Chromium Code Reviews Chromium Code Reviews
Issue 2601573002:
mac: Hook up allocator shim. (Closed)
| Index: base/process/memory_mac.mm |
| diff --git a/base/process/memory_mac.mm b/base/process/memory_mac.mm |
| index 4c1b12043e60b64fbc861102cb542e4943c6c0dc..975c8ef936622c13660f09d239d17eeb49c21afc 100644 |
| --- a/base/process/memory_mac.mm |
| +++ b/base/process/memory_mac.mm |
| @@ -15,6 +15,8 @@ |
| #include <new> |
| +#include "base/allocator/allocator_shim.h" |
| +#include "base/allocator/features.h" |
| #include "base/lazy_instance.h" |
| #include "base/logging.h" |
| #include "base/mac/mac_util.h" |
| @@ -32,14 +34,6 @@ void EnableTerminationOnHeapCorruption() { |
| #endif |
| } |
| -// ------------------------------------------------------------------------ |
| - |
| -namespace { |
| - |
| -bool g_oom_killer_enabled; |
| - |
| -#if !defined(ADDRESS_SANITIZER) |
| - |
| // Starting with Mac OS X 10.7, the zone allocators set up by the system are |
| // read-only, to prevent them from being overwritten in an attack. However, |
| // blindly unprotecting and reprotecting the zone allocators fails with |
| @@ -98,6 +92,14 @@ void DeprotectMallocZone(ChromeMallocZone* default_zone, |
| } |
| } |
| +// ------------------------------------------------------------------------ |
| + |
| +namespace { |
| + |
| +bool g_oom_killer_enabled = false; |
| + |
| +#if !defined(ADDRESS_SANITIZER) |
| + |
| // === C malloc/calloc/valloc/realloc/posix_memalign === |
| typedef void* (*malloc_type)(struct _malloc_zone_t* zone, |
| @@ -116,73 +118,12 @@ typedef void* (*memalign_type)(struct _malloc_zone_t* zone, |
| size_t alignment, |
| size_t size); |
| -malloc_type g_old_malloc; |
| -calloc_type g_old_calloc; |
| -valloc_type g_old_valloc; |
| -free_type g_old_free; |
| -realloc_type g_old_realloc; |
| -memalign_type g_old_memalign; |
| - |
| malloc_type g_old_malloc_purgeable; |
| calloc_type g_old_calloc_purgeable; |
| valloc_type g_old_valloc_purgeable; |
| free_type g_old_free_purgeable; |
| realloc_type g_old_realloc_purgeable; |
| memalign_type g_old_memalign_purgeable; |
| - |
| -void* oom_killer_malloc(struct _malloc_zone_t* zone, |
|
Robert Sesek
2017/01/03 19:09:07
I think this may break OOM crash bucketing on Mac,
|
| - size_t size) { |
| - void* result = g_old_malloc(zone, size); |
| - if (!result && size) |
| - TerminateBecauseOutOfMemory(size); |
| - return result; |
| -} |
| - |
| -void* oom_killer_calloc(struct _malloc_zone_t* zone, |
| - size_t num_items, |
| - size_t size) { |
| - void* result = g_old_calloc(zone, num_items, size); |
| - if (!result && num_items && size) |
| - TerminateBecauseOutOfMemory(num_items * size); |
| - return result; |
| -} |
| - |
| -void* oom_killer_valloc(struct _malloc_zone_t* zone, |
| - size_t size) { |
| - void* result = g_old_valloc(zone, size); |
| - if (!result && size) |
| - TerminateBecauseOutOfMemory(size); |
| - return result; |
| -} |
| - |
| -void oom_killer_free(struct _malloc_zone_t* zone, |
| - void* ptr) { |
| - g_old_free(zone, ptr); |
| -} |
| - |
| -void* oom_killer_realloc(struct _malloc_zone_t* zone, |
| - void* ptr, |
| - size_t size) { |
