1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
|
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "base/process_util.h"
#include <ctype.h>
#include <dirent.h>
#include <dlfcn.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
#include "base/file_util.h"
#include "base/logging.h"
#include "base/stringprintf.h"
#include "base/string_number_conversions.h"
#include "base/string_split.h"
#include "base/string_tokenizer.h"
#include "base/string_util.h"
#include "base/sys_info.h"
#include "base/threading/thread_restrictions.h"
namespace {
// Max score for the old oom_adj range. Used for conversion of new
// values to old values.
const int kMaxOldOomScore = 15;
enum ParsingState {
KEY_NAME,
KEY_VALUE
};
// Reads /proc/<pid>/stat and populates |proc_stats| with the values split by
// spaces. Returns true if successful.
bool GetProcStats(pid_t pid, std::vector<std::string>* proc_stats) {
// Synchronously reading files in /proc is safe.
base::ThreadRestrictions::ScopedAllowIO allow_io;
FilePath stat_file("/proc");
stat_file = stat_file.Append(base::IntToString(pid));
stat_file = stat_file.Append("stat");
std::string mem_stats;
if (!file_util::ReadFileToString(stat_file, &mem_stats))
return false;
base::SplitString(mem_stats, ' ', proc_stats);
return true;
}
// Reads /proc/<pid>/cmdline and populates |proc_cmd_line_args| with the command
// line arguments. Returns true if successful.
// Note: /proc/<pid>/cmdline contains command line arguments separated by single
// null characters. We tokenize it into a vector of strings using '\0' as a
// delimiter.
bool GetProcCmdline(pid_t pid, std::vector<std::string>* proc_cmd_line_args) {
// Synchronously reading files in /proc is safe.
base::ThreadRestrictions::ScopedAllowIO allow_io;
FilePath cmd_line_file("/proc");
cmd_line_file = cmd_line_file.Append(base::IntToString(pid));
cmd_line_file = cmd_line_file.Append("cmdline");
std::string cmd_line;
if (!file_util::ReadFileToString(cmd_line_file, &cmd_line))
return false;
std::string delimiters;
delimiters.push_back('\0');
Tokenize(cmd_line, delimiters, proc_cmd_line_args);
return true;
}
// Get the total CPU of a single process. Return value is number of jiffies
// on success or -1 on error.
int GetProcessCPU(pid_t pid) {
// Synchronously reading files in /proc is safe.
base::ThreadRestrictions::ScopedAllowIO allow_io;
// Use /proc/<pid>/task to find all threads and parse their /stat file.
FilePath path = FilePath(base::StringPrintf("/proc/%d/task/", pid));
DIR* dir = opendir(path.value().c_str());
if (!dir) {
PLOG(ERROR) << "opendir(" << path.value() << ")";
return -1;
}
int total_cpu = 0;
while (struct dirent* ent = readdir(dir)) {
if (ent->d_name[0] == '.')
continue;
FilePath stat_path = path.AppendASCII(ent->d_name).AppendASCII("stat");
std::string stat;
if (file_util::ReadFileToString(stat_path, &stat)) {
int cpu = base::ParseProcStatCPU(stat);
if (cpu > 0)
total_cpu += cpu;
}
}
closedir(dir);
return total_cpu;
}
} // namespace
namespace base {
ProcessId GetParentProcessId(ProcessHandle process) {
// Synchronously reading files in /proc is safe.
