Update Mac memory code references

The Mac malloc interceptor relies on internals of macOS. Update those internals and links to the 10.15 versions. There is no actual difference in the code that is relied on, but the code references were to 10.7 and 10.9. Bug: none Change-Id: I335007a338c4d3ce4e8297c325ac765a384510f0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2376886 Commit-Queue: Avi Drissman <avi@chromium.org> Commit-Queue: Mark Mentovai <mark@chromium.org> Auto-Submit: Avi Drissman <avi@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org> Cr-Commit-Position: refs/heads/master@{#801644}

Update Mac memory code references
The Mac malloc interceptor relies on internals of macOS. Update those internals and links to the 10.15 versions. There is no actual difference in the code that is relied on, but the code references were to 10.7 and 10.9. Bug: none Change-Id: I335007a338c4d3ce4e8297c325ac765a384510f0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2376886 Commit-Queue: Avi Drissman <avi@chromium.org> Commit-Queue: Mark Mentovai <mark@chromium.org> Auto-Submit: Avi Drissman <avi@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org> Cr-Commit-Position: refs/heads/master@{#801644}
994f22b5 · Avi Drissman · Commit Bot · 04b0592a · 994f22b5 · 994f22b5
Commit 994f22b5 authored Aug 26, 2020 by Avi Drissman Committed by Commit Bot Aug 26, 2020
4 changed files
--- a/base/allocator/allocator_interception_mac.mm
+++ b/base/allocator/allocator_interception_mac.mm
@@ -77,13 +77,14 @@ void DeprotectMallocZone(ChromeMallocZone* default_zone,
  MACH_CHECK(result == KERN_SUCCESS, result) << "vm_region_64";
  // The kernel always returns a null object for VM_REGION_BASIC_INFO_64, but
-  // balance it with a deallocate in case this ever changes. See 10.9.2
+  // balance it with a deallocate in case this ever changes. See
-  // xnu-2422.90.20/osfmk/vm/vm_map.c vm_map_region.
+  // the VM_REGION_BASIC_INFO_64 case in vm_map_region() in 10.15's
+  // https://opensource.apple.com/source/xnu/xnu-6153.11.26/osfmk/vm/vm_map.c .
  mach_port_deallocate(mach_task_self(), unused);
  // Does the region fully enclose the zone pointers? Possibly unwarranted
-  // simplification used: using the size of a full version 8 malloc zone rather
+  // simplification used: using the size of a full version 10 malloc zone rather
-  // than the actual smaller size if the passed-in zone is not version 8.
+  // than the actual smaller size if the passed-in zone is not version 10.
  CHECK(*reprotection_start <= reinterpret_cast<vm_address_t>(default_zone));
  vm_size_t zone_offset = reinterpret_cast<vm_address_t>(default_zone) -
                          reinterpret_cast<vm_address_t>(*reprotection_start);
@@ -147,8 +148,8 @@ void* oom_killer_memalign(struct _malloc_zone_t* zone,
                          size_t size) {
  void* result = g_old_zone.memalign(zone, alignment, size);
  // Only die if posix_memalign would have returned ENOMEM, since there are
-  // other reasons why NULL might be returned (see
+  // other reasons why null might be returned. See posix_memalign() in 10.15's
-  // http://opensource.apple.com/source/Libc/Libc-583/gen/malloc.c ).
+  // https://opensource.apple.com/source/libmalloc/libmalloc-283/src/malloc.c .
  if (!result && size && alignment >= sizeof(void*) &&
      base::bits::IsPowerOfTwo(alignment)) {
    TerminateBecauseOutOfMemory(size);
@@ -197,8 +198,8 @@ void* oom_killer_memalign_purgeable(struct _malloc_zone_t* zone,
                                    size_t size) {
  void* result = g_old_purgeable_zone.memalign(zone, alignment, size);
  // Only die if posix_memalign would have returned ENOMEM, since there are
-  // other reasons why NULL might be returned (see
+  // other reasons why null might be returned. See posix_memalign() in 10.15's
-  // http://opensource.apple.com/source/Libc/Libc-583/gen/malloc.c ).
+  // https://opensource.apple.com/source/libmalloc/libmalloc-283/src/malloc.c .
  if (!result && size && alignment >= sizeof(void*) &&
      base::bits::IsPowerOfTwo(alignment)) {
    TerminateBecauseOutOfMemory(size);
@@ -363,11 +364,11 @@ void InterceptAllocationsMac() {
 // === C malloc/calloc/valloc/realloc/posix_memalign ===
 // This approach is not perfect, as requests for amounts of memory larger than
-// MALLOC_ABSOLUTE_MAX_SIZE (currently SIZE_T_MAX - (2 * PAGE_SIZE)) will
+// MALLOC_ABSOLUTE_MAX_SIZE (currently SIZE_T_MAX - (2 * PAGE_SIZE)) will still
-// still fail with a NULL rather than dying (see
+// fail with a NULL rather than dying (see malloc_zone_malloc() in
-// http://opensource.apple.com/source/Libc/Libc-583/gen/malloc.c for details).
+// https://opensource.apple.com/source/libmalloc/libmalloc-283/src/malloc.c for
-// Unfortunately, it's the best we can do. Also note that this does not affect
+// details). Unfortunately, it's the best we can do. Also note that this does
-// allocations from non-default zones.
+// not affect allocations from non-default zones.
 #if !defined(ADDRESS_SANITIZER)
  // Don't do anything special on OOM for the malloc zones replaced by

