Prevent Pepper plugin reentrancy for synchronous messages except for script

calls where reentrancy is required.
Review URL: http://codereview.chromium.org/6625045

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@77967 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 74 insertions, 0 deletions

diff --git a/ppapi/proxy/host_dispatcher.cc b/ppapi/proxy/host_dispatcher.cc
index 52305e0..d51ad09 100644
--- a/ppapi/proxy/host_dispatcher.cc
+++ b/ppapi/proxy/host_dispatcher.cc
@@ -41,6 +41,20 @@ PP_Bool ReserveInstanceID(PP_Module module, PP_Instance instance) {
   return BoolToPPBool(usable);
 }
 
+// Saves the state of the given bool and puts it back when it goes out of
+// scope.
+class BoolRestorer {
+ public:
+  BoolRestorer(bool* var) : var_(var), old_value_(*var) {
+  }
+  ~BoolRestorer() {
+    *var_ = old_value_;
+  }
+ private:
+  bool* var_;
+  bool old_value_;
+};
+
 }  // namespace
 
 HostDispatcher::HostDispatcher(base::ProcessHandle remote_process_handle,
@@ -105,7 +119,27 @@ bool HostDispatcher::IsPlugin() const {
   return false;
 }
 
+bool HostDispatcher::Send(IPC::Message* msg) {
+  // Normal sync messages are set to unblock, which would normally cause the
+  // plugin to be reentered to process them. We only want to do this when we
+  // know the plugin is in a state to accept reentrancy. Since the plugin side
+  // never clears this flag on messages it sends, we can't get deadlock, but we
+  // may still get reentrancy in the host as a result.
+  if (!allow_plugin_reentrancy_)
+    msg->set_unblock(false);
+  return Dispatcher::Send(msg);
+}
+
 bool HostDispatcher::OnMessageReceived(const IPC::Message& msg) {
+  // We only want to allow reentrancy when the most recent message from the
+  // plugin was a scripting message. We save the old state of the flag on the
+  // stack in case we're (we are the host) being reentered ourselves. The flag
+  // is set to false here for all messages, and then the scripting API will
+  // explicitly set it to true during processing of those messages that can be
+  // reentered.
+  BoolRestorer restorer(&allow_plugin_reentrancy_);
+  allow_plugin_reentrancy_ = false;
+
   // Handle common control messages.
   if (Dispatcher::OnMessageReceived(msg))
     return true;
diff --git a/ppapi/proxy/host_dispatcher.h b/ppapi/proxy/host_dispatcher.h
index 0fed9bd..0cc5f88 100644
--- a/ppapi/proxy/host_dispatcher.h
+++ b/ppapi/proxy/host_dispatcher.h
@@ -59,6 +59,7 @@ class HostDispatcher : public Dispatcher {
 
   // Dispatcher overrides.
   virtual bool IsPlugin() const;
+  virtual bool Send(IPC::Message* msg);
 
   // IPC::Channel::Listener.
   virtual bool OnMessageReceived(const IPC::Message& msg);
@@ -78,6 +79,12 @@ class HostDispatcher : public Dispatcher {
   // Will return NULL if an interface isn't supported.
   InterfaceProxy* GetOrCreatePPBInterfaceProxy(InterfaceID id);
 
+  // See the value below. Call this when processing a scripting message from
+  // the plugin that can be reentered.
+  void set_allow_plugin_reentrancy() {
+    allow_plugin_reentrancy_ = true;
+  }
+
   // Returns the proxy interface for talking to the implementation.
   const PPB_Proxy_Private* ppb_proxy() const { return ppb_proxy_; }
 
@@ -104,6 +111,13 @@ class HostDispatcher : public Dispatcher {
   // Guaranteed non-NULL.
   const PPB_Proxy_Private* ppb_proxy_;
 
+  // Set to true when the plugin is in a state that it can be reentered by a
+  // sync message from the host. We allow reentrancy only when we're processing
+  // a sync message from the renderer that is a scripting command. When the
+  // plugin is in this state, it needs to accept reentrancy since scripting may
+  // ultimately call back into the plugin.
+  bool allow_plugin_reentrancy_;
+
   DISALLOW_COPY_AND_ASSIGN(HostDispatcher);
 };
 
diff --git a/ppapi/proxy/ppb_instance_proxy.cc b/ppapi/proxy/ppb_instance_proxy.cc
index 76ac13e..4d6f5f3 100644
--- a/ppapi/proxy/ppb_instance_proxy.cc
+++ b/ppapi/proxy/ppb_instance_proxy.cc
@@ -6,6 +6,7 @@
 
