| blob | 7a7e6adf03913c82c8315d6e99351dc446e9f586 |
1 // Copyright (c) 2007, Google Inc.
2 // All rights reserved.
3 //
4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are
6 // met:
7 //
8 // * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer.
10 // * Redistributions in binary form must reproduce the above
11 // copyright notice, this list of conditions and the following disclaimer
12 // in the documentation and/or other materials provided with the
13 // distribution.
14 // * Neither the name of Google Inc. nor the names of its
15 // contributors may be used to endorse or promote products derived from
16 // this software without specific prior written permission.
17 //
18 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 //
30 // ---
31 // Author: Craig Silverstein
32 //
33 // The main purpose of this file is to patch the libc allocation
34 // routines (malloc and friends, but also _msize and other
35 // windows-specific libc-style routines). However, we also patch
36 // windows routines to do accounting. We do better at the former than
37 // the latter. Here are some comments from Paul Pluzhnikov about what
38 // it might take to do a really good job patching windows routines to
39 // keep track of memory usage:
40 //
41 // "You should intercept at least the following:
42 // HeapCreate HeapDestroy HeapAlloc HeapReAlloc HeapFree
43 // RtlCreateHeap RtlDestroyHeap RtlAllocateHeap RtlFreeHeap
44 // malloc calloc realloc free
45 // malloc_dbg calloc_dbg realloc_dbg free_dbg
46 // Some of these call the other ones (but not always), sometimes
47 // recursively (i.e. HeapCreate may call HeapAlloc on a different
48 // heap, IIRC)."
49 //
50 // Since Paul didn't mention VirtualAllocEx, he may not have even been
51 // considering all the mmap-like functions that windows has (or he may
52 // just be ignoring it because he's seen we already patch it). Of the
53 // above, we do not patch the *_dbg functions, and of the windows
54 // functions, we only patch HeapAlloc and HeapFree.
55 //
56 // The *_dbg functions come into play with /MDd, /MTd, and /MLd,
57 // probably. It may be ok to just turn off tcmalloc in those cases --
58 // if the user wants the windows debug malloc, they probably don't
59 // want tcmalloc! We should also test with all of /MD, /MT, and /ML,
60 // which we're not currently doing.
62 // TODO(csilvers): try to do better here? Paul does conclude:
63 // "Keeping track of all of this was a nightmare."
65 #ifndef _WIN32
66 # error You should only be including windows/patch_functions.cc in a windows environment!
67 #endif
69 #include <config.h>
71 #ifdef WIN32_OVERRIDE_ALLOCATORS
72 #error This file is intended for patching allocators - use override_functions.cc instead.
73 #endif
75 // We use psapi. Non-MSVC systems will have to link this in themselves.
76 #ifdef _MSC_VER
78 #endif
80 // Make sure we always use the 'old' names of the psapi functions.
81 #ifndef PSAPI_VERSION
82 #define PSAPI_VERSION 1
83 #endif
85 #include <windows.h>
86 #include <stdio.h>
89 #include <set>
90 #include <map>
91 #include <vector>
92 #include <base/logging.h>
98 // The maximum number of modules we allow to be in one executable
101 // These are hard-coded, unfortunately. :-( They are also probably
102 // compiler specific. See get_mangled_names.cc, in this directory,
103 // for instructions on how to update these names for your compiler.
113 // This is an unused but exported symbol that we can use to tell the
114 // MSVC linker to bring in libtcmalloc, via the /INCLUDE linker flag.
115 // Without this, the linker will likely decide that libtcmalloc.dll
116 // doesn't add anything to the executable (since it does all its work
117 // through patching, which the linker can't see), and ignore it
118 // entirely. (The name 'tcmalloc' is already reserved for a
119 // namespace. I'd rather export a variable named "_tcmalloc", but I
120 // couldn't figure out how to get that to work. This function exports
121 // the symbol "__tcmalloc".)
125 // This is the version needed for windows x64, which has a different
126 // decoration scheme which doesn't auto-add a leading underscore.
138 // These functions are how we override the memory allocation
139 // functions, just like tcmalloc.cc and malloc_hook.cc do.
141 // This is information about the routines we're patching, for a given
142 // module that implements libc memory routines. A single executable
143 // can have several libc implementations running about (in different
144 // .dll's), and we need to patch/unpatch them all. This defines
145 // everything except the new functions we're patching in, which
146 // are defined in LibcFunctions, below.