--- a/base/allocator/malloc_zone_functions_mac.cc
+++ b/base/allocator/malloc_zone_functions_mac.cc
@@ -40,6 +40,10 @@ void StoreZoneFunctions(const ChromeMallocZone* zone,
    functions->free_definite_size = zone->free_definite_size;
  }
+  // Note that zone version 8 introduced a pressure relief callback, and version
+  // 10 introduced a claimed address callback, but neither are allocation or
+  // deallocation callbacks and so aren't important to intercept.
  functions->context = zone;
 }

--- a/third_party/apple_apsl/README.chromium
+++ b/third_party/apple_apsl/README.chromium
@@ -7,11 +7,12 @@ License: Apple Public Source License 2.0
 Four files are excerpted here:
 malloc.h from:
-http://www.opensource.apple.com/source/Libc/Libc-763.11/include/malloc/malloc.h
+https://opensource.apple.com/source/libmalloc/libmalloc-283/include/malloc/malloc.h
 Modifications:
 - Modified #ifdef guards.
 - Removed everything but the definition of malloc_zone_t.
+- Added a header for the definition of boolean_t.
 - Renamed _malloc_zone_t to ChromeMallocZone to avoid possible name conflicts.
 CFRuntime.h from:

--- a/third_party/apple_apsl/malloc.h
+++ b/third_party/apple_apsl/malloc.h
@@ -24,6 +24,8 @@
 #ifndef THIRD_PARTY_APPLE_APSL_MALLOC_H_
 #define THIRD_PARTY_APPLE_APSL_MALLOC_H_
+#include <mach/boolean.h>
 typedef struct _ChromeMallocZone {
    /* Only zone implementors should depend on the layout of this structure;
    Regular callers should use the access functions below */
@@ -53,6 +55,13 @@ typedef struct _ChromeMallocZone {
    /* Empty out caches in the face of memory pressure. The callback may be NULL. Present in version >= 8. */
    size_t 	(*pressure_relief)(struct _malloc_zone_t *zone, size_t goal);
+    /*
+     * Checks whether an address might belong to the zone. May be NULL. Present in version >= 10.
+     * False positives are allowed (e.g. the pointer was freed, or it's in zone space that has
+     * not yet been allocated. False negatives are not allowed.
+     */
+    boolean_t (*claimed_address)(struct _malloc_zone_t *zone, void *ptr);
 } ChromeMallocZone;
 #endif  // THIRD_PARTY_APPLE_APSL_MALLOC_H_