summaryrefslogtreecommitdiffstats
path: root/ipc
diff options
context:
space:
mode:
authorbrettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-02-29 22:48:14 +0000
committerbrettw@chromium.org <brettw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-02-29 22:48:14 +0000
commit334f302db0310f47d20eb532cb0bae401a0eddbe (patch)
treecddf90f708b554875d8c10a0aedae5ea38ae63b8 /ipc
parentfcaf2b39689647c954c743f90a073f36b133a639 (diff)
downloadchromium_src-334f302db0310f47d20eb532cb0bae401a0eddbe.zip
chromium_src-334f302db0310f47d20eb532cb0bae401a0eddbe.tar.gz
chromium_src-334f302db0310f47d20eb532cb0bae401a0eddbe.tar.bz2
This changes around our handling of file descriptors to reduce code duplication and increase clarity. I tried to minimize actual changes and just move code. There are a few exceptions:
The input file descriptor buffer is now a deque rather than a complicated fixed size buffer with extra overflow. This greatly simplifies some code. In practice, I don't think this will change the number of allocations we do in a practical way. I changed a few logging statements that seemed relevant to IPC developers only into the "D" variants. The msghdr struct used to be declared once at the top of ProcessOutgoingMessages and re-used for all calls to recvmsg. Now that the different callers are split out into sub functions, there is more initialization of the msghdr structs used in this call. I don't think this will be significant. Review URL: http://codereview.chromium.org/9533002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@124272 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ipc')
-rw-r--r--ipc/ipc_channel_posix.cc485
-rw-r--r--ipc/ipc_channel_posix.h73
2 files changed, 285 insertions, 273 deletions
diff --git a/ipc/ipc_channel_posix.cc b/ipc/ipc_channel_posix.cc
index 069869f..5730153 100644
--- a/ipc/ipc_channel_posix.cc
+++ b/ipc/ipc_channel_posix.cc
@@ -479,280 +479,47 @@ bool Channel::ChannelImpl::Connect() {
}
bool Channel::ChannelImpl::ProcessIncomingMessages() {
- ssize_t bytes_read = 0;
-
- struct msghdr msg = {0};
- struct iovec iov = {input_buf_, Channel::kReadBufferSize};
-
- msg.msg_iovlen = 1;
- msg.msg_control = input_cmsg_buf_;
-
for (;;) {
- msg.msg_iov = &iov;
-
- if (bytes_read == 0) {
- if (pipe_ == -1)
- return false;
-
- // Read from pipe.
- // recvmsg() returns 0 if the connection has closed or EAGAIN if no data
- // is waiting on the pipe.
-#if defined(IPC_USES_READWRITE)
- if (fd_pipe_ >= 0) {
- bytes_read = HANDLE_EINTR(read(pipe_, input_buf_,
- Channel::kReadBufferSize));
- msg.msg_controllen = 0;
- } else
-#endif // IPC_USES_READWRITE
- {
- msg.msg_controllen = sizeof(input_cmsg_buf_);
- bytes_read = HANDLE_EINTR(recvmsg(pipe_, &msg, MSG_DONTWAIT));
- }
- if (bytes_read < 0) {
- if (errno == EAGAIN) {
- return true;
-#if defined(OS_MACOSX)
- } else if (errno == EPERM) {
- // On OSX, reading from a pipe with no listener returns EPERM
- // treat this as a special case to prevent spurious error messages
- // to the console.
- return false;
-#endif // OS_MACOSX
- } else if (errno == ECONNRESET || errno == EPIPE) {
- return false;
- } else {
- PLOG(ERROR) << "pipe error (" << pipe_ << ")";
- return false;
- }
- } else if (bytes_read == 0) {
- // The pipe has closed...
- return false;
- }
- }
- DCHECK(bytes_read);
-
- CloseClientFileDescriptor();
-
- // a pointer to an array of |num_wire_fds| file descriptors from the read
- const int* wire_fds = NULL;
- unsigned num_wire_fds = 0;
-
- // walk the list of control messages and, if we find an array of file
- // descriptors, save a pointer to the array
-
- // This next if statement is to work around an OSX issue where
- // CMSG_FIRSTHDR will return non-NULL in the case that controllen == 0.