151 }
155 // According to http://msdn.microsoft.com/en-us/library/ms684229(VS.85).aspx:
156 // "The load address of a module (lpBaseOfDll) is the same as the HMODULE
157 // value."
160 }
162 // Populates all the windows_fn_[] vars based on our module info.
163 // Returns false if windows_fn_ is all NULL's, because there's
164 // nothing to patch. Also populates the rest of the module_entry
165 // info, such as the module's name.
176 }
182 // These are windows-only functions from malloc.h
184 // A MS CRT "internal" function, implemented using _calloc_impl
185 k_CallocCrt,
186 kNumFunctions
187 };
189 // I'd like to put these together in a struct (perhaps in the
190 // subclass, so we can put in perftools_fn_ as well), but vc8 seems
191 // to have a bug where it doesn't initialize the struct properly if
192 // we try to take the address of a function that's not yet loaded
193 // from a dll, as is the common case for static_fn_. So we need
194 // each to be in its own array. :-(
197 // This function is only used when statically linking the binary.
198 // In that case, loading malloc/etc from the dll (via
199 // PatchOneModule) won't work, since there are no dlls. Instead,
200 // you just want to be taking the address of malloc/etc directly.
201 // In the common, non-static-link case, these pointers will all be
202 // NULL, since this initializer runs before msvcrt.dll is loaded.
205 // This is the address of the function we are going to patch
206 // (malloc, etc). Other info about the function is in the
207 // patch-specific subclasses, below.
210 // This is set to true when this structure is initialized (because
211 // we're patching a new library) and set to false when it's
212 // uninitialized (because we've freed that library).
219 // These shouldn't have to be public, since only subclasses of
220 // LibcInfo need it, but they do. Maybe something to do with
221 // templates. Shrug. I hide them down here so users won't see
222 // them. :-) (OK, I also need to define ctrgProcAddress late.)
226 }
227 // These three are needed by ModuleEntryCopy.
231 }
234 }
235 };
237 // Template trickiness: logically, a LibcInfo would include
238 // Windows_malloc_, origstub_malloc_, and Perftools_malloc_: for a
239 // given module, these three go together. And in fact,
240 // Perftools_malloc_ may need to call origstub_malloc_, which means we
241 // either need to change Perftools_malloc_ to take origstub_malloc_ as
242 // an arugment -- unfortunately impossible since it needs to keep the
243 // same API as normal malloc -- or we need to write a different
244 // version of Perftools_malloc_ for each LibcInfo instance we create.
245 // We choose the second route, and use templates to implement it (we
246 // could have also used macros). So to get multiple versions
247 // of the struct, we say "struct<1> var1; struct<2> var2;". The price
248 // we pay is some code duplication, and more annoying, each instance
249 // of this var is a separate type.
252 // me_info should have had PopulateWindowsFn() called on it, so the
253 // module_* vars and windows_fn_ are set up.
258 // This holds the original function contents after we patch the function.
259 // This has to be defined static in the subclass, because the perftools_fns
260 // reference origstub_fn_.
263 // This is the function we want to patch in
284 // malloc.h also defines these functions:
285 // _aligned_malloc, _aligned_free,
286 // _recalloc, _aligned_offset_malloc, _aligned_realloc, _aligned_recalloc
287 // _aligned_offset_realloc, _aligned_offset_recalloc, _malloca, _freea
288 // But they seem pretty obscure, and I'm fine not overriding them for now.
289 // It may be they all call into malloc/free anyway.
290 };
292 // This is a subset of MODDULEENTRY32, that we need for patching.
295 DWORD modBaseSize;
296 // This is not part of MODDULEENTRY32, but is needed to avoid making
297 // windows syscalls while we're holding patch_all_modules_lock (see
298 // lock-inversion comments at patch_all_modules_lock definition, below).
306 }
315 // Sometimes a DLL forwards a function to a function in another
316 // DLL. We don't want to patch those forwarded functions --
317 // they'll get patched when the other DLL is processed.
320 else
322 }
323 }
324 };
326 // This class is easier because there's only one of them.
333 // TODO(csilvers): should we be patching GlobalAlloc/LocalAlloc instead,
334 // for pre-XP systems?