base::ThreadRestrictions::ScopedAllowIO allow_io;
FilePath stat_file("/proc");
stat_file = stat_file.Append(base::IntToString(process));
stat_file = stat_file.Append("status");
std::string status;
if (!file_util::ReadFileToString(stat_file, &status))
return -1;
StringTokenizer tokenizer(status, ":\n");
ParsingState state = KEY_NAME;
std::string last_key_name;
while (tokenizer.GetNext()) {
switch (state) {
case KEY_NAME:
last_key_name = tokenizer.token();
state = KEY_VALUE;
break;
case KEY_VALUE:
DCHECK(!last_key_name.empty());
if (last_key_name == "PPid") {
int ppid;
base::StringToInt(tokenizer.token(), &ppid);
return ppid;
}
state = KEY_NAME;
break;
}
}
NOTREACHED();
return -1;
}
FilePath GetProcessExecutablePath(ProcessHandle process) {
FilePath stat_file("/proc");
stat_file = stat_file.Append(base::IntToString(process));
stat_file = stat_file.Append("exe");
FilePath exe_name;
if (!file_util::ReadSymbolicLink(stat_file, &exe_name)) {
// No such process. Happens frequently in e.g. TerminateAllChromeProcesses
return FilePath();
}
return exe_name;
}
ProcessIterator::ProcessIterator(const ProcessFilter* filter)
: filter_(filter) {
procfs_dir_ = opendir("/proc");
}
ProcessIterator::~ProcessIterator() {
if (procfs_dir_) {
closedir(procfs_dir_);
procfs_dir_ = NULL;
}
}
bool ProcessIterator::CheckForNextProcess() {
// TODO(port): skip processes owned by different UID
dirent* slot = 0;
const char* openparen;
const char* closeparen;
std::vector<std::string> cmd_line_args;
// Arbitrarily guess that there will never be more than 200 non-process
// files in /proc. Hardy has 53.
int skipped = 0;
const int kSkipLimit = 200;
while (skipped < kSkipLimit) {
slot = readdir(procfs_dir_);
// all done looking through /proc?
if (!slot)
return false;
// If not a process, keep looking for one.
bool notprocess = false;
int i;
for (i = 0; i < NAME_MAX && slot->d_name[i]; ++i) {
if (!isdigit(slot->d_name[i])) {
notprocess = true;
break;
}
}
if (i == NAME_MAX || notprocess) {
skipped++;
continue;
}
// Read the process's command line.
std::string pid_string(slot->d_name);
int pid;
if (StringToInt(pid_string, &pid) && !GetProcCmdline(pid, &cmd_line_args))
continue;
// Read the process's status.
char buf[NAME_MAX + 12];
sprintf(buf, "/proc/%s/stat", slot->d_name);
FILE *fp = fopen(buf, "r");
if (!fp)
continue;
const char* result = fgets(buf, sizeof(buf), fp);
fclose(fp);
if (!result)
continue;
// Parse the status. It is formatted like this:
// %d (%s) %c %d %d ...
// pid (name) runstate ppid gid
// To avoid being fooled by names containing a closing paren, scan
// backwards.
openparen = strchr(buf, '(');
closeparen = strrchr(buf, ')');
if (!openparen || !closeparen)
continue;
char runstate = closeparen[2];
// Is the process in 'Zombie' state, i.e. dead but waiting to be reaped?
// Allowed values: D R S T Z
if (runstate != 'Z')
break;
// Nope, it's a zombie; somebody isn't cleaning up after their children.
// (e.g. WaitForProcessesToExit doesn't clean up after dead children yet.)
// There could be a lot of zombies, can't really decrement i here.
}
if (skipped >= kSkipLimit) {
NOTREACHED();
return false;
}
// This seems fragile.
entry_.pid_ = atoi(slot->d_name);
entry_.ppid_ = atoi(closeparen + 3);
entry_.gid_ = atoi(strchr(closeparen + 4, ' '));
entry_.cmd_line_args_.assign(cmd_line_args.begin(), cmd_line_args.end());
// TODO(port): read pid's commandline's $0, like killall does. Using the
// short name between openparen and closeparen won't work for long names!
int len = closeparen - openparen - 1;
entry_.exe_file_.assign(openparen + 1, len);
return true;
}
bool NamedProcessIterator::IncludeEntry() {
if (executable_name_ != entry().exe_file())
return false;
return ProcessIterator::IncludeEntry();
}
// static
ProcessMetrics* ProcessMetrics::CreateProcessMetrics(ProcessHandle process) {
return new ProcessMetrics(process);
}
// On linux, we return vsize.
size_t ProcessMetrics::GetPagefileUsage() const {
std::vector<std::string> proc_stats;
if (!GetProcStats(process_, &proc_stats))
LOG(WARNING) << "Failed to get process stats.";
const size_t kVmSize = 22;
if (proc_stats.size() > kVmSize) {
int vm_size;
base::StringToInt(proc_stats[kVmSize], &vm_size);
return static_cast<size_t>(vm_size);
}
return 0;
}
// On linux, we return the high water mark of vsize.