- // Here's a test case:
- //
- // int main() {
- // struct msghdr msg;
- // msg.msg_control = &msg;
- // msg.msg_controllen = 0;
- // if (CMSG_FIRSTHDR(&msg))
- // printf("Bug found!\n");
- // }
- if (msg.msg_controllen > 0) {
- // On OSX, CMSG_FIRSTHDR doesn't handle the case where controllen is 0
- // and will return a pointer into nowhere.
- for (struct cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); cmsg;
- cmsg = CMSG_NXTHDR(&msg, cmsg)) {
- if (cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_RIGHTS) {
- const unsigned payload_len = cmsg->cmsg_len - CMSG_LEN(0);
- DCHECK_EQ(0U, payload_len % sizeof(int));
- wire_fds = reinterpret_cast<int*>(CMSG_DATA(cmsg));
- num_wire_fds = payload_len / 4;
-
- if (msg.msg_flags & MSG_CTRUNC) {
- LOG(ERROR) << "SCM_RIGHTS message was truncated"
- << " cmsg_len:" << cmsg->cmsg_len
- << " fd:" << pipe_;
- for (unsigned i = 0; i < num_wire_fds; ++i)
- if (HANDLE_EINTR(close(wire_fds[i])) < 0)
- PLOG(ERROR) << "close " << i;
- return false;
- }
- break;
- }
- }
- }
-
- // Process messages from input buffer.
- const char *p;
- const char *end;
- if (input_overflow_buf_.empty()) {
- p = input_buf_;
- end = p + bytes_read;
- } else {
- if (input_overflow_buf_.size() > (kMaximumMessageSize - bytes_read)) {
- input_overflow_buf_.clear();
- LOG(ERROR) << "IPC message is too big";
- return false;
- }
- input_overflow_buf_.append(input_buf_, bytes_read);
- p = input_overflow_buf_.data();
- end = p + input_overflow_buf_.size();
- }
-
- // A pointer to an array of |num_fds| file descriptors which includes any
- // fds that have spilled over from a previous read.
- const int* fds = NULL;
- unsigned num_fds = 0;
- unsigned fds_i = 0; // the index of the first unused descriptor
+ if (pipe_ == -1)
+ return false;
- if (input_overflow_fds_.empty()) {
- fds = wire_fds;
- num_fds = num_wire_fds;
- } else {
- if (num_wire_fds > 0) {
- const size_t prev_size = input_overflow_fds_.size();
- input_overflow_fds_.resize(prev_size + num_wire_fds);
- memcpy(&input_overflow_fds_[prev_size], wire_fds,
- num_wire_fds * sizeof(int));
- }
- fds = &input_overflow_fds_[0];
- num_fds = input_overflow_fds_.size();
- }
+ const char* p = NULL;
+ const char* end = NULL;
+ if (!ReadDataFromPipe(&p, &end))
+ return false; // Pipe error.
+ if (!p)
+ return true; // No data waiting.
+ // Dispatch all complete messages in the data buffer.
while (p < end) {
const char* message_tail = Message::FindNext(p, end);
if (message_tail) {
int len = static_cast<int>(message_tail - p);
Message m(p, len);
- const uint16 header_fds = m.header()->num_fds;
- if (header_fds) {
- // the message has file descriptors
- const char* error = NULL;
- if (header_fds > num_fds - fds_i) {
- // the message has been completely received, but we didn't get
- // enough file descriptors.