338 kNumFunctions
339 };
346 };
350 // A Windows-API equivalent of malloc and free
352 DWORD_PTR dwBytes);
354 LPVOID lpMem);
355 // A Windows-API equivalent of mmap and munmap, for "anonymous regions"
358 DWORD protect);
361 // A Windows-API equivalent of mmap and munmap, for actual files
363 DWORD dwDesiredAccess,
364 DWORD dwFileOffsetHigh,
365 DWORD dwFileOffsetLow,
366 SIZE_T dwNumberOfBytesToMap,
367 LPVOID lpBaseAddress);
369 // We don't need the other 3 variants because they all call this one. */
371 HANDLE hFile,
372 DWORD dwFlags);
374 };
376 // If you run out, just add a few more to the array. You'll also need
377 // to update the switch statement in PatchOneModule(), and the list in
378 // UnpatchWindowsFunctions().
379 // main_executable and main_executable_windows are two windows into
380 // the same executable. One is responsible for patching the libc
381 // routines that live in the main executable (if any) to use tcmalloc;
382 // the other is responsible for patching the windows routines like
383 // HeapAlloc/etc to use tcmalloc.
395 };
401 // Ideally we should patch the nothrow versions of new/delete, but
402 // at least in msvcrt, nothrow-new machine-code is of a type we
403 // can't patch. Since these are relatively rare, I'm hoping it's ok
404 // not to patch them. (NULL name turns off patching.)
410 };
412 // For mingw, I can't patch the new/delete here, because the
413 // instructions are too small to patch. Luckily, they're so small
414 // because all they do is call into malloc/free, so they still end up
415 // calling tcmalloc routines, and we don't actually lose anything
416 // (except maybe some stacktrace goodness) by not patching.
422 #ifdef __MINGW32__
424 #else
437 #endif
441 };
444 // This will get filled in at run-time, as patching is done.
445 };
464 };
475 };
478 // First, store the location of the function to patch before
479 // patching it. If none of these functions are found in the module,
480 // then this module has no libc in it, and we just return false.
484 // The ::GetProcAddress calls were done in the ModuleEntryCopy
485 // constructor, so we don't have to make any windows calls here.
489 }
490 }
492 // Some modules use the same function pointer for new and new[]. If
493 // we find that, set one of the pointers to NULL so we don't double-
494 // patch. Same may happen with new and nothrow-new, or even new[]
495 // and nothrow-new. It's easiest just to check each fn-ptr against
496 // every other.
500 // We NULL the later one (j), so as to minimize the chances we
501 // NULL kFree and kRealloc. See comments below. This is fragile!
503 }
504 }
505 }
507 // There's always a chance that our module uses the same function
508 // as another module that we've already loaded. In that case, we
509 // need to set our windows_fn to NULL, to avoid double-patching.
516 }
517 }
518 }
524 }
528 // It's important we didn't NULL out windows_fn_[kFree] or [kRealloc].
529 // The reason is, if those are NULL-ed out, we'll never patch them
530 // and thus never get an origstub_fn_ value for them, and when we
531 // try to call origstub_fn_[kFree/kRealloc] in Perftools_free and
532 // Perftools_realloc, below, it will fail. We could work around
533 // that by adding a pointer from one patch-unit to the other, but we
534 // haven't needed to yet.
538 // OK, we successfully populated. Let's store our member information.
542 }
549 // if origstub_fn_ is not NULL, it's left around from a previous
550 // patch. We need to set it to NULL for the new Patch call.
551 // Since we've patched Unpatch() not to delete origstub_fn_ (it
552 // causes problems in some contexts, though obviously not this
553 // one), we should delete it now, before setting it to NULL.
554 // NOTE: casting from a function to a pointer is contra the C++
555 // spec. It's not safe on IA64, but is on i386. We use
556 // a C-style cast here to emphasize this is not legal C++.
562 }
563 }
566 }
570 // We have to cast our GenericFnPtrs to void* for unpatch. This is
571 // contra the C++ spec; we use C-style casts to empahsize that.
578 }
580 }
586 // Unlike for libc, we know these exist in our module, so we can get
587 // and patch at the same time.
591 // If origstub_fn is not NULL, it's left around from a previous
592 // patch. We need to set it to NULL for the new Patch call.
593 // Since we've patched Unpatch() not to delete origstub_fn_ (it
594 // causes problems in some contexts, though obviously not this
595 // one), we should delete it now, before setting it to NULL.
596 // NOTE: casting from a function to a pointer is contra the C++
597 // spec. It's not safe on IA64, but is on i386. We use
598 // a C-style cast here to emphasize this is not legal C++.