size_t ProcessMetrics::GetPeakPagefileUsage() const {
std::vector<std::string> proc_stats;
if (!GetProcStats(process_, &proc_stats))
LOG(WARNING) << "Failed to get process stats.";
const size_t kVmPeak = 21;
if (proc_stats.size() > kVmPeak) {
int vm_peak;
if (base::StringToInt(proc_stats[kVmPeak], &vm_peak))
return vm_peak;
}
return 0;
}
// On linux, we return RSS.
size_t ProcessMetrics::GetWorkingSetSize() const {
std::vector<std::string> proc_stats;
if (!GetProcStats(process_, &proc_stats))
LOG(WARNING) << "Failed to get process stats.";
const size_t kVmRss = 23;
if (proc_stats.size() > kVmRss) {
int num_pages;
if (base::StringToInt(proc_stats[kVmRss], &num_pages))
return static_cast<size_t>(num_pages) * getpagesize();
}
return 0;
}
// On linux, we return the high water mark of RSS.
size_t ProcessMetrics::GetPeakWorkingSetSize() const {
std::vector<std::string> proc_stats;
if (!GetProcStats(process_, &proc_stats))
LOG(WARNING) << "Failed to get process stats.";
const size_t kVmHwm = 23;
if (proc_stats.size() > kVmHwm) {
int num_pages;
base::StringToInt(proc_stats[kVmHwm], &num_pages);
return static_cast<size_t>(num_pages) * getpagesize();
}
return 0;
}
bool ProcessMetrics::GetMemoryBytes(size_t* private_bytes,
size_t* shared_bytes) {
WorkingSetKBytes ws_usage;
if (!GetWorkingSetKBytes(&ws_usage))
return false;
if (private_bytes)
*private_bytes = ws_usage.priv << 10;
if (shared_bytes)
*shared_bytes = ws_usage.shared * 1024;
return true;
}
// Private and Shared working set sizes are obtained from /proc/<pid>/smaps.
// When that's not available, use the values from /proc<pid>/statm as a
// close approximation.
// See http://www.pixelbeat.org/scripts/ps_mem.py
bool ProcessMetrics::GetWorkingSetKBytes(WorkingSetKBytes* ws_usage) const {
// Synchronously reading files in /proc is safe.
base::ThreadRestrictions::ScopedAllowIO allow_io;
FilePath proc_dir = FilePath("/proc").Append(base::IntToString(process_));
std::string smaps;
int private_kb = 0;
int pss_kb = 0;
bool have_pss = false;
bool ret;
{
FilePath smaps_file = proc_dir.Append("smaps");
// Synchronously reading files in /proc is safe.
base::ThreadRestrictions::ScopedAllowIO allow_io;
ret = file_util::ReadFileToString(smaps_file, &smaps);
}
if (ret && smaps.length() > 0) {
const std::string private_prefix = "Private_";
const std::string pss_prefix = "Pss";
StringTokenizer tokenizer(smaps, ":\n");
StringPiece last_key_name;
ParsingState state = KEY_NAME;
while (tokenizer.GetNext()) {
switch (state) {
case KEY_NAME:
last_key_name = tokenizer.token_piece();
state = KEY_VALUE;
break;
case KEY_VALUE:
if (last_key_name.empty()) {
NOTREACHED();
return false;
}
if (last_key_name.starts_with(private_prefix)) {
int cur;
base::StringToInt(tokenizer.token(), &cur);
private_kb += cur;
} else if (last_key_name.starts_with(pss_prefix)) {
have_pss = true;
int cur;
base::StringToInt(tokenizer.token(), &cur);
pss_kb += cur;
}
state = KEY_NAME;
break;
}
}
} else {
// Try statm if smaps is empty because of the SUID sandbox.
// First we need to get the page size though.
int page_size_kb = sysconf(_SC_PAGE_SIZE) / 1024;
if (page_size_kb <= 0)
return false;
std::string statm;
{
FilePath statm_file = proc_dir.Append("statm");
// Synchronously reading files in /proc is safe.
base::ThreadRestrictions::ScopedAllowIO allow_io;
ret = file_util::ReadFileToString(statm_file, &statm);
}
if (!ret || statm.length() == 0)
return false;
std::vector<std::string> statm_vec;
base::SplitString(statm, ' ', &statm_vec);
if (statm_vec.size() != 7)
return false; // Not the format we expect.
int statm1, statm2;
base::StringToInt(statm_vec[1], &statm1);
base::StringToInt(statm_vec[2], &statm2);
private_kb = (statm1 - statm2) * page_size_kb;
}
ws_usage->priv = private_kb;
// Sharable is not calculated, as it does not provide interesting data.
ws_usage->shareable = 0;
ws_usage->shared = 0;
if (have_pss)
ws_usage->shared = pss_kb;
return true;
}
double ProcessMetrics::GetCPUUsage() {
// This queries the /proc-specific scaling factor which is
// conceptually the system hertz. To dump this value on another
// system, try
// od -t dL /proc/self/auxv
// and look for the number after 17 in the output; mine is
// 0000040 17 100 3 134512692
// which means the answer is 100.
