Moved creation of GPU transfer buffers into the browser process.

Transfer buffer creation was previously done in the GPU process. This is one step required to sandbox the GPU process.

Rather than the GPU process opening a renderer process's handle by PID, which can't been done when sandboxed on Windows, the browser process passes the handle to the GPU process via the renderer process.

TEST=try
BUG=none

Review URL: http://codereview.chromium.org/6557006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75980 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 67 insertions, 12 deletions

diff --git a/content/browser/gpu_process_host.cc b/content/browser/gpu_process_host.cc
index 4ef366a..6a4ee2d 100644
--- a/content/browser/gpu_process_host.cc
+++ b/content/browser/gpu_process_host.cc
@@ -2,6 +2,10 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#if defined(OS_WIN)
+#include <windows.h>
+#endif
+
 #include "content/browser/gpu_process_host.h"
 
 #include "app/app_switches.h"
@@ -173,6 +177,31 @@ bool GpuProcessHost::CanShutdown() {
   return true;
 }
 
+void GpuProcessHost::OnProcessLaunched() {
+  // Send the GPU process handle to the UI thread before it has to
+  // respond to any requests to establish a GPU channel. The response
+  // to such requests require that the GPU process handle be known.
+  base::ProcessHandle child_handle;
+#if defined(OS_WIN)
+  DuplicateHandle(base::GetCurrentProcessHandle(),
+                  handle(),
+                  base::GetCurrentProcessHandle(),
+                  &child_handle,
+                  PROCESS_DUP_HANDLE,
+                  FALSE,
+                  0);
+#else
+  child_handle = handle();
+#endif
+
+  BrowserThread::PostTask(
+      BrowserThread::UI,
+      FROM_HERE,
+      NewRunnableFunction(&GpuProcessHostUIShim::NotifyGpuProcessLaunched,
+                          host_id_,
+                          child_handle));
+}
+
 namespace {
 
 void SendOutstandingRepliesDispatcher(int host_id) {
@@ -233,6 +262,9 @@ bool GpuProcessHost::LaunchGpuProcess() {
     if (!thread->StartWithOptions(options))
       return false;
 
+    set_handle(base::GetCurrentProcessHandle());
+    OnProcessLaunched();
+
     return true;
   }
 
diff --git a/content/browser/gpu_process_host.h b/content/browser/gpu_process_host.h
index 9881bee..69f5916 100644
--- a/content/browser/gpu_process_host.h
+++ b/content/browser/gpu_process_host.h
@@ -39,6 +39,7 @@ class GpuProcessHost : public BrowserChildProcessHost,
   void RouteOnUIThread(const IPC::Message& message);
 
   virtual bool CanShutdown();
+  virtual void OnProcessLaunched();
   virtual void OnChildDied();
   virtual void OnProcessCrashed(int exit_code);
 
diff --git a/content/browser/renderer_host/gpu_message_filter.cc b/content/browser/renderer_host/gpu_message_filter.cc
index cbece30..c104f1d 100644
--- a/content/browser/renderer_host/gpu_message_filter.cc
+++ b/content/browser/renderer_host/gpu_message_filter.cc
@@ -2,6 +2,10 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#if defined(OS_WIN)
+#include <windows.h>
+#endif
+
 #include "chrome/browser/renderer_host/gpu_message_filter.h"
 
 #include "base/callback.h"
@@ -53,7 +57,8 @@ void GpuMessageFilter::OnDestruct() const {
 namespace {
 
 class EstablishChannelCallback
-    : public CallbackRunner<Tuple2<const IPC::ChannelHandle&,
+    : public CallbackRunner<Tuple3<const IPC::ChannelHandle&,
+                                   base::ProcessHandle,
                                    const GPUInfo&> > {
  public:
   explicit EstablishChannelCallback(GpuMessageFilter* filter):
@@ -66,17 +71,38 @@ class EstablishChannelCallback
   }
 