605 }
606 }
609 // We have to cast our GenericFnPtrs to void* for unpatch. This is
610 // contra the C++ spec; we use C-style casts to empahsize that.
616 }
617 }
619 // You should hold the patch_all_modules_lock when calling this.
621 // If we don't already have info on this module, let's add it. This
622 // is where we're sad that each libcX has a different type, so we
623 // can't use an array; instead, we have to use a switch statement.
624 // Patch() returns false if there were no libc functions in the module.
636 }
637 }
638 }
640 }
646 // No need to call PopulateModuleEntryProcAddresses on the main executable.
649 }
651 // This lock is subject to a subtle and annoying lock inversion
652 // problem: it may interact badly with unknown internal windows locks.
653 // In particular, windows may be holding a lock when it calls
654 // LoadLibraryExW and FreeLibrary, which we've patched. We have those
655 // routines call PatchAllModules, which acquires this lock. If we
656 // make windows system calls while holding this lock, those system
657 // calls may need the internal windows locks that are being held in
658 // the call to LoadLibraryExW, resulting in deadlock. The solution is
659 // to be very careful not to call *any* windows routines while holding
660 // patch_all_modules_lock, inside PatchAllModules().
663 // last_loaded: The set of modules that were loaded the last time
664 // PatchAllModules was called. This is an optimization for only
665 // looking at modules that were added or removed from the last call.
668 // Iterates over all the modules currently loaded by the executable,
669 // according to windows, and makes sure they're all patched. Most
670 // modules will already be in loaded_modules, meaning we have already
671 // loaded and either patched them or determined they did not need to
672 // be patched. Others will not, which means we need to patch them
673 // (if necessary). Finally, we have to go through the existing
674 // g_module_libcs and see if any of those are *not* in the modules
675 // currently loaded by the executable. If so, we need to invalidate
676 // them. Returns true if we did any work (patching or invalidating),
677 // false if we were a noop. May update loaded_modules as well.
678 // NOTE: you must hold the patch_all_modules_lock to access loaded_modules.
689 }
690 // EnumProcessModules actually set the bytes written into hModules,
691 // so we need to divide to make num_modules actually be a module-count.
695 " to patch them all (if you need to, raise kMaxModules in"
698 }
700 // Now we handle the unpatching of modules we have in g_module_libcs
701 // but that were not found in EnumProcessModules. We need to
702 // invalidate them. To speed that up, we store the EnumProcessModules
703 // output in a set.
704 // At the same time, we prepare for the adding of new modules, by
705 // removing from hModules all the modules we know we've already
706 // patched (or decided don't need to be patched). At the end,
707 // hModules will hold only the modules that we need to consider patching.
709 {
712 // At the end of this loop, currently_loaded_modules contains the
713 // full list of EnumProcessModules, and hModules just the ones we
714 // haven't handled yet.
721 }
722 }
723 // Now we do the unpatching/invalidation.
727 // Means g_module_libcs[i] is no longer loaded (no me32 matched).
728 // We could call Unpatch() here, but why bother? The module
729 // has gone away, so nobody is going to call into it anyway.
732 }
733 }
734 // Update the loaded module cache.
736 }
738 // Now that we know what modules are new, let's get the info we'll
739 // need to patch them. Note this *cannot* be done while holding the
740 // lock, since it needs to make windows calls (see the lock-inversion
741 // comments before the definition of patch_all_modules_lock).
742 MODULEINFO mi;
746 }
748 // Now we can do the patching of new modules.
749 {
753 LibcInfo libc_info;
757 }
758 }
760 // Now that we've dealt with the modules (dlls), update the main
761 // executable. We do this last because PatchMainExecutableLocked
762 // wants to look at how other modules were patched.
766 }
767 }
768 // TODO(csilvers): for this to be reliable, we need to also take
769 // into account if we *would* have patched any modules had they not
770 // already been loaded. (That is, made_changes should ignore
771 // g_last_loaded.)
773 }
778 // ---------------------------------------------------------------------
779 // Now that we've done all the patching machinery, let's actually
780 // define the functions we're patching in. Mostly these are
781 // simple wrappers around the do_* routines in tcmalloc.cc.
782 //
783 // In fact, we #include tcmalloc.cc to get at the tcmalloc internal
784 // do_* functions, the better to write our own hook functions.
785 // U-G-L-Y, I know. But the alternatives are, perhaps, worse. This
786 // also lets us define _msize(), _expand(), and other windows-specific
787 // functions here, using tcmalloc internals, without polluting
788 // tcmalloc.cc.
