Backed out changeset b71c8c052463 (bug 1943846) for causing mass failures. CLOSED...

[gecko.git] / ipc / glue / SharedMemoryPlatform_windows.cpp

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/* This source code was derived from Chromium code, and as such is also subject
 * to the [Chromium license](ipc/chromium/src/LICENSE). */

#include "SharedMemoryPlatform.h"

#include <windows.h>

#include "nsDebug.h"
#ifdef MOZ_MEMORY
#  include "mozmemory_utils.h"
#endif

namespace {
// NtQuerySection is an internal (but believed to be stable) API and the
// structures it uses are defined in nt_internals.h.
// So we have to define them ourselves.
typedef enum _SECTION_INFORMATION_CLASS {
  SectionBasicInformation,
} SECTION_INFORMATION_CLASS;

typedef struct _SECTION_BASIC_INFORMATION {
  PVOID BaseAddress;
  ULONG Attributes;
  LARGE_INTEGER Size;
} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;

typedef ULONG(__stdcall* NtQuerySectionType)(
    HANDLE SectionHandle, SECTION_INFORMATION_CLASS SectionInformationClass,
    PVOID SectionInformation, ULONG SectionInformationLength,
    PULONG ResultLength);

// Checks if the section object is safe to map. At the moment this just means
// it's not an image section.
bool IsSectionSafeToMap(HANDLE aHandle) {
  static NtQuerySectionType nt_query_section_func =
      reinterpret_cast<NtQuerySectionType>(
          ::GetProcAddress(::GetModuleHandle(L"ntdll.dll"), "NtQuerySection"));
  DCHECK(nt_query_section_func);

  // The handle must have SECTION_QUERY access for this to succeed.
  SECTION_BASIC_INFORMATION basic_information = {};
  ULONG status = nt_query_section_func(aHandle, SectionBasicInformation,
                                       &basic_information,
                                       sizeof(basic_information), nullptr);
  if (status) {
    return false;
  }

  return (basic_information.Attributes & SEC_IMAGE) != SEC_IMAGE;
}

// Wrapper around CreateFileMappingW for pagefile-backed regions. When out of
// memory, may attempt to stall and retry rather than returning immediately, in
// hopes that the page file is about to be expanded by Windows. (bug 1822383,
// bug 1716727)
//
// This method is largely a copy of the MozVirtualAlloc method from
// mozjemalloc.cpp, which implements this strategy for VirtualAlloc calls,
// except re-purposed to handle CreateFileMapping.
HANDLE MozCreateFileMappingW(LPSECURITY_ATTRIBUTES lpFileMappingAttributes,
                             DWORD flProtect, DWORD dwMaximumSizeHigh,
                             DWORD dwMaximumSizeLow, LPCWSTR lpName) {
#ifdef MOZ_MEMORY
  constexpr auto IsOOMError = [] {
    return ::GetLastError() == ERROR_COMMITMENT_LIMIT;
  };

  {
    HANDLE handle = ::CreateFileMappingW(
        INVALID_HANDLE_VALUE, lpFileMappingAttributes, flProtect,
        dwMaximumSizeHigh, dwMaximumSizeLow, lpName);
    if (MOZ_LIKELY(handle)) {
      MOZ_DIAGNOSTIC_ASSERT(handle != INVALID_HANDLE_VALUE,
                            "::CreateFileMapping should return NULL, not "
                            "INVALID_HANDLE_VALUE, on failure");
      return handle;
    }

    // We can't do anything for errors other than OOM.
    if (!IsOOMError()) {
      return nullptr;
    }
  }

  // Retry as many times as desired (possibly zero).
  const mozilla::StallSpecs stallSpecs = mozilla::GetAllocatorStallSpecs();

  const auto ret =
      stallSpecs.StallAndRetry(&::Sleep, [&]() -> std::optional<HANDLE> {
        HANDLE handle = ::CreateFileMappingW(
            INVALID_HANDLE_VALUE, lpFileMappingAttributes, flProtect,
            dwMaximumSizeHigh, dwMaximumSizeLow, lpName);

        if (handle) {
          MOZ_DIAGNOSTIC_ASSERT(handle != INVALID_HANDLE_VALUE,
                                "::CreateFileMapping should return NULL, not "
                                "INVALID_HANDLE_VALUE, on failure");
          return handle;
        }

        // Failure for some reason other than OOM.
        if (!IsOOMError()) {
          return nullptr;
        }

        return std::nullopt;
      });

  return ret.value_or(nullptr);
#else
  return ::CreateFileMappingW(INVALID_HANDLE_VALUE, lpFileMappingAttributes,
                              flProtect, dwMaximumSizeHigh, dwMaximumSizeLow,
                              lpName);
#endif
}

