Add an IPC channel between the NaCl loader process and the renderer.

chrome/browser/nacl_host/nacl_process_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/nacl_host/nacl_process_host.h"
 
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 92 matching lines @@
   handles_for_sel_ldr->push_back(channel);
 #endif
   return true;
 }
 
 }  // namespace
 
 struct NaClProcessHost::NaClInternal {
   std::vector<nacl::Handle> sockets_for_renderer;
   std::vector<nacl::Handle> sockets_for_sel_ldr;
+  std::vector<nacl::FileDescriptor> handles_for_renderer;
 };
 
 // -----------------------------------------------------------------------------
 
 NaClProcessHost::NaClProcessHost(const GURL& manifest_url, bool off_the_record)
     : manifest_url_(manifest_url),
 #if defined(OS_WIN)
       process_launched_by_broker_(false),
 #elif defined(OS_LINUX)
       wait_for_nacl_gdb_(false),
@@ skipping 407 matching lines @@
   bool handled = true;
   IPC_BEGIN_MESSAGE_MAP(NaClProcessHost, msg)
     IPC_MESSAGE_HANDLER(NaClProcessMsg_QueryKnownToValidate,
                         OnQueryKnownToValidate)
     IPC_MESSAGE_HANDLER(NaClProcessMsg_SetKnownToValidate,
                         OnSetKnownToValidate)
 #if defined(OS_WIN)
     IPC_MESSAGE_HANDLER_DELAY_REPLY(NaClProcessMsg_AttachDebugExceptionHandler,
                                     OnAttachDebugExceptionHandler)
 #endif
+    IPC_MESSAGE_HANDLER(NaClProcessHostMsg_PpapiChannelCreated,
+                        OnPpapiChannelCreated)
     IPC_MESSAGE_UNHANDLED(handled = false)
   IPC_END_MESSAGE_MAP()
   return handled;
 }
 
 void NaClProcessHost::OnProcessLaunched() {
   if (!StartWithLaunchedProcess())
     delete this;
 }
 
 // Called when the NaClBrowser singleton has been fully initialized.
 void NaClProcessHost::OnResourcesReady() {
   NaClBrowser* nacl_browser = NaClBrowser::GetInstance();
   if (!nacl_browser->IsReady() || !SendStart()) {
     DLOG(ERROR) << "Cannot launch NaCl process";
     delete this;
   }
 }
 
-bool NaClProcessHost::ReplyToRenderer() {
-  std::vector<nacl::FileDescriptor> handles_for_renderer;
-  for (size_t i = 0; i < internal_->sockets_for_renderer.size(); i++) {
-#if defined(OS_WIN)
-    // Copy the handle into the renderer process.
-    HANDLE handle_in_renderer;
-    if (!DuplicateHandle(base::GetCurrentProcessHandle(),
-                         reinterpret_cast<HANDLE>(
-                             internal_->sockets_for_renderer[i]),
-                         chrome_render_message_filter_->peer_handle(),
-                         &handle_in_renderer,
-                         0,  // Unused given DUPLICATE_SAME_ACCESS.
-                         FALSE,
-                         DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
-      DLOG(ERROR) << "DuplicateHandle() failed";
-      return false;
-    }
-    handles_for_renderer.push_back(
-        reinterpret_cast<nacl::FileDescriptor>(handle_in_renderer));
-#else
-    // No need to dup the imc_handle - we don't pass it anywhere else so
-    // it cannot be closed.
-    nacl::FileDescriptor imc_handle;
-    imc_handle.fd = internal_->sockets_for_renderer[i];
-    imc_handle.auto_close = true;
-    handles_for_renderer.push_back(imc_handle);
-#endif
-  }
-
+bool NaClProcessHost::SendStart() {
+  const ChildProcessData& data = process_->GetData();
 #if defined(OS_WIN)
   // If we are on 64-bit Windows, the NaCl process's sandbox is
   // managed by a different process from the renderer's sandbox.  We
   // need to inform the renderer's sandbox about the NaCl process so
   // that the renderer can send handles to the NaCl process using
   // BrokerDuplicateHandle().
   if (RunningOnWOW64()) {
-    if (!content::BrokerAddTargetPeer(process_->GetData().handle)) {
+    if (!content::BrokerAddTargetPeer(data.handle)) {
       DLOG(ERROR) << "Failed to add NaCl process PID";
       return false;
     }
   }
 #endif
 