// It may be the case that this value is always 100.
static const int kHertz = sysconf(_SC_CLK_TCK);
struct timeval now;
int retval = gettimeofday(&now, NULL);
if (retval)
return 0;
int64 time = TimeValToMicroseconds(now);
if (last_time_ == 0) {
// First call, just set the last values.
last_time_ = time;
last_cpu_ = GetProcessCPU(process_);
return 0;
}
int64 time_delta = time - last_time_;
DCHECK_NE(time_delta, 0);
if (time_delta == 0)
return 0;
int cpu = GetProcessCPU(process_);
// We have the number of jiffies in the time period. Convert to percentage.
// Note this means we will go *over* 100 in the case where multiple threads
// are together adding to more than one CPU's worth.
int percentage = 100 * (cpu - last_cpu_) /
(kHertz * TimeDelta::FromMicroseconds(time_delta).InSecondsF());
last_time_ = time;
last_cpu_ = cpu;
return percentage;
}
// To have /proc/self/io file you must enable CONFIG_TASK_IO_ACCOUNTING
// in your kernel configuration.
bool ProcessMetrics::GetIOCounters(IoCounters* io_counters) const {
// Synchronously reading files in /proc is safe.
base::ThreadRestrictions::ScopedAllowIO allow_io;
std::string proc_io_contents;
FilePath io_file("/proc");
io_file = io_file.Append(base::IntToString(process_));
io_file = io_file.Append("io");
if (!file_util::ReadFileToString(io_file, &proc_io_contents))
return false;
(*io_counters).OtherOperationCount = 0;
(*io_counters).OtherTransferCount = 0;
StringTokenizer tokenizer(proc_io_contents, ": \n");
ParsingState state = KEY_NAME;
std::string last_key_name;
while (tokenizer.GetNext()) {
switch (state) {
case KEY_NAME:
last_key_name = tokenizer.token();
state = KEY_VALUE;
break;
case KEY_VALUE:
DCHECK(!last_key_name.empty());
if (last_key_name == "syscr") {
base::StringToInt64(tokenizer.token(),
reinterpret_cast<int64*>(&(*io_counters).ReadOperationCount));
} else if (last_key_name == "syscw") {
base::StringToInt64(tokenizer.token(),
reinterpret_cast<int64*>(&(*io_counters).WriteOperationCount));
} else if (last_key_name == "rchar") {
base::StringToInt64(tokenizer.token(),
reinterpret_cast<int64*>(&(*io_counters).ReadTransferCount));
} else if (last_key_name == "wchar") {
base::StringToInt64(tokenizer.token(),
reinterpret_cast<int64*>(&(*io_counters).WriteTransferCount));
}
state = KEY_NAME;
break;
}
}
return true;
}
ProcessMetrics::ProcessMetrics(ProcessHandle process)
: process_(process),
last_time_(0),
last_system_time_(0),
last_cpu_(0) {
processor_count_ = base::SysInfo::NumberOfProcessors();
}
// Exposed for testing.
int ParseProcStatCPU(const std::string& input) {
// /proc/<pid>/stat contains the process name in parens. In case the
// process name itself contains parens, skip past them.
std::string::size_type rparen = input.rfind(')');
if (rparen == std::string::npos)
return -1;
// From here, we expect a bunch of space-separated fields, where the
// 0-indexed 11th and 12th are utime and stime. On two different machines
// I found 42 and 39 fields, so let's just expect the ones we need.
std::vector<std::string> fields;
base::SplitString(input.substr(rparen + 2), ' ', &fields);
if (fields.size() < 13)
return -1; // Output not in the format we expect.