-#if defined(IPC_USES_READWRITE)
- char dummy;
- struct iovec fd_pipe_iov = { &dummy, 1 };
- msg.msg_iov = &fd_pipe_iov;
- msg.msg_controllen = sizeof(input_cmsg_buf_);
- ssize_t n = HANDLE_EINTR(recvmsg(fd_pipe_, &msg, MSG_DONTWAIT));
- if (n == 1 && msg.msg_controllen > 0) {
- for (struct cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); cmsg;
- cmsg = CMSG_NXTHDR(&msg, cmsg)) {
- if (cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_RIGHTS) {
- const unsigned payload_len = cmsg->cmsg_len - CMSG_LEN(0);
- DCHECK_EQ(0U, payload_len % sizeof(int));
- wire_fds = reinterpret_cast<int*>(CMSG_DATA(cmsg));
- num_wire_fds = payload_len / 4;
-
- if (msg.msg_flags & MSG_CTRUNC) {
- LOG(ERROR) << "SCM_RIGHTS message was truncated"
- << " cmsg_len:" << cmsg->cmsg_len
- << " fd:" << pipe_;
- for (unsigned i = 0; i < num_wire_fds; ++i)
- if (HANDLE_EINTR(close(wire_fds[i])) < 0)
- PLOG(ERROR) << "close " << i;
- return false;
- }
- break;
- }
- }
- if (input_overflow_fds_.empty()) {
- fds = wire_fds;
- num_fds = num_wire_fds;
- } else {
- if (num_wire_fds > 0) {
- const size_t prev_size = input_overflow_fds_.size();
- input_overflow_fds_.resize(prev_size + num_wire_fds);
- memcpy(&input_overflow_fds_[prev_size], wire_fds,
- num_wire_fds * sizeof(int));
- }
- fds = &input_overflow_fds_[0];
- num_fds = input_overflow_fds_.size();
- }
- }
- if (header_fds > num_fds - fds_i)
-#endif // IPC_USES_READWRITE
- error = "Message needs unreceived descriptors";
- }
-
- if (header_fds >
- FileDescriptorSet::kMaxDescriptorsPerMessage) {
- // There are too many descriptors in this message
- error = "Message requires an excessive number of descriptors";
- }
-
- if (error) {
- LOG(WARNING) << error
- << " channel:" << this
- << " message-type:" << m.type()
- << " header()->num_fds:" << header_fds
- << " num_fds:" << num_fds
- << " fds_i:" << fds_i;
-#if defined(CHROMIUM_SELINUX)
- LOG(WARNING) << "In the case of SELinux this can be caused when "
- "using a --user-data-dir to which the default "
- "policy doesn't give the renderer access to. ";
-#endif // CHROMIUM_SELINUX
- // close the existing file descriptors so that we don't leak them
- for (unsigned i = fds_i; i < num_fds; ++i)
- if (HANDLE_EINTR(close(fds[i])) < 0)
- PLOG(ERROR) << "close " << i;
- input_overflow_fds_.clear();
- // abort the connection
- return false;
- }
-
- m.file_descriptor_set()->SetDescriptors(
- &fds[fds_i], header_fds);
- fds_i += header_fds;
- }
+ if (!PopulateMessageFileDescriptors(&m))
+ return false;
+
DVLOG(2) << "received message on channel @" << this
<< " with type " << m.type() << " on fd " << pipe_;
- if (IsHelloMessage(&m)) {
- // The Hello message contains only the process id.
- void *iter = NULL;
- int pid;
- if (!m.ReadInt(&iter, &pid)) {
- NOTREACHED();
- }
-#if defined(IPC_USES_READWRITE)
- if (mode_ & MODE_SERVER_FLAG) {
- // With IPC_USES_READWRITE, the Hello message from the client to the
- // server also contains the fd_pipe_, which will be used for all
- // subsequent file descriptor passing.
- DCHECK_EQ(m.file_descriptor_set()->size(), 1U);
- base::FileDescriptor descriptor;
- if (!m.ReadFileDescriptor(&iter, &descriptor)) {
- NOTREACHED();
- }
- fd_pipe_ = descriptor.fd;
- CHECK(descriptor.auto_close);
- }
-#endif // IPC_USES_READWRITE
- listener_->OnChannelConnected(pid);
- } else {
+ if (IsHelloMessage(&m))
+ HandleHelloMessage(m);
+ else
listener_->OnMessageReceived(m);
- }
p = message_tail;
} else {
// Last message is partial.
break;
}
- input_overflow_fds_ = std::vector<int>(&fds[fds_i], &fds[num_fds]);
- fds_i = 0;
- fds = vector_as_array(&input_overflow_fds_);
- num_fds = input_overflow_fds_.size();
}
input_overflow_buf_.assign(p, end - p);
- input_overflow_fds_ = std::vector<int>(&fds[fds_i], &fds[num_fds]);
- // When the input data buffer is empty, the overflow fds should be too. If
- // this is not the case, we probably have a rogue renderer which is trying
- // to fill our descriptor table.
