1 // Copyright 2017 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef PARTITION_ALLOC_SHIM_MALLOC_ZONE_FUNCTIONS_APPLE_H_
6 #define PARTITION_ALLOC_SHIM_MALLOC_ZONE_FUNCTIONS_APPLE_H_
7 
8 #include "partition_alloc/partition_alloc_buildflags.h"
9 
10 #if BUILDFLAG(USE_ALLOCATOR_SHIM)
11 #include <malloc/malloc.h>
12 
13 #include <cstddef>
14 
15 #include "partition_alloc/partition_alloc_base/component_export.h"
16 #include "partition_alloc/partition_alloc_base/immediate_crash.h"
17 #include "partition_alloc/third_party/apple_apsl/malloc.h"
18 
19 namespace allocator_shim {
20 
21 typedef void* (*malloc_type)(struct _malloc_zone_t* zone, size_t size);
22 typedef void* (*calloc_type)(struct _malloc_zone_t* zone,
23                              size_t num_items,
24                              size_t size);
25 typedef void* (*valloc_type)(struct _malloc_zone_t* zone, size_t size);
26 typedef void (*free_type)(struct _malloc_zone_t* zone, void* ptr);
27 typedef void* (*realloc_type)(struct _malloc_zone_t* zone,
28                               void* ptr,
29                               size_t size);
30 typedef void* (*memalign_type)(struct _malloc_zone_t* zone,
31                                size_t alignment,
32                                size_t size);
33 typedef unsigned (*batch_malloc_type)(struct _malloc_zone_t* zone,
34                                       size_t size,
35                                       void** results,
36                                       unsigned num_requested);
37 typedef void (*batch_free_type)(struct _malloc_zone_t* zone,
38                                 void** to_be_freed,
39                                 unsigned num_to_be_freed);
40 typedef void (*free_definite_size_type)(struct _malloc_zone_t* zone,
41                                         void* ptr,
42                                         size_t size);
43 typedef void (*try_free_default_type)(struct _malloc_zone_t* zone, void* ptr);
44 typedef size_t (*size_fn_type)(struct _malloc_zone_t* zone, const void* ptr);
45 typedef size_t (*good_size_fn_type)(struct _malloc_zone_t* zone, size_t size);
46 typedef boolean_t (*claimed_address_type)(struct _malloc_zone_t* zone,
47                                           void* ptr);
48 
49 struct MallocZoneFunctions {
50   malloc_type malloc;
51   calloc_type calloc;
52   valloc_type valloc;
53   free_type free;
54   realloc_type realloc;
55   memalign_type memalign;
56   batch_malloc_type batch_malloc;
57   batch_free_type batch_free;
58   free_definite_size_type free_definite_size;
59   try_free_default_type try_free_default;
60   size_fn_type size;
61   good_size_fn_type good_size;
62   claimed_address_type claimed_address;
63   const ChromeMallocZone* context;
64 };
65 
66 PA_COMPONENT_EXPORT(ALLOCATOR_SHIM)
67 void StoreZoneFunctions(const ChromeMallocZone* zone,
68                         MallocZoneFunctions* functions);
69 static constexpr int kMaxZoneCount = 30;
70 PA_COMPONENT_EXPORT(ALLOCATOR_SHIM)
71 extern MallocZoneFunctions g_malloc_zones[kMaxZoneCount];
72 
73 // The array g_malloc_zones stores all information about malloc zones before
74 // they are shimmed. This information needs to be accessed during dispatch back
75 // into the zone, and additional zones may be added later in the execution fo
76 // the program, so the array needs to be both thread-safe and high-performance.
77 //
78 // We begin by creating an array of MallocZoneFunctions of fixed size. We will
79 // never modify the container, which provides thread-safety to iterators.  When
80 // we want to add a MallocZoneFunctions to the container, we:
81 //   1. Fill in all the fields.
82 //   2. Update the total zone count.
83 //   3. Insert a memory barrier.
84 //   4. Insert our shim.
85 //
86 // Each MallocZoneFunctions is uniquely identified by |context|, which is a
87 // pointer to the original malloc zone. When we wish to dispatch back to the
88 // original malloc zones, we iterate through the array, looking for a matching
89 // |context|.
90 //
91 // Most allocations go through the default allocator. We will ensure that the
92 // default allocator is stored as the first MallocZoneFunctions.
93 //
94 // Returns whether the zone was successfully stored.
95 PA_COMPONENT_EXPORT(ALLOCATOR_SHIM)
96 bool StoreMallocZone(ChromeMallocZone* zone);
97 PA_COMPONENT_EXPORT(ALLOCATOR_SHIM)
98 bool IsMallocZoneAlreadyStored(ChromeMallocZone* zone);
99 PA_COMPONENT_EXPORT(ALLOCATOR_SHIM)
100 bool DoesMallocZoneNeedReplacing(ChromeMallocZone* zone,
101                                  const MallocZoneFunctions* functions);
102 
103 PA_COMPONENT_EXPORT(ALLOCATOR_SHIM) int GetMallocZoneCountForTesting();
104 PA_COMPONENT_EXPORT(ALLOCATOR_SHIM) void ClearAllMallocZonesForTesting();
105 
GetFunctionsForZone(void * zone)106 inline MallocZoneFunctions& GetFunctionsForZone(void* zone) {
107   for (unsigned int i = 0; i < kMaxZoneCount; ++i) {
108     if (g_malloc_zones[i].context == zone) {
109       return g_malloc_zones[i];
110     }
111   }
112   PA_IMMEDIATE_CRASH();
113 }
114 
115 }  // namespace allocator_shim
116 
117 #endif  // BUILDFLAG(USE_ALLOCATOR_SHIM)
118 
119 #endif  // PARTITION_ALLOC_SHIM_MALLOC_ZONE_FUNCTIONS_APPLE_H_
120