 #include "ppapi/c/pp_var.h"
 #include "ppapi/c/ppb_instance.h"
+#include "ppapi/proxy/host_dispatcher.h"
 #include "ppapi/proxy/plugin_dispatcher.h"
 #include "ppapi/proxy/plugin_resource.h"
 #include "ppapi/proxy/plugin_resource_tracker.h"
@@ -167,6 +168,11 @@ void PPB_Instance_Proxy::OnMsgExecuteScript(
     SerializedVarReceiveInput script,
     SerializedVarOutParam out_exception,
     SerializedVarReturnValue result) {
+  if (dispatcher()->IsPlugin())
+    NOTREACHED();
+  else
+    static_cast<HostDispatcher*>(dispatcher())->set_allow_plugin_reentrancy();
+
   result.Return(dispatcher(), ppb_instance_target()->ExecuteScript(
       instance,
       script.Get(dispatcher()),
diff --git a/ppapi/proxy/ppb_var_deprecated_proxy.cc b/ppapi/proxy/ppb_var_deprecated_proxy.cc
index 99e7ced..f1b7f8b 100644
--- a/ppapi/proxy/ppb_var_deprecated_proxy.cc
+++ b/ppapi/proxy/ppb_var_deprecated_proxy.cc
@@ -10,6 +10,7 @@
 #include "ppapi/c/dev/ppb_var_deprecated.h"
 #include "ppapi/c/pp_var.h"
 #include "ppapi/c/ppb_core.h"
+#include "ppapi/proxy/host_dispatcher.h"
 #include "ppapi/proxy/plugin_dispatcher.h"
 #include "ppapi/proxy/plugin_var_tracker.h"
 #include "ppapi/proxy/ppapi_messages.h"
@@ -347,6 +348,7 @@ void PPB_Var_Deprecated_Proxy::OnMsgHasProperty(
     SerializedVarReceiveInput name,
     SerializedVarOutParam exception,
     PP_Bool* result) {
+  SetAllowPluginReentrancy();
   *result = BoolToPPBool(ppb_var_target()->HasProperty(
       var.Get(dispatcher()),
       name.Get(dispatcher()),
@@ -358,6 +360,7 @@ void PPB_Var_Deprecated_Proxy::OnMsgHasMethodDeprecated(
     SerializedVarReceiveInput name,
     SerializedVarOutParam exception,
     PP_Bool* result) {
+  SetAllowPluginReentrancy();
   *result = BoolToPPBool(ppb_var_target()->HasMethod(
       var.Get(dispatcher()),
       name.Get(dispatcher()),
@@ -369,6 +372,7 @@ void PPB_Var_Deprecated_Proxy::OnMsgGetProperty(
     SerializedVarReceiveInput name,
     SerializedVarOutParam exception,
     SerializedVarReturnValue result) {
+  SetAllowPluginReentrancy();
   result.Return(dispatcher(), ppb_var_target()->GetProperty(
       var.Get(dispatcher()), name.Get(dispatcher()),
       exception.OutParam(dispatcher())));
@@ -378,6 +382,7 @@ void PPB_Var_Deprecated_Proxy::OnMsgEnumerateProperties(
     SerializedVarReceiveInput var,
     SerializedVarVectorOutParam props,
     SerializedVarOutParam exception) {
+  SetAllowPluginReentrancy();
   ppb_var_target()->GetAllPropertyNames(var.Get(dispatcher()),
       props.CountOutParam(), props.ArrayOutParam(dispatcher()),
       exception.OutParam(dispatcher()));
@@ -388,6 +393,7 @@ void PPB_Var_Deprecated_Proxy::OnMsgSetPropertyDeprecated(
     SerializedVarReceiveInput name,
     SerializedVarReceiveInput value,
     SerializedVarOutParam exception) {
+  SetAllowPluginReentrancy();
   ppb_var_target()->SetProperty(var.Get(dispatcher()),
                                 name.Get(dispatcher()),
                                 value.Get(dispatcher()),
@@ -399,6 +405,7 @@ void PPB_Var_Deprecated_Proxy::OnMsgDeleteProperty(
     SerializedVarReceiveInput name,
     SerializedVarOutParam exception,
     PP_Bool* result) {
+  SetAllowPluginReentrancy();
   ppb_var_target()->RemoveProperty(var.Get(dispatcher()),
                                    name.Get(dispatcher()),
                                    exception.OutParam(dispatcher()));
@@ -413,6 +420,7 @@ void PPB_Var_Deprecated_Proxy::OnMsgCallDeprecated(
     SerializedVarVectorReceiveInput arg_vector,
     SerializedVarOutParam exception,
     SerializedVarReturnValue result) {
+  SetAllowPluginReentrancy();
   uint32_t arg_count = 0;
   PP_Var* args = arg_vector.Get(dispatcher(), &arg_count);
   result.Return(dispatcher(), ppb_var_target()->Call(
@@ -427,6 +435,7 @@ void PPB_Var_Deprecated_Proxy::OnMsgConstruct(
     SerializedVarVectorReceiveInput arg_vector,
     SerializedVarOutParam exception,
     SerializedVarReturnValue result) {
+  SetAllowPluginReentrancy();
   uint32_t arg_count = 0;
   PP_Var* args = arg_vector.Get(dispatcher(), &arg_count);
   result.Return(dispatcher(), ppb_var_target()->Construct(
@@ -447,9 +456,17 @@ void PPB_Var_Deprecated_Proxy::OnMsgCreateObjectDeprecated(
     int64 ppp_class,
     int64 class_data,
     SerializedVarReturnValue result) {
+  SetAllowPluginReentrancy();
   result.Return(dispatcher(), PPP_Class_Proxy::CreateProxiedObject(
       ppb_var_target(), dispatcher(), instance, ppp_class, class_data));
 }
 
+void PPB_Var_Deprecated_Proxy::SetAllowPluginReentrancy() {
+  if (dispatcher()->IsPlugin())
+    NOTREACHED();
+  else
+    static_cast<HostDispatcher*>(dispatcher())->set_allow_plugin_reentrancy();
+}
+
 }  // namespace proxy
 }  // namespace pp
diff --git a/ppapi/proxy/ppb_var_deprecated_proxy.h b/ppapi/proxy/ppb_var_deprecated_proxy.h
index d105d25..6e05f3e 100644
--- a/ppapi/proxy/ppb_var_deprecated_proxy.h
+++ b/ppapi/proxy/ppb_var_deprecated_proxy.h
@@ -87,6 +87,9 @@ class PPB_Var_Deprecated_Proxy : public InterfaceProxy {
                                    int64 ppp_class,
                                    int64 ppp_class_data,
                                    SerializedVarReturnValue result);
+
+  // Call in the host for messages that can be reentered.
+  void SetAllowPluginReentrancy();
 };
 
 }  // namespace proxy