coroutine: allocate coroutine frame in a critical section

avikivity · avikivity · commit 21770c29976a · 2025-11-19T18:50:51.000+02:00
Like continuations, coroutines are glue that cannot be allowed
to fail. For example, if cleanup coroutine fails to allocate
and returns an exception future, cleanup will not be done and
the system will enter an undefined state. Better to crash.

This conflicts with test code that tries to inject memory failures
and see how they are handled (file_io_test.cc handle_bad_alloc_test).
The coroutine will throw std::bad_alloc (since we don't define
get_return_object_on_allocation_failure()), and since it's declared
noexcept, will call std::terminate.

To avoid all this, follow future::schedule() and prevent memory
allocation failure injection from interfering with coroutine
frame allocation. In this regard a coroutine frame is just like
a continuation.

This is done by injecting class-specific operator new and operator
delete. Sized deallocation is also defined if supported by the compiler.
diff --git a/include/seastar/core/coroutine.hh b/include/seastar/core/coroutine.hh
@@ -24,13 +24,15 @@
 
 #include <seastar/core/future.hh>
 #include <seastar/core/make_task.hh>
+#include <seastar/core/sized-free.hh>
 #include <seastar/coroutine/exception.hh>
 #include <seastar/util/modules.hh>
 #include <seastar/util/std-compat.hh>
 
 
 #ifndef SEASTAR_MODULE
 #include <coroutine>
+#include <new>
 #endif
 
 namespace seastar {
@@ -51,10 +53,26 @@ execute_involving_handle_destruction_in_await_suspend(std::invocable<> auto&& fu
 }
 
 
+class coroutine_allocators {
+public:
+    static void* operator new(size_t size) {
+        memory::scoped_critical_alloc_section _;
+        return ::malloc(size);
+    }
+    static void operator delete(void* ptr) noexcept {
+        ::free(ptr);
+    }
+#ifdef __cpp_sized_deallocation
+    static void operator delete(void* ptr, std::size_t sz) noexcept {
+        memory::free(ptr, sz);
+    }
+#endif
+};
+
 template <typename T = void>
 class coroutine_traits_base {
 public:
-    class promise_type final : public seastar::task {
+    class promise_type final : public seastar::task, public coroutine_allocators {
         seastar::promise<T> _promise;
     public:
         promise_type() = default;
@@ -106,7 +124,7 @@ public:
 template <>
 class coroutine_traits_base<> {
 public:
-   class promise_type final : public seastar::task {
+   class promise_type final : public seastar::task, public coroutine_allocators {
         seastar::promise<> _promise;
     public:
         promise_type() = default;
