Implement Site Settings \ Images category.
[chromium-blink-merge.git] / base / process / memory_linux.cc
blob6dbe8b7b3948f7afd04a1ad13ab962966b604280
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/process/memory.h"
7 #include <new>
9 #include "base/files/file_path.h"
10 #include "base/files/file_util.h"
11 #include "base/logging.h"
12 #include "base/process/internal_linux.h"
13 #include "base/strings/string_number_conversions.h"
15 #if defined(USE_TCMALLOC)
16 // Used by UncheckedMalloc. If tcmalloc is linked to the executable
17 // this will be replaced by a strong symbol that actually implement
18 // the semantics and don't call new handler in case the allocation fails.
19 extern "C" {
21 __attribute__((weak, visibility("default")))
22 void* tc_malloc_skip_new_handler_weak(size_t size);
24 void* tc_malloc_skip_new_handler_weak(size_t size) {
25 return malloc(size);
29 #endif
31 namespace base {
33 size_t g_oom_size = 0U;
35 namespace {
37 #if !defined(OS_ANDROID)
38 void OnNoMemorySize(size_t size) {
39 g_oom_size = size;
41 if (size != 0)
42 LOG(FATAL) << "Out of memory, size = " << size;
43 LOG(FATAL) << "Out of memory.";
46 void OnNoMemory() {
47 OnNoMemorySize(0);
49 #endif // !defined(OS_ANDROID)
51 } // namespace
53 #if !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && \
54 !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER)
56 #if defined(LIBC_GLIBC) && !defined(USE_TCMALLOC)
58 extern "C" {
59 void* __libc_malloc(size_t size);
60 void* __libc_realloc(void* ptr, size_t size);
61 void* __libc_calloc(size_t nmemb, size_t size);
62 void* __libc_valloc(size_t size);
63 #if PVALLOC_AVAILABLE == 1
64 void* __libc_pvalloc(size_t size);
65 #endif
66 void* __libc_memalign(size_t alignment, size_t size);
68 // Overriding the system memory allocation functions:
70 // For security reasons, we want malloc failures to be fatal. Too much code
71 // doesn't check for a NULL return value from malloc and unconditionally uses
72 // the resulting pointer. If the first offset that they try to access is
73 // attacker controlled, then the attacker can direct the code to access any
74 // part of memory.
76 // Thus, we define all the standard malloc functions here and mark them as
77 // visibility 'default'. This means that they replace the malloc functions for
78 // all Chromium code and also for all code in shared libraries. There are tests
79 // for this in process_util_unittest.cc.
81 // If we are using tcmalloc, then the problem is moot since tcmalloc handles
82 // this for us. Thus this code is in a !defined(USE_TCMALLOC) block.
84 // If we are testing the binary with AddressSanitizer, we should not
85 // redefine malloc and let AddressSanitizer do it instead.
87 // We call the real libc functions in this code by using __libc_malloc etc.
88 // Previously we tried using dlsym(RTLD_NEXT, ...) but that failed depending on
89 // the link order. Since ld.so needs calloc during symbol resolution, it
90 // defines its own versions of several of these functions in dl-minimal.c.
91 // Depending on the runtime library order, dlsym ended up giving us those
92 // functions and bad things happened. See crbug.com/31809
94 // This means that any code which calls __libc_* gets the raw libc versions of
95 // these functions.