- if (input_overflow_buf_.empty() && !input_overflow_fds_.empty()) {
+ // When the input data buffer is empty, the fds should be too. If this is
+ // not the case, we probably have a rogue renderer which is trying to fill
+ // our descriptor table.
+ if (input_overflow_buf_.empty() && !input_fds_.empty()) {
// We close these descriptors in Close()
return false;
}
-
- bytes_read = 0; // Get more data.
}
}
@@ -1006,12 +773,7 @@ void Channel::ChannelImpl::ResetToAcceptingConnectionState() {
}
// Close any outstanding, received file descriptors.
- for (std::vector<int>::iterator
- i = input_overflow_fds_.begin(); i != input_overflow_fds_.end(); ++i) {
- if (HANDLE_EINTR(close(*i)) < 0)
- PLOG(ERROR) << "close";
- }
- input_overflow_fds_.clear();
+ ClearInputFDs();
}
// static
@@ -1041,9 +803,9 @@ void Channel::ChannelImpl::OnFileCanReadWithoutBlocking(int fd) {
// We already have a connection. We only handle one at a time.
// close our new descriptor.
if (HANDLE_EINTR(shutdown(new_pipe, SHUT_RDWR)) < 0)
- PLOG(ERROR) << "shutdown " << pipe_name_;
+ DPLOG(ERROR) << "shutdown " << pipe_name_;
if (HANDLE_EINTR(close(new_pipe)) < 0)
- PLOG(ERROR) << "close " << pipe_name_;
+ DPLOG(ERROR) << "close " << pipe_name_;
listener_->OnChannelDenied();
return;
}
@@ -1053,12 +815,12 @@ void Channel::ChannelImpl::OnFileCanReadWithoutBlocking(int fd) {
// Verify that the IPC channel peer is running as the same user.
uid_t client_euid;
if (!GetClientEuid(&client_euid)) {
- LOG(ERROR) << "Unable to query client euid";
+ DLOG(ERROR) << "Unable to query client euid";
ResetToAcceptingConnectionState();
return;
}
if (client_euid != geteuid()) {
- LOG(WARNING) << "Client euid is not authorised";
+ DLOG(WARNING) << "Client euid is not authorised";
ResetToAcceptingConnectionState();
return;
}
@@ -1175,6 +937,203 @@ bool Channel::ChannelImpl::IsHelloMessage(const Message* m) const {
return m->routing_id() == MSG_ROUTING_NONE && m->type() == HELLO_MESSAGE_TYPE;
}
+bool Channel::ChannelImpl::ReadDataFromPipe(const char** buffer_begin,
+ const char** buffer_end) {
+ struct msghdr msg = {0};
+
+ struct iovec iov = {input_buf_, Channel::kReadBufferSize};
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+
+ msg.msg_control = input_cmsg_buf_;
+
+ // recvmsg() returns 0 if the connection has closed or EAGAIN if no data
+ // is waiting on the pipe.
+ ssize_t bytes_read = 0;
+#if defined(IPC_USES_READWRITE)
+ if (fd_pipe_ >= 0) {
+ bytes_read = HANDLE_EINTR(read(pipe_, input_buf_,
+ Channel::kReadBufferSize));
+ msg.msg_controllen = 0;
+ } else
+#endif // IPC_USES_READWRITE
+ {
+ msg.msg_controllen = sizeof(input_cmsg_buf_);
+ bytes_read = HANDLE_EINTR(recvmsg(pipe_, &msg, MSG_DONTWAIT));
+ }
+ if (bytes_read < 0) {
+ if (errno == EAGAIN) {
+ *buffer_begin = *buffer_end = NULL; // Signal no data was read.