int fields11, fields12;
base::StringToInt(fields[11], &fields11);
base::StringToInt(fields[12], &fields12);
return fields11 + fields12;
}
namespace {
// The format of /proc/meminfo is:
//
// MemTotal: 8235324 kB
// MemFree: 1628304 kB
// Buffers: 429596 kB
// Cached: 4728232 kB
// ...
const size_t kMemTotalIndex = 1;
const size_t kMemFreeIndex = 4;
const size_t kMemBuffersIndex = 7;
const size_t kMemCachedIndex = 10;
const size_t kMemActiveAnonIndex = 22;
const size_t kMemInactiveAnonIndex = 25;
} // namespace
bool GetSystemMemoryInfo(SystemMemoryInfoKB* meminfo) {
// Synchronously reading files in /proc is safe.
base::ThreadRestrictions::ScopedAllowIO allow_io;
// Used memory is: total - free - buffers - caches
FilePath meminfo_file("/proc/meminfo");
std::string meminfo_data;
if (!file_util::ReadFileToString(meminfo_file, &meminfo_data)) {
LOG(WARNING) << "Failed to open /proc/meminfo.";
return false;
}
std::vector<std::string> meminfo_fields;
SplitStringAlongWhitespace(meminfo_data, &meminfo_fields);
if (meminfo_fields.size() < kMemCachedIndex) {
LOG(WARNING) << "Failed to parse /proc/meminfo. Only found " <<
meminfo_fields.size() << " fields.";
return false;
}
DCHECK_EQ(meminfo_fields[kMemTotalIndex-1], "MemTotal:");
DCHECK_EQ(meminfo_fields[kMemFreeIndex-1], "MemFree:");
DCHECK_EQ(meminfo_fields[kMemBuffersIndex-1], "Buffers:");
DCHECK_EQ(meminfo_fields[kMemCachedIndex-1], "Cached:");
DCHECK_EQ(meminfo_fields[kMemActiveAnonIndex-1], "Active(anon):");
DCHECK_EQ(meminfo_fields[kMemInactiveAnonIndex-1], "Inactive(anon):");
base::StringToInt(meminfo_fields[kMemTotalIndex], &meminfo->total);
base::StringToInt(meminfo_fields[kMemFreeIndex], &meminfo->free);
base::StringToInt(meminfo_fields[kMemBuffersIndex], &meminfo->buffers);
base::StringToInt(meminfo_fields[kMemCachedIndex], &meminfo->cached);
base::StringToInt(meminfo_fields[kMemActiveAnonIndex], &meminfo->active_anon);
base::StringToInt(meminfo_fields[kMemInactiveAnonIndex],
&meminfo->inactive_anon);
#if defined(OS_CHROMEOS)
// Chrome OS has a tweaked kernel that allows us to query Shmem, which is
// usually video memory otherwise invisible to the OS. Unfortunately, the
// meminfo format varies on different hardware so we have to search for the
// string. It always appears after "Cached:".
for (size_t i = kMemCachedIndex+2; i < meminfo_fields.size(); i += 3) {
if (meminfo_fields[i] == "Shmem:") {
base::StringToInt(meminfo_fields[i+1], &meminfo->shmem);
break;
}
}
#endif
return true;
}
size_t GetSystemCommitCharge() {
SystemMemoryInfoKB meminfo;
if (!GetSystemMemoryInfo(&meminfo))
return 0;
return meminfo.total - meminfo.free - meminfo.buffers - meminfo.cached;
}
namespace {
void OnNoMemorySize(size_t size) {
if (size != 0)
LOG(FATAL) << "Out of memory, size = " << size;
LOG(FATAL) << "Out of memory.";
}
void OnNoMemory() {
OnNoMemorySize(0);
}
} // namespace
extern "C" {
#if !defined(USE_TCMALLOC) && !defined(ADDRESS_SANITIZER) && \
!defined(OS_ANDROID)
extern "C" {
void* __libc_malloc(size_t size);
void* __libc_realloc(void* ptr, size_t size);
void* __libc_calloc(size_t nmemb, size_t size);
void* __libc_valloc(size_t size);
void* __libc_pvalloc(size_t size);
void* __libc_memalign(size_t alignment, size_t size);
} // extern "C"
// Overriding the system memory allocation functions:
//
// For security reasons, we want malloc failures to be fatal. Too much code
// doesn't check for a NULL return value from malloc and unconditionally uses
// the resulting pointer. If the first offset that they try to access is
// attacker controlled, then the attacker can direct the code to access any
// part of memory.