97 #define DIE_ON_OOM_1(function_name) \
98 void* function_name(size_t) __attribute__ ((visibility("default"))); \
100 void* function_name(size_t size) { \
101 void* ret = __libc_##function_name(size); \
102 if (ret == NULL && size != 0) \
103 OnNoMemorySize(size); \
104 return ret; \
107 #define DIE_ON_OOM_2(function_name, arg1_type) \
108 void* function_name(arg1_type, size_t) \
109 __attribute__ ((visibility("default"))); \
111 void* function_name(arg1_type arg1, size_t size) { \
112 void* ret = __libc_##function_name(arg1, size); \
113 if (ret == NULL && size != 0) \
114 OnNoMemorySize(size); \
115 return ret; \
118 DIE_ON_OOM_1(malloc)
119 DIE_ON_OOM_1(valloc)
120 #if PVALLOC_AVAILABLE == 1
121 DIE_ON_OOM_1(pvalloc)
122 #endif
124 DIE_ON_OOM_2(calloc, size_t)
125 DIE_ON_OOM_2(realloc, void*)
126 DIE_ON_OOM_2(memalign, size_t)
128 // posix_memalign has a unique signature and doesn't have a __libc_ variant.
129 int posix_memalign(void** ptr, size_t alignment, size_t size)
130 __attribute__ ((visibility("default")));
132 int posix_memalign(void** ptr, size_t alignment, size_t size) {
133 // This will use the safe version of memalign, above.
134 *ptr = memalign(alignment, size);
135 return 0;
138 } // extern C
140 #else
142 // TODO(mostynb@opera.com): dlsym dance
144 #endif // LIBC_GLIBC && !USE_TCMALLOC
146 #endif // !*_SANITIZER
148 void EnableTerminationOnHeapCorruption() {
149 // On Linux, there nothing to do AFAIK.
152 void EnableTerminationOnOutOfMemory() {
153 #if defined(OS_ANDROID)
154 // Android doesn't support setting a new handler.
155 DLOG(WARNING) << "Not feasible.";
156 #else
157 // Set the new-out of memory handler.
158 std::set_new_handler(&OnNoMemory);
159 // If we're using glibc's allocator, the above functions will override
160 // malloc and friends and make them die on out of memory.
161 #endif
164 // NOTE: This is not the only version of this function in the source:
165 // the setuid sandbox (in process_util_linux.c, in the sandbox source)
166 // also has its own C version.
167 bool AdjustOOMScore(ProcessId process, int score) {
168 if (score < 0 || score > kMaxOomScore)
169 return false;
171 FilePath oom_path(internal::GetProcPidDir(process));
173 // Attempt to write the newer oom_score_adj file first.
174 FilePath oom_file = oom_path.AppendASCII("oom_score_adj");
175 if (PathExists(oom_file)) {
176 std::string score_str = IntToString(score);
177 DVLOG(1) << "Adjusting oom_score_adj of " << process << " to "
178 << score_str;
179 int score_len = static_cast<int>(score_str.length());
180 return (score_len == WriteFile(oom_file, score_str.c_str(), score_len));
183 // If the oom_score_adj file doesn't exist, then we write the old
184 // style file and translate the oom_adj score to the range 0-15.
185 oom_file = oom_path.AppendASCII("oom_adj");
186 if (PathExists(oom_file)) {
187 // Max score for the old oom_adj range. Used for conversion of new
188 // values to old values.
189 const int kMaxOldOomScore = 15;
191 int converted_score = score * kMaxOldOomScore / kMaxOomScore;
192 std::string score_str = IntToString(converted_score);
193 DVLOG(1) << "Adjusting oom_adj of " << process << " to " << score_str;
194 int score_len = static_cast<int>(score_str.length());
195 return (score_len == WriteFile(oom_file, score_str.c_str(), score_len));
198 return false;
201 bool UncheckedMalloc(size_t size, void** result) {
202 #if defined(MEMORY_TOOL_REPLACES_ALLOCATOR) || \
203 (!defined(LIBC_GLIBC) && !defined(USE_TCMALLOC))
204 *result = malloc(size);
205 #elif defined(LIBC_GLIBC) && !defined(USE_TCMALLOC)
206 *result = __libc_malloc(size);
207 #elif defined(USE_TCMALLOC)
208 *result = tc_malloc_skip_new_handler_weak(size);
209 #endif
210 return *result != NULL;
213 } // namespace base