diff options
| author | brettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-28 06:00:57 +0000 |
|---|---|---|
| committer | brettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-28 06:00:57 +0000 |
| commit | f5f22386b9413ce39b7e3cc7e718f652969f01e2 (patch) | |
| tree | e6c22a764514c091e0b8cd89e86633e39150cd40 /base/debug/trace_event_impl.cc | |
| parent | 99c1289d8b178ffd9f0599306ce2b7a2b6e51907 (diff) | |
| download | chromium_src-f5f22386b9413ce39b7e3cc7e718f652969f01e2.zip chromium_src-f5f22386b9413ce39b7e3cc7e718f652969f01e2.tar.gz chromium_src-f5f22386b9413ce39b7e3cc7e718f652969f01e2.tar.bz2 | |
Revert 242659 "Do PPB_FileIO Write on the plugin side."
This seems to have introduced a static initializer on Mac:
http://build.chromium.org/p/chromium/builders/Mac/builds/24153/steps/sizes/logs/stdio
It identifies one in:
../../components/nacl/loader/nacl_ipc_adapter.cc
/Volumes/data/b/build/slave/Mac/build/src/out/Release/libnacl.a(nacl.nacl_ipc_adapter.o)
> Do PPB_FileIO Write on the plugin side.
>
> This eliminates IPC for FileIO.Write, instead using the plugin's file descriptor.
> Performs the file op on the plugin's thread if blocking, otherwise on the file
> thread.
>
> FileIOResources know their maximum written offset after they are opened.
> They can thus calculate whether a Write or SetLength operation will extend
> this max offset. If so, they call FileSystemResource::RequestQuota. This can
> return synchronously or asynchronously, and either returns the requested
> amount or 0 in case it can't be satisfied.
>
> FileSystemResource will request a quota reservation from the host, queuing
> up unsatisfied requests. The quota reservation will be at least 1MB with this
> CL. The main point of a quota reservation is to reduce the number of times
> we query the quota system.
>
> Both the FileSystemResource and the host maintain a collection of open files
> that are subject to quota. These are kept in sync. Maps that take PP_Resource
> to resource or host are used to ensure good performance and make it easier
> to keep the resource and host collections synced.
>
> SetLength uses the plugin side machinery to request quota. When its request
> is granted, it calls over to the host side as before. This is because of OS X
> sandbox restrictions.
>
> For trusted plugins, I assume that this plugin / host checking is sufficient. In
> particular, SetLength is performed in the browser process without checking
> the length against quota restrictions. We're essentially assuming trusted
> plugins don't cheat.
>
> For untrusted plugins, this approach isn't sufficient. NaClMessageScanner
> audits the FIleSystem and FileIO message traffic to maintain a parallel
> accounting of quota reservation and current file sizes. In addition, we wrap
> the native file handle in a NaClDescQuota for files that need quota checking.
> This NaClDescQuota uses NaClMessageScanner information to determine
> whether or not to allow a Write. We must check at the descriptor level since
> the untrusted plugin may bypass our proxy code and use the file handle
> directly to Write. We must also fail any attempt to call ftruncate directly.
>
> BUG=194304
>
> Review URL: https://codereview.chromium.org/100703004
TBR=bbudge@chromium.org
Review URL: https://codereview.chromium.org/122013002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@242670 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base/debug/trace_event_impl.cc')
0 files changed, 0 insertions, 0 deletions