+ return true;
+#if defined(OS_MACOSX)
+ } else if (errno == EPERM) {
+ // On OSX, reading from a pipe with no listener returns EPERM
+ // treat this as a special case to prevent spurious error messages
+ // to the console.
+ return false;
+#endif // OS_MACOSX
+ } else if (errno == ECONNRESET || errno == EPIPE) {
+ return false;
+ } else {
+ PLOG(ERROR) << "pipe error (" << pipe_ << ")";
+ return false;
+ }
+ } else if (bytes_read == 0) {
+ // The pipe has closed...
+ return false;
+ }
+ DCHECK(bytes_read);
+
+ CloseClientFileDescriptor();
+
+ // Read any file descriptors from the message.
+ if (!ExtractFileDescriptorsFromMsghdr(&msg))
+ return false;
+
+ // Possibly combine with the overflow buffer to make a larger buffer.
+ if (input_overflow_buf_.empty()) {
+ *buffer_begin = input_buf_;
+ *buffer_end = *buffer_begin + bytes_read;
+ } else {
+ if (input_overflow_buf_.size() > (kMaximumMessageSize - bytes_read)) {
+ input_overflow_buf_.clear();
+ LOG(ERROR) << "IPC message is too big";
+ return false;
+ }
+ input_overflow_buf_.append(input_buf_, bytes_read);
+ *buffer_begin = input_overflow_buf_.data();
+ *buffer_end = *buffer_begin + input_overflow_buf_.size();
+ }
+ return true;
+}
+
+#if defined(IPC_USES_READWRITE)
+bool Channel::ChannelImpl::ReadFileDescriptorsFromFDPipe() {
+ char dummy;
+ struct iovec fd_pipe_iov = { &dummy, 1 };
+
+ struct msghdr msg = { 0 };
+ msg.msg_iov = &fd_pipe_iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = input_cmsg_buf_;
+ msg.msg_controllen = sizeof(input_cmsg_buf_);
+ ssize_t bytes_received = HANDLE_EINTR(recvmsg(fd_pipe_, &msg, MSG_DONTWAIT));
+
+ if (bytes_received != 1)
+ return true; // No message waiting.
+
+ if (!ExtractFileDescriptorsFromMsghdr(&msg))
+ return false;
+ return true;
+}
+#endif
+
+bool Channel::ChannelImpl::PopulateMessageFileDescriptors(Message* msg) {
+ uint16 header_fds = msg->header()->num_fds;
+ if (!header_fds)
+ return true; // Nothing to do.
+
+ // The message has file descriptors.
+ const char* error = NULL;
+ if (header_fds > input_fds_.size()) {
+ // The message has been completely received, but we didn't get
+ // enough file descriptors.
+#if defined(IPC_USES_READWRITE)
+ if (!ReadFileDescriptorsFromFDPipe())
+ return false;
+ if (header_fds > input_fds_.size())
+#endif // IPC_USES_READWRITE
+ error = "Message needs unreceived descriptors";
+ }
+
+ if (header_fds > FileDescriptorSet::kMaxDescriptorsPerMessage)
+ error = "Message requires an excessive number of descriptors";
+
+ if (error) {
+ LOG(WARNING) << error
+ << " channel:" << this
+ << " message-type:" << msg->type()
+ << " header()->num_fds:" << header_fds;
+#if defined(CHROMIUM_SELINUX)
+ LOG(WARNING) << "In the case of SELinux this can be caused when "
+ "using a --user-data-dir to which the default "
+ "policy doesn't give the renderer access to. ";
+#endif // CHROMIUM_SELINUX
+ // Abort the connection.
