From 655b51ef618b89779a1f6e9a3f97e9b093cbb903 Mon Sep 17 00:00:00 2001 From: Paul Bone Date: Thu, 20 Jul 2023 06:21:45 +0000 Subject: [PATCH] Bug 1841538 - Unlock the PHC mutex before crashing r=glandium Differential Revision: https://phabricator.services.mozilla.com/D183241 --- memory/replace/phc/PHC.cpp | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/memory/replace/phc/PHC.cpp b/memory/replace/phc/PHC.cpp index a9cece089a67..28957351542f 100644 --- a/memory/replace/phc/PHC.cpp +++ b/memory/replace/phc/PHC.cpp @@ -937,6 +937,16 @@ Mutex GMut::sMutex; static GMut* gMut; +// When PHC wants to crash we first have to unlock so that the crash reporter +// can call into PHC to lockup its pointer. That also means that before calling +// PHCCrash please ensure that state is consistent. Because this can report an +// arbitrary string, use of it must be reviewed by Firefox data stewards. +static void PHCCrash(GMutLock, const char* aMessage) + MOZ_REQUIRES(GMut::sMutex) { + GMut::sMutex.Unlock(); + MOZ_CRASH_UNSAFE(aMessage); +} + // On MacOS, the first __thread/thread_local access calls malloc, which leads // to an infinite loop. So we use pthread-based TLS instead, which somehow // doesn't have this problem. @@ -1206,17 +1216,18 @@ static void* MaybePageAlloc(const Maybe& aArenaId, size_t aReqSize, static void FreePage(GMutLock aLock, uintptr_t aIndex, const Maybe& aArenaId, - const StackTrace& aFreeStack, Delay aReuseDelay) { + const StackTrace& aFreeStack, Delay aReuseDelay) + MOZ_REQUIRES(GMut::sMutex) { void* pagePtr = gConst->AllocPagePtr(aIndex); #ifdef XP_WIN if (!VirtualFree(pagePtr, kPageSize, MEM_DECOMMIT)) { - MOZ_CRASH("VirtualFree failed"); + PHCCrash(aLock, "VirtualFree failed"); } #else if (mmap(pagePtr, kPageSize, PROT_NONE, MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, 0) == MAP_FAILED) { - MOZ_CRASH("mmap failed"); + PHCCrash(aLock, "mmap failed"); } #endif