}  // namespace

namespace mozilla::ipc::shared_memory {

static Maybe<PlatformHandle> CreateImpl(size_t aSize, bool aFreezable) {
  // If the shared memory object has no DACL, any process can
  // duplicate its handles with any access rights; e.g., re-add write
  // access to a read-only handle.  To prevent that, we give it an
  // empty DACL, so that no process can do that.
  SECURITY_ATTRIBUTES sa, *psa = nullptr;
  SECURITY_DESCRIPTOR sd;
  ACL dacl;

  if (aFreezable) {
    psa = &sa;
    sa.nLength = sizeof(sa);
    sa.lpSecurityDescriptor = &sd;
    sa.bInheritHandle = FALSE;

    if (NS_WARN_IF(!::InitializeAcl(&dacl, sizeof(dacl), ACL_REVISION)) ||
        NS_WARN_IF(!::InitializeSecurityDescriptor(
            &sd, SECURITY_DESCRIPTOR_REVISION)) ||
        NS_WARN_IF(!::SetSecurityDescriptorDacl(&sd, TRUE, &dacl, FALSE))) {
      return Nothing();
    }
  }

  auto handle = MozCreateFileMappingW(psa, PAGE_READWRITE, 0,
                                      static_cast<DWORD>(aSize), nullptr);
  if (!handle) {
    return Nothing();
  } else {
    return Some(handle);
  }
}

bool Platform::Create(Handle& aHandle, size_t aSize) {
  if (auto ph = CreateImpl(aSize, false)) {
    aHandle.mHandle = std::move(*ph);
    aHandle.mSize = aSize;
    return true;
  }
  return false;
}

bool Platform::CreateFreezable(FreezableHandle& aHandle, size_t aSize) {
  if (auto ph = CreateImpl(aSize, true)) {
    aHandle.mHandle = std::move(*ph);
    aHandle.mSize = aSize;
    return true;
  }
  return false;
}

PlatformHandle Platform::CloneHandle(const PlatformHandle& aHandle) {
  HANDLE h = INVALID_HANDLE_VALUE;
  if (::DuplicateHandle(::GetCurrentProcess(), aHandle.get(),
                        ::GetCurrentProcess(), &h, 0, false,
                        DUPLICATE_SAME_ACCESS)) {
    return PlatformHandle(h);
  }
  NS_WARNING("DuplicateHandle Failed!");
  return nullptr;
}

bool Platform::Freeze(FreezableHandle& aHandle) {
  HANDLE ro_handle;
  if (!::DuplicateHandle(::GetCurrentProcess(), aHandle.mHandle.get(),
                         ::GetCurrentProcess(), &ro_handle,
                         GENERIC_READ | FILE_MAP_READ, false, 0)) {
    return false;
  }

  aHandle.mHandle.reset(ro_handle);
  return true;
}

Maybe<void*> Platform::Map(const HandleBase& aHandle, void* aFixedAddress,
                           bool aReadOnly) {
  void* mem = ::MapViewOfFileEx(
      aHandle.mHandle.get(),
      aReadOnly ? FILE_MAP_READ : FILE_MAP_READ | FILE_MAP_WRITE, 0, 0,
      aHandle.Size(), aFixedAddress);
  if (mem) {
    MOZ_ASSERT(!aFixedAddress || mem == aFixedAddress,
               "MapViewOfFileEx returned an expected address");
    return Some(mem);
  }
  return Nothing();
}

void Platform::Unmap(void* aMemory, size_t aSize) {
  ::UnmapViewOfFile(aMemory);
}

bool Platform::Protect(char* aAddr, size_t aSize, Access aAccess) {
  DWORD flags;
  if ((aAccess & AccessReadWrite) == AccessReadWrite)
    flags = PAGE_READWRITE;
  else if (aAccess & AccessRead)
    flags = PAGE_READONLY;
  else
    flags = PAGE_NOACCESS;

  DWORD oldflags;
  return ::VirtualProtect(aAddr, aSize, flags, &oldflags);
}

void* Platform::FindFreeAddressSpace(size_t aSize) {
  void* memory = ::VirtualAlloc(NULL, aSize, MEM_RESERVE, PAGE_NOACCESS);
  if (memory) {
    ::VirtualFree(memory, 0, MEM_RELEASE);
  }
  return memory;
}

size_t Platform::PageSize() {
  SYSTEM_INFO si;
  ::GetSystemInfo(&si);
  return si.dwPageSize;
}

bool Platform::IsSafeToMap(const PlatformHandle& aHandle) {
  return IsSectionSafeToMap(aHandle.get());
}

}  // namespace mozilla::ipc::shared_memory