+ ClearInputFDs();
+ return false;
+ }
+
+ msg->file_descriptor_set()->SetDescriptors(&input_fds_.front(),
+ header_fds);
+ input_fds_.erase(input_fds_.begin(), input_fds_.begin() + header_fds);
+ return true;
+}
+
+bool Channel::ChannelImpl::ExtractFileDescriptorsFromMsghdr(msghdr* msg) {
+ // Check that there are any control messages. On OSX, CMSG_FIRSTHDR will
+ // return an invalid non-NULL pointer in the case that controllen == 0.
+ if (msg->msg_controllen == 0)
+ return true;
+
+ for (cmsghdr* cmsg = CMSG_FIRSTHDR(msg);
+ cmsg;
+ cmsg = CMSG_NXTHDR(msg, cmsg)) {
+ if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
+ unsigned payload_len = cmsg->cmsg_len - CMSG_LEN(0);
+ DCHECK_EQ(0U, payload_len % sizeof(int));
+ const int* file_descriptors = reinterpret_cast<int*>(CMSG_DATA(cmsg));
+ unsigned num_file_descriptors = payload_len / 4;
+ input_fds_.insert(input_fds_.end(),
+ file_descriptors,
+ file_descriptors + num_file_descriptors);
+
+ // Check this after adding the FDs so we don't leak them.
+ if (msg->msg_flags & MSG_CTRUNC) {
+ ClearInputFDs();
+ return false;
+ }
+
+ return true;
+ }
+ }
+
+ // No file descriptors found, but that's OK.
+ return true;
+}
+
+void Channel::ChannelImpl::ClearInputFDs() {
+ while (!input_fds_.empty()) {
+ if (HANDLE_EINTR(close(input_fds_.front())) < 0)
+ PLOG(ERROR) << "close ";
+ input_fds_.pop_front();
+ }
+}
+
+void Channel::ChannelImpl::HandleHelloMessage(const Message& msg) {
+ // The Hello message contains only the process id.
+ void *iter = NULL;
+ int pid;
+ if (!msg.ReadInt(&iter, &pid))
+ NOTREACHED();
+
+#if defined(IPC_USES_READWRITE)
+ if (mode_ & MODE_SERVER_FLAG) {
+ // With IPC_USES_READWRITE, the Hello message from the client to the
+ // server also contains the fd_pipe_, which will be used for all
+ // subsequent file descriptor passing.
+ DCHECK_EQ(msg.file_descriptor_set()->size(), 1U);
+ base::FileDescriptor descriptor;
+ if (!msg.ReadFileDescriptor(&iter, &descriptor)) {
+ NOTREACHED();
+ }
+ fd_pipe_ = descriptor.fd;
+ CHECK(descriptor.auto_close);
+ }
+#endif // IPC_USES_READWRITE
+ listener_->OnChannelConnected(pid);
+}
+
void Channel::ChannelImpl::Close() {
// Close can be called multiple time, so we need to make sure we're
// idempotent.
@@ -1187,7 +1146,7 @@ void Channel::ChannelImpl::Close() {
}
if (server_listen_pipe_ != -1) {
if (HANDLE_EINTR(close(server_listen_pipe_)) < 0)
- PLOG(ERROR) << "close " << server_listen_pipe_;
+ DPLOG(ERROR) << "close " << server_listen_pipe_;
server_listen_pipe_ = -1;
// Unregister libevent for the listening socket and close it.
server_listen_connection_watcher_.StopWatchingFileDescriptor();
diff --git a/ipc/ipc_channel_posix.h b/ipc/ipc_channel_posix.h
index 800c366..38f8ba4 100644
--- a/ipc/ipc_channel_posix.h
+++ b/ipc/ipc_channel_posix.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -81,6 +81,48 @@ class Channel::ChannelImpl : public MessageLoopForIO::Watcher {
void QueueHelloMessage();
bool IsHelloMessage(const Message* m) const;
+ // Reads data from the "regular" (non FD) pipe into the input buffers. The
+ // two output params will identify the data received.
+ //
+ // On success, returns true. If there is no data waiting, the pointers will
+ // both be set to NULL. Otherwise, they'll indicate the data read. This will
+ // be inside the input_buf_ for short messages, and for long messages will
+ // automatically spill into the input_overflow_buf_. When in non-READWRITE
+ // mode this will also load any handles from the message into input_fds_.