789 // -------------------------------------------------------------------
791 // TODO(csilvers): refactor tcmalloc.cc into two files, so I can link
792 // against the file with do_malloc, and ignore the one with malloc.
800 }
805 // This calls the windows free if do_free decides ptr was not
806 // allocated by tcmalloc. Note it calls the origstub_free from
807 // *this* templatized instance of LibcInfo. See "template
808 // trickiness" above.
810 }
819 }
825 }
830 }
838 }
845 }
852 }
858 }
864 }
872 }
880 }
887 }
894 }
897 // _msize() lets you figure out how much space is reserved for a
898 // pointer, in Windows. Even if applications don't call it, any DLL
899 // with global constructors will call (transitively) something called
900 // __dllonexit_lk in order to make sure the destructors get called
901 // when the dll unloads. And that will call msize -- horrible things
902 // can ensue if this is not hooked. Other parts of libc may also call
903 // this internally.
908 }
910 // We need to define this because internal windows functions like to
911 // call into it(?). _expand() is like realloc but doesn't move the
912 // pointer. We punt, which will cause callers to fall back on realloc.
917 }
920 DWORD_PTR dwBytes) {
926 }
929 LPVOID lpMem) {
934 }
937 LPVOID address,
939 DWORD protect) {
943 // VirtualAllocEx() seems to be the Windows equivalent of mmap()
946 }
954 }
959 // For this function pair, you always deallocate the full block of
960 // data that you allocate, so NewHook/DeleteHook is the right API.
968 }
974 lpBaseAddress);
975 }
977 // g_load_map holds a copy of windows' refcount for how many times
978 // each currently loaded module has been loaded and unloaded. We use
979 // it as an optimization when the same module is loaded more than
980 // once: as long as the refcount stays above 1, we don't need to worry
981 // about patching because it's already patched. Likewise, we don't
982 // need to unpatch until the refcount drops to 0. load_map is
983 // maintained in LoadLibraryExW and FreeLibrary, and only covers
984 // modules explicitly loaded/freed via those interfaces.
988 HANDLE hFile,
989 DWORD dwFlags) {
990 HMODULE rv;
991 // Check to see if the modules is already loaded, flag 0 gets a
992 // reference if it was loaded. If it was loaded no need to call
993 // PatchAllModules, just increase the reference count to match
994 // what GetModuleHandleExW does internally inside windows.
998 // Not already loaded, so load it.
1002 // This will patch any newly loaded libraries, if patching needs
1003 // to be done.
1007 }
1008 }
1014 // Check to see if the module is still loaded by passing the base
1015 // address and seeing if it comes back with the same address. If it
1016 // is the same address it's still loaded, so the FreeLibrary() call
1017 // was a noop, and there's no need to redo the patching.
1021 GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT),
1029 }
1032 // ---------------------------------------------------------------------
1033 // PatchWindowsFunctions()
1034 // This is the function that is exposed to the outside world.
1035 // It should be called before the program becomes multi-threaded,
1036 // since main_executable_windows.Patch() is not thread-safe.
1037 // ---------------------------------------------------------------------
1040 // This does the libc patching in every module, and the main executable.
1043 }
1045 #if 0
1046 // It's possible to unpatch all the functions when we are exiting.
1048 // The idea is to handle properly windows-internal data that is
1049 // allocated before PatchWindowsFunctions is called. If all
1050 // destruction happened in reverse order from construction, then we
1051 // could call UnpatchWindowsFunctions at just the right time, so that
1052 // that early-allocated data would be freed using the windows
1053 // allocation functions rather than tcmalloc. The problem is that
1054 // windows allocates some structures lazily, so it would allocate them
1055 // late (using tcmalloc) and then try to deallocate them late as well.
1056 // So instead of unpatching, we just modify all the tcmalloc routines
1057 // so they call through to the libc rountines if the memory in
1058 // question doesn't seem to have been allocated with tcmalloc. I keep
1059 // this unpatch code around for reference.
1062 // We need to go back to the system malloc/etc at global destruct time,
1063 // so objects that were constructed before tcmalloc, using the system
1064 // malloc, can destroy themselves using the system free. This depends
1065 // on DLLs unloading in the reverse order in which they load!
1066 //
1067 // We also go back to the default HeapAlloc/etc, just for consistency.
1068 // Who knows, it may help avoid weird bugs in some situations.
1079 }
1080 #endif