:
rdevlin....@chromium.org
Closed: Oct 2016
Cc:
thakis@chromium.org
f...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 3
Type: Bug



Sign in to add a comment

ActivityLogAPI can DoS browser process

Project Member Reported by thakis@chromium.org, Sep 14 2016 
Someone sent me a report of Chrome needing 200% CPU. I asked them to report a sample, here it is. The interesting part of it is:

2094 base::MessagePumpCFRunLoopBase::RunWork()  (in Google Chrome Framework)  load address 0x1078c1000 + 0x5841bd  [message_pump_mac.mm:330]
  2091 base::MessageLoop::DoWork()  (in Google Chrome Framework)  load address 0x1078c1000 + 0x5b1cbb  [message_loop.cc:624]
  ! 2091 base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&)  (in Google Chrome Framework)  load address 0x1078c1000 + 0x5b195c  [message_loop.cc:502]
  !   2091 base::MessageLoop::RunTask(base::PendingTask const&)  (in Google Chrome Framework)  load address 0x1078c1000 + 0x5b164c  [vector:640]
  !     2091 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)  (in Google Chrome Framework)  load address 0x1078c1000 + 0x58eebb  [callback.h:389]
  !       2089 void base::ObserverListThreadSafe<extensions::ActivityLog::Observer>::NotifyWrapper<void (extensions::ActivityLog::Observer::*)(...)
  !       : 1986 extensions::ActivityLogAPI::OnExtensionActivity(scoped_refptr<extensions::Action>) [activity_log_private_api.cc:91]
  !       : | 1986 extensions::Action::ConvertToExtensionActivity()  (in Google Chrome Framework) [activity_actions.cc:36]


I'm guessing they have some bad extension installed (any idea which one?) but an extension shouldn't be able to bring down the browser process.
activitylogsample.txt
335 KB View Download

Comment 1 by rdevlin....@chromium.org, Sep 14 2016

Cc: -rdevlin....@chromium.org thakis@chromium.org
Owner: rdevlin....@chromium.org
Status: Assigned (was: Untriaged)
The ActivityLog is a pretty intense API, since it basically causes every extension action to also have to be logged, and the logging itself can take as long as the extension action.  I made this a lot better in the course of  issue 620359 , and removed the ability for certain corp extensions to do this (previously it was happening all the time...).  We should get to the point where this only has an impact if the user specifically opts in, kind of like tracing or profiling, where you expect a performance overhead.

A few questions here:
- Does the person who reported it work at Google?  We had a corp extension that used this, but shouldn't anymore.
- Chrome version?  This should get a lot better in M53, so it might already be fixed.
- Any chance you can send a list of their extensions?

Comment 2 by thakis@chromium.org, Sep 14 2016 

- Yes, googler (will email you their ldap)
- Chrome 53 (chrome version, os version etc are listed at the top of the attached txt file too)
- I asked them for it, will forward once I know.

Comment 3 by rdevlin....@chromium.org, Sep 19 2016

Cc: f...@chromium.org
+felt as FYI.

So, I followed up with the Googler, and apparently the pref we use to keep track of the number of extensions listening to the activity log is quite borked.  It should only be around one, instead it was 75.  My guess is that we somehow got out of sync in listening to whitelisted additions/removals of extensions, in which case we can add code to verify whether or not the number makes sense.  The other possibility is pref corruption, which would be unfortunate.
Project Member

Comment 4 by bugdroid1@chromium.org, Sep 29 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/100d164a4403d22bfa238607ebad71331e5032ad

commit 100d164a4403d22bfa238607ebad71331e5032ad
Author: rdevlin.cronin <rdevlin.cronin@chromium.org>
Date: Thu Sep 29 18:06:40 2016

[Extensions] Fix incorrect counting prefs in activity log

The ActivityLog maintains a count of active apps/extensions that are
listening to the API. This is necessary so that events that happen on
startup (potentially before the extension is loaded) are properly
recorded. Unfortunately, there was a bug where this counter was never
properly decremented. Because of this, there are cases where we are
recording activity, but there are no active consumers.

Fix this by separating the concept of cached consumers and seen active
consumers. During startup, we can rely on the cached consumer count, but
once startup is complete, we check whether or not there is actually a
consumer and update the cached count appropriately.

BUG= 646853 

Review-Url: https://codereview.chromium.org/2372223003
Cr-Commit-Position: refs/heads/master@{#421870}

[modify] https://crrev.com/100d164a4403d22bfa238607ebad71331e5032ad/chrome/browser/extensions/activity_log/activity_log.cc
[modify] https://crrev.com/100d164a4403d22bfa238607ebad71331e5032ad/chrome/browser/extensions/activity_log/activity_log.h
[modify] https://crrev.com/100d164a4403d22bfa238607ebad71331e5032ad/chrome/browser/extensions/activity_log/activity_log_enabled_unittest.cc
[modify] https://crrev.com/100d164a4403d22bfa238607ebad71331e5032ad/chrome/browser/extensions/activity_log/activity_log_unittest.cc

Comment 5 by rdevlin....@chromium.org, Oct 14 2016 

I think this should be fixed, at least so that logging doesn't happen if the listening app (Chrome Apps and Extensions Developer Tool) is not installed and enabled.  Please let me know if you see this again.

Comment 6 by rdevlin....@chromium.org, Oct 14 2016

Status: Fixed (was: Assigned)

Sign in to add a comment