+ //
+ // On failure, returns false. This means there was some kind of pipe error
+ // and we should not continue.
+ bool ReadDataFromPipe(const char** begin, const char** end);
+
+#if defined(IPC_USES_READWRITE)
+ // Reads the next message from the fd_pipe_ and appends them to the
+ // input_fds_ queue. Returns false if there was a message receiving error.
+ // True means there was a message and it was processed properly, or there was
+ // no messages.
+ bool ReadFileDescriptorsFromFDPipe();
+#endif
+
+ // Loads the required file desciptors into the given message. Returns true
+ // on success. False means a fatal channel error.
+ //
+ // This will read from the input_fds_ and read more handles from the FD
+ // pipe if necessary.
+ bool PopulateMessageFileDescriptors(Message* msg);
+
+ // Finds the set of file descriptors in the given message. On success,
+ // appends the descriptors to the input_fds_ member and returns true
+ //
+ // Returns false if the message was truncated. In this case, any handles that
+ // were sent will be closed.
+ bool ExtractFileDescriptorsFromMsghdr(msghdr* msg);
+
+ // Closes all handles in the input_fds_ list and clears the list. This is
+ // used to clean up handles in error conditions to avoid leaking the handles.
+ void ClearInputFDs();
+
+ // Handles the first message sent over the pipe which contains setup info.
+ void HandleHelloMessage(const Message& msg);
+
// MessageLoopForIO::Watcher implementation.
virtual void OnFileCanReadWithoutBlocking(int fd) OVERRIDE;
virtual void OnFileCanWriteWithoutBlocking(int fd) OVERRIDE;
@@ -128,27 +170,38 @@ class Channel::ChannelImpl : public MessageLoopForIO::Watcher {
// Messages to be sent are queued here.
std::queue<Message*> output_queue_;
- // We read from the pipe into this buffer
+ // We read from the pipe into this buffer. Managed by ReadDataFromPipe, do
+ // not access directly outside that function.
char input_buf_[Channel::kReadBufferSize];
+ // Large messages that span multiple pipe buffers, get built-up using
+ // this buffer.
+ std::string input_overflow_buf_;
+
// We assume a worst case: kReadBufferSize bytes of messages, where each
// message has no payload and a full complement of descriptors.
static const size_t kMaxReadFDs =
(Channel::kReadBufferSize / sizeof(IPC::Message::Header)) *
FileDescriptorSet::kMaxDescriptorsPerMessage;
- // This is a control message buffer large enough to hold kMaxReadFDs
+ // Buffer size for file descriptors used for recvmsg. On Mac the CMSG macros
+ // don't seem to be constant so we have to pick a "large enough" value.
#if defined(OS_MACOSX)
- // TODO(agl): OSX appears to have non-constant CMSG macros!
- char input_cmsg_buf_[1024];
+ static const size_t kMaxReadFDBuffer = 1024;
#else
- char input_cmsg_buf_[CMSG_SPACE(sizeof(int) * kMaxReadFDs)];
+ static const size_t kMaxReadFDBuffer = CMSG_SPACE(sizeof(int) * kMaxReadFDs);
#endif
- // Large messages that span multiple pipe buffers, get built-up using
- // this buffer.
- std::string input_overflow_buf_;
- std::vector<int> input_overflow_fds_;
+ // Temporary buffer used to receive the file descriptors from recvmsg.
+ // Code that writes into this should immediately read them out and save
+ // them to input_fds_, since this buffer will be re-used anytime we call
+ // recvmsg.
+ char input_cmsg_buf_[kMaxReadFDBuffer];
+
+ // File descriptors extracted from messages coming off of the channel. The
+ // handles may span messages and come off different channels from the message
+ // data (in the case of READWRITE), and are processed in FIFO here.
+ std::deque<int> input_fds_;
// True if we are responsible for unlinking the unix domain socket file.
bool must_unlink_;