| - void* result = g_old_realloc(zone, ptr, size); |
| - if (!result && size) |
| - TerminateBecauseOutOfMemory(size); |
| - return result; |
| -} |
| - |
| -void* oom_killer_memalign(struct _malloc_zone_t* zone, |
| - size_t alignment, |
| - size_t size) { |
| - void* result = g_old_memalign(zone, alignment, size); |
| - // Only die if posix_memalign would have returned ENOMEM, since there are |
| - // other reasons why NULL might be returned (see |
| - // http://opensource.apple.com/source/Libc/Libc-583/gen/malloc.c ). |
| - if (!result && size && alignment >= sizeof(void*) && |
| - (alignment & (alignment - 1)) == 0) { |
| - TerminateBecauseOutOfMemory(size); |
| - } |
| - return result; |
| -} |
| - |
| void* oom_killer_malloc_purgeable(struct _malloc_zone_t* zone, |
| size_t size) { |
| void* result = g_old_malloc_purgeable(zone, size); |
| @@ -308,43 +249,14 @@ id oom_killer_allocWithZone(id self, SEL _cmd, NSZone* zone) |
| } // namespace |
| bool UncheckedMalloc(size_t size, void** result) { |
| -#if defined(ADDRESS_SANITIZER) |
| - *result = malloc(size); |
| -#else |
| - if (g_old_malloc) { |
| - *result = g_old_malloc(malloc_default_zone(), size); |
| - } else { |
| - *result = malloc(size); |
| - } |
| -#endif // defined(ADDRESS_SANITIZER) |
| - |
| - return *result != NULL; |
| -} |
| - |
| -bool UncheckedCalloc(size_t num_items, size_t size, void** result) { |
| -#if defined(ADDRESS_SANITIZER) |
| - *result = calloc(num_items, size); |
| +#if BUILDFLAG(USE_EXPERIMENTAL_ALLOCATOR_SHIM) |
| + *result = allocator::UncheckedAlloc(size); |
| #else |
| - if (g_old_calloc) { |
| - *result = g_old_calloc(malloc_default_zone(), num_items, size); |
| - } else { |
| - *result = calloc(num_items, size); |
| - } |
| -#endif // defined(ADDRESS_SANITIZER) |
| - |
| + *result = malloc(size); |
| +#endif |
| return *result != NULL; |
| } |
| -void* UncheckedMalloc(size_t size) { |
| - void* address; |
| - return UncheckedMalloc(size, &address) ? address : NULL; |
| -} |
| - |
| -void* UncheckedCalloc(size_t num_items, size_t size) { |
| - void* address; |
| - return UncheckedCalloc(num_items, size, &address) ? address : NULL; |
| -} |
| - |
| void EnableTerminationOnOutOfMemory() { |
| if (g_oom_killer_enabled) |
| return; |
| @@ -357,33 +269,21 @@ void EnableTerminationOnOutOfMemory() { |
| // MALLOC_ABSOLUTE_MAX_SIZE (currently SIZE_T_MAX - (2 * PAGE_SIZE)) will |
| // still fail with a NULL rather than dying (see |
| // http://opensource.apple.com/source/Libc/Libc-583/gen/malloc.c for details). |
| - // Unfortunately, it's the best we can do. Also note that this does not affect |
| - // allocations from non-default zones. |
| +// Unfortunately, it's the best we can do. Also note that this only affects |
| +// allocations from the purgeable zone. Allocations from the default zone are |
| +// handled by base/allocator/allocator_shim_override_mac_symbols.h. |
| #if !defined(ADDRESS_SANITIZER) |
| // Don't do anything special on OOM for the malloc zones replaced by |
| // AddressSanitizer, as modifying or protecting them may not work correctly. |
| - CHECK(!g_old_malloc && !g_old_calloc && !g_old_valloc && !g_old_realloc && |