   void Send(const IPC::ChannelHandle& channel,
+            base::ProcessHandle gou_process_for_browser,
             const GPUInfo& gpu_info) {
+    if (!filter_)
+      return;
+
+    base::ProcessHandle renderer_process_for_gpu;
+#if defined(OS_WIN)
+    // Create a process handle that the renderer process can give to the GPU
+    // process to give it access to its handles.
+    DuplicateHandle(base::GetCurrentProcessHandle(),
+                    filter_->peer_handle(),
+                    gou_process_for_browser,
+                    &renderer_process_for_gpu,
+                    PROCESS_DUP_HANDLE,
+                    FALSE,
+                    0);
+#else
+    renderer_process_for_gpu = filter_->peer_handle();
+#endif
+
     DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
     ViewMsg_GpuChannelEstablished* reply =
-        new ViewMsg_GpuChannelEstablished(channel, gpu_info);
+        new ViewMsg_GpuChannelEstablished(channel,
+                                          renderer_process_for_gpu,
+                                          gpu_info);
+
     // If the renderer process is performing synchronous initialization,
     // it needs to handle this message before receiving the reply for
     // the synchronous GpuHostMsg_SynchronizeGpu message.
     reply->set_unblock(true);
 
-    if (filter_)
-      filter_->Send(reply);
+    filter_->Send(reply);
   }
 
  private:
@@ -148,7 +174,9 @@ void GpuMessageFilter::OnEstablishGpuChannel() {
   if (!ui_shim) {
     ui_shim = GpuProcessHostUIShim::GetForRenderer(render_process_id_);
     if (!ui_shim) {
-      callback->Run(IPC::ChannelHandle(), GPUInfo());
+      callback->Run(IPC::ChannelHandle(),
+                    static_cast<base::ProcessHandle>(NULL),
+                    GPUInfo());
       return;
     }
 
diff --git a/content/browser/renderer_host/render_message_filter.cc b/content/browser/renderer_host/render_message_filter.cc
index 4308e7a..6fefd70 100644
--- a/content/browser/renderer_host/render_message_filter.cc
+++ b/content/browser/renderer_host/render_message_filter.cc
@@ -446,10 +446,8 @@ bool RenderMessageFilter::OnMessageReceived(const IPC::Message& message,
 #if defined(OS_WIN)
     IPC_MESSAGE_HANDLER(ViewHostMsg_DuplicateSection, OnDuplicateSection)
 #endif
-#if defined(OS_POSIX)
     IPC_MESSAGE_HANDLER(ViewHostMsg_AllocateSharedMemoryBuffer,
                         OnAllocateSharedMemoryBuffer)
-#endif
 #if defined(OS_CHROMEOS)
     IPC_MESSAGE_HANDLER_DELAY_REPLY(ViewHostMsg_AllocateTempFileForPrinting,
                                     OnAllocateTempFileForPrinting)
@@ -1000,7 +998,6 @@ void RenderMessageFilter::OnDuplicateSection(
 }
 #endif
 
-#if defined(OS_POSIX)
 void RenderMessageFilter::OnAllocateSharedMemoryBuffer(
     uint32 buffer_size,
     base::SharedMemoryHandle* handle) {
@@ -1010,9 +1007,8 @@ void RenderMessageFilter::OnAllocateSharedMemoryBuffer(
     NOTREACHED() << "Cannot map shared memory buffer";
     return;
   }
-  shared_buf.GiveToProcess(base::GetCurrentProcessHandle(), handle);
+  shared_buf.GiveToProcess(peer_handle(), handle);
 }
-#endif
 
 void RenderMessageFilter::OnResourceTypeStats(
     const WebCache::ResourceTypeStats& stats) {
diff --git a/content/browser/renderer_host/render_message_filter.h b/content/browser/renderer_host/render_message_filter.h
index b44a56c..4f16c62 100644
--- a/content/browser/renderer_host/render_message_filter.h
+++ b/content/browser/renderer_host/render_message_filter.h
@@ -229,13 +229,11 @@ class RenderMessageFilter : public BrowserMessageFilter,
   void OnTempFileForPrintingWritten(int sequence_number);
 #endif
 
-#if defined(OS_POSIX)
   // Used to ask the browser to allocate a block of shared memory for the
   // renderer to send back data in, since shared memory can't be created
   // in the renderer on POSIX due to the sandbox.
   void OnAllocateSharedMemoryBuffer(uint32 buffer_size,
                                     base::SharedMemoryHandle* handle);
-#endif
 
   void OnResourceTypeStats(const WebKit::WebCache::ResourceTypeStats& stats);
   static void OnResourceTypeStatsOnUIThread(