//
// Thus, we define all the standard malloc functions here and mark them as
// visibility 'default'. This means that they replace the malloc functions for
// all Chromium code and also for all code in shared libraries. There are tests
// for this in process_util_unittest.cc.
//
// If we are using tcmalloc, then the problem is moot since tcmalloc handles
// this for us. Thus this code is in a !defined(USE_TCMALLOC) block.
//
// If we are testing the binary with AddressSanitizer, we should not
// redefine malloc and let AddressSanitizer do it instead.
//
// We call the real libc functions in this code by using __libc_malloc etc.
// Previously we tried using dlsym(RTLD_NEXT, ...) but that failed depending on
// the link order. Since ld.so needs calloc during symbol resolution, it
// defines its own versions of several of these functions in dl-minimal.c.
// Depending on the runtime library order, dlsym ended up giving us those
// functions and bad things happened. See crbug.com/31809
//
// This means that any code which calls __libc_* gets the raw libc versions of
// these functions.
#define DIE_ON_OOM_1(function_name) \
void* function_name(size_t) __attribute__ ((visibility("default"))); \
\
void* function_name(size_t size) { \
void* ret = __libc_##function_name(size); \
if (ret == NULL && size != 0) \
OnNoMemorySize(size); \
return ret; \
}
#define DIE_ON_OOM_2(function_name, arg1_type) \
void* function_name(arg1_type, size_t) \
__attribute__ ((visibility("default"))); \
\
void* function_name(arg1_type arg1, size_t size) { \
void* ret = __libc_##function_name(arg1, size); \
if (ret == NULL && size != 0) \
OnNoMemorySize(size); \
return ret; \
}
DIE_ON_OOM_1(malloc)
DIE_ON_OOM_1(valloc)
DIE_ON_OOM_1(pvalloc)
DIE_ON_OOM_2(calloc, size_t)
DIE_ON_OOM_2(realloc, void*)
DIE_ON_OOM_2(memalign, size_t)
// posix_memalign has a unique signature and doesn't have a __libc_ variant.
int posix_memalign(void** ptr, size_t alignment, size_t size)
__attribute__ ((visibility("default")));
int posix_memalign(void** ptr, size_t alignment, size_t size) {
// This will use the safe version of memalign, above.
*ptr = memalign(alignment, size);
return 0;
}
#endif // !defined(USE_TCMALLOC)
} // extern C
void EnableTerminationOnHeapCorruption() {
// On Linux, there nothing to do AFAIK.
}
void EnableTerminationOnOutOfMemory() {
#if defined(OS_ANDROID)
// Android doesn't support setting a new handler.
DLOG(WARNING) << "Not feasible.";
#else
// Set the new-out of memory handler.
std::set_new_handler(&OnNoMemory);
// If we're using glibc's allocator, the above functions will override
// malloc and friends and make them die on out of memory.
#endif
}
// NOTE: This is not the only version of this function in the source:
// the setuid sandbox (in process_util_linux.c, in the sandbox source)
// also has it's own C version.
bool AdjustOOMScore(ProcessId process, int score) {
if (score < 0 || score > kMaxOomScore)
return false;
FilePath oom_path("/proc");
oom_path = oom_path.Append(base::Int64ToString(process));
// Attempt to write the newer oom_score_adj file first.
FilePath oom_file = oom_path.AppendASCII("oom_score_adj");
if (file_util::PathExists(oom_file)) {
std::string score_str = base::IntToString(score);
VLOG(1) << "Adjusting oom_score_adj of " << process << " to " << score_str;
int score_len = static_cast<int>(score_str.length());
return (score_len == file_util::WriteFile(oom_file,
score_str.c_str(),
score_len));
}
// If the oom_score_adj file doesn't exist, then we write the old
// style file and translate the oom_adj score to the range 0-15.
oom_file = oom_path.AppendASCII("oom_adj");
if (file_util::PathExists(oom_file)) {
std::string score_str = base::IntToString(
score * kMaxOldOomScore / kMaxOomScore);
VLOG(1) << "Adjusting oom_adj of " << process << " to " << score_str;
int score_len = static_cast<int>(score_str.length());
return (score_len == file_util::WriteFile(oom_file,
score_str.c_str(),
score_len));
}
return false;
}
} // namespace base
|