1 // Copyright 2021 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "partition_alloc/oom.h"
6
7 #include "build/build_config.h"
8 #include "partition_alloc/oom_callback.h"
9 #include "partition_alloc/partition_alloc_base/compiler_specific.h"
10 #include "partition_alloc/partition_alloc_base/debug/alias.h"
11 #include "partition_alloc/partition_alloc_base/immediate_crash.h"
12
13 #if BUILDFLAG(IS_WIN)
14 #include <windows.h>
15
16 #include <stdlib.h>
17
18 #include <array>
19 #endif // BUILDFLAG(IS_WIN)
20
21 namespace partition_alloc {
22
23 size_t g_oom_size = 0U;
24
25 namespace internal {
26
27 // Crash server classifies base::internal::OnNoMemoryInternal as OOM.
28 // TODO(crbug.com/1151236): Update to
29 // partition_alloc::internal::base::internal::OnNoMemoryInternal
OnNoMemoryInternal(size_t size)30 PA_NOINLINE void OnNoMemoryInternal(size_t size) {
31 g_oom_size = size;
32 #if BUILDFLAG(IS_WIN)
33 // Kill the process. This is important for security since most of code
34 // does not check the result of memory allocation.
35 // https://msdn.microsoft.com/en-us/library/het71c37.aspx
36 // Pass the size of the failed request in an exception argument.
37 ULONG_PTR exception_args[] = {size};
38 ::RaiseException(win::kOomExceptionCode, EXCEPTION_NONCONTINUABLE,
39 std::size(exception_args), exception_args);
40
41 // Safety check, make sure process exits here.
42 _exit(win::kOomExceptionCode);
43 #else
44 size_t tmp_size = size;
45 internal::base::debug::Alias(&tmp_size);
46
47 // Note: Don't add anything that may allocate here. Depending on the
48 // allocator, this may be called from within the allocator (e.g. with
49 // PartitionAlloc), and would deadlock as our locks are not recursive.
50 //
51 // Additionally, this is unlikely to work, since allocating from an OOM
52 // handler is likely to fail.
53 //
54 // Use PA_IMMEDIATE_CRASH() so that the top frame in the crash is our code,
55 // rather than using abort() or similar; this avoids the crash server needing
56 // to be able to successfully unwind through libc to get to the correct
57 // address, which is particularly an issue on Android.
58 PA_IMMEDIATE_CRASH();
59 #endif // BUILDFLAG(IS_WIN)
60 }
61
62 } // namespace internal
63
TerminateBecauseOutOfMemory(size_t size)64 void TerminateBecauseOutOfMemory(size_t size) {
65 internal::OnNoMemoryInternal(size);
66 }
67
68 namespace internal {
69
70 // The crash is generated in a PA_NOINLINE function so that we can classify the
71 // crash as an OOM solely by analyzing the stack trace. It is tagged as
72 // PA_NOT_TAIL_CALLED to ensure that its parent function stays on the stack.
OnNoMemory(size_t size)73 [[noreturn]] PA_NOINLINE PA_NOT_TAIL_CALLED void OnNoMemory(size_t size) {
74 RunPartitionAllocOomCallback();
75 TerminateBecauseOutOfMemory(size);
76 PA_IMMEDIATE_CRASH();
77 }
78
79 } // namespace internal
80
81 } // namespace partition_alloc
82