| - !g_old_memalign) << "Old allocators unexpectedly non-null"; |
| - |
| CHECK(!g_old_malloc_purgeable && !g_old_calloc_purgeable && |
| !g_old_valloc_purgeable && !g_old_realloc_purgeable && |
| !g_old_memalign_purgeable) << "Old allocators unexpectedly non-null"; |
| - ChromeMallocZone* default_zone = |
| - reinterpret_cast<ChromeMallocZone*>(malloc_default_zone()); |
| ChromeMallocZone* purgeable_zone = |
| reinterpret_cast<ChromeMallocZone*>(malloc_default_purgeable_zone()); |
| - mach_vm_address_t default_reprotection_start = 0; |
| - mach_vm_size_t default_reprotection_length = 0; |
| - vm_prot_t default_reprotection_value = VM_PROT_NONE; |
| - DeprotectMallocZone(default_zone, |
| - &default_reprotection_start, |
| - &default_reprotection_length, |
| - &default_reprotection_value); |
| - |
| mach_vm_address_t purgeable_reprotection_start = 0; |
| mach_vm_size_t purgeable_reprotection_length = 0; |
| vm_prot_t purgeable_reprotection_value = VM_PROT_NONE; |
| @@ -392,34 +292,6 @@ void EnableTerminationOnOutOfMemory() { |
| &purgeable_reprotection_start, |
| &purgeable_reprotection_length, |
| &purgeable_reprotection_value); |
| - } |
| - |
| - // Default zone |
| - |
| - g_old_malloc = default_zone->malloc; |
| - g_old_calloc = default_zone->calloc; |
| - g_old_valloc = default_zone->valloc; |
| - g_old_free = default_zone->free; |
| - g_old_realloc = default_zone->realloc; |
| - CHECK(g_old_malloc && g_old_calloc && g_old_valloc && g_old_free && |
| - g_old_realloc) |
| - << "Failed to get system allocation functions."; |
| - |
| - default_zone->malloc = oom_killer_malloc; |
| - default_zone->calloc = oom_killer_calloc; |
| - default_zone->valloc = oom_killer_valloc; |
| - default_zone->free = oom_killer_free; |
| - default_zone->realloc = oom_killer_realloc; |
| - |
| - if (default_zone->version >= 5) { |
| - g_old_memalign = default_zone->memalign; |
| - if (g_old_memalign) |
| - default_zone->memalign = oom_killer_memalign; |
| - } |
| - |
| - // Purgeable zone (if it exists) |
| - |
| - if (purgeable_zone) { |
| g_old_malloc_purgeable = purgeable_zone->malloc; |
| g_old_calloc_purgeable = purgeable_zone->calloc; |
| g_old_valloc_purgeable = purgeable_zone->valloc; |
| @@ -443,17 +315,6 @@ void EnableTerminationOnOutOfMemory() { |
| } |
| } |
| - // Restore protection if it was active. |
| - |
| - if (default_reprotection_start) { |
| - kern_return_t result = mach_vm_protect(mach_task_self(), |
| - default_reprotection_start, |
| - default_reprotection_length, |
| - false, |
| - default_reprotection_value); |
| - MACH_CHECK(result == KERN_SUCCESS, result) << "mach_vm_protect"; |
| - } |
| - |
| if (purgeable_reprotection_start) { |
| kern_return_t result = mach_vm_protect(mach_task_self(), |
| purgeable_reprotection_start, |
| @@ -488,6 +349,9 @@ void EnableTerminationOnOutOfMemory() { |
| // that our imperfect handling of malloc cannot. |
| std::set_new_handler(oom_killer_new); |
| +#if BUILDFLAG(USE_EXPERIMENTAL_ALLOCATOR_SHIM) |
| + allocator::SetCallNewHandlerOnMallocFailure(true); |
| +#endif |
| #ifndef ADDRESS_SANITIZER |
| // === Core Foundation CFAllocators === |