-  ChromeViewHostMsg_LaunchNaCl::WriteReplyParams(
-      reply_msg_, handles_for_renderer);
-  chrome_render_message_filter_->Send(reply_msg_);
-  chrome_render_message_filter_ = NULL;
-  reply_msg_ = NULL;
-  internal_->sockets_for_renderer.clear();
-  return true;
-}
-
-bool NaClProcessHost::StartNaClExecution() {
   NaClBrowser* nacl_browser = NaClBrowser::GetInstance();
 
   nacl::NaClStartParams params;
   params.validation_cache_enabled = nacl_browser->ValidationCacheIsEnabled();
   params.validation_cache_key = nacl_browser->GetValidationCacheKey();
   params.version = chrome::VersionInfo().CreateVersionString();
   params.enable_exception_handling = enable_exception_handling_;
   params.enable_debug_stub =
       CommandLine::ForCurrentProcess()->HasSwitch(switches::kEnableNaClDebug);
+  params.enable_ipc_proxy = CommandLine::ForCurrentProcess()->HasSwitch(
+                                switches::kEnableNaClIPCProxy);
 
   base::PlatformFile irt_file = nacl_browser->IrtFile();
   CHECK_NE(irt_file, base::kInvalidPlatformFileValue);
 
-  const ChildProcessData& data = process_->GetData();
+  // TODO(bbudge) In case of errors, the destructor may close handles that
+  // have already been closed by DuplicateHandle, which is unsafe. Add some
+  // helper functions that can be invoked when handle duplication fails, to
+  // clean more carefully.
   for (size_t i = 0; i < internal_->sockets_for_sel_ldr.size(); i++) {
     if (!ShareHandleToSelLdr(data.handle,
                              internal_->sockets_for_sel_ldr[i], true,
                              &params.handles)) {
       return false;
     }
   }
 
   // Send over the IRT file handle.  We don't close our own copy!
   if (!ShareHandleToSelLdr(data.handle, irt_file, false, &params.handles))
@@ skipping 15 matching lines @@
   nacl::FileDescriptor memory_fd;
   memory_fd.fd = dup(memory_buffer.handle().fd);
   if (memory_fd.fd < 0) {
     DLOG(ERROR) << "Failed to dup() a file descriptor";
     return false;
   }
   memory_fd.auto_close = true;
   params.handles.push_back(memory_fd);
 #endif
 
+  for (size_t i = 0; i < internal_->sockets_for_renderer.size(); i++) {
+#if defined(OS_WIN)
+    // Copy the handle into the renderer process.
+    HANDLE handle_in_renderer;
+    if (!DuplicateHandle(base::GetCurrentProcessHandle(),
+                         reinterpret_cast<HANDLE>(
+                             internal_->sockets_for_renderer[i]),
+                         chrome_render_message_filter_->peer_handle(),
+                         &handle_in_renderer,
+                         0,  // Unused given DUPLICATE_SAME_ACCESS.
+                         FALSE,
+                         DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
+      DLOG(ERROR) << "DuplicateHandle() failed";
+      return false;
+    }
+    internal_->handles_for_renderer.push_back(
+        reinterpret_cast<nacl::FileDescriptor>(handle_in_renderer));
+#else
+    // No need to dup the imc_handle - we don't pass it anywhere else so
+    // it cannot be closed.
+    nacl::FileDescriptor imc_handle;
+    imc_handle.fd = internal_->sockets_for_renderer[i];
+    imc_handle.auto_close = true;
+    internal_->handles_for_renderer.push_back(imc_handle);
+#endif
+  }
+
+  // The start message should only be sent once we are sure we won't delete
+  // ourselves.
   process_->Send(new NaClProcessMsg_Start(params));
 
   internal_->sockets_for_sel_ldr.clear();
+
+  // If we aren't creating the IPC channel, send the reply message without
+  // waiting for the NaCl process to signal that it's ready.
+  // TODO(bbudge) remove this after we switch to the IPC proxy.
+  if (!params.enable_ipc_proxy) {
+    OnPpapiChannelCreated(IPC::ChannelHandle());
+  }
+
   return true;
 }
 
-bool NaClProcessHost::SendStart() {
-  return ReplyToRenderer() && StartNaClExecution();
+void NaClProcessHost::OnPpapiChannelCreated(
+    const IPC::ChannelHandle& channel_handle) {
+  // Now that the server end of the channel has been created, send the reply to
+  // the renderer.
+  ChromeViewHostMsg_LaunchNaCl::WriteReplyParams(
+      reply_msg_, internal_->handles_for_renderer, channel_handle);
+  chrome_render_message_filter_->Send(reply_msg_);
+  chrome_render_message_filter_ = NULL;
+  reply_msg_ = NULL;
+
+  internal_->sockets_for_renderer.clear();
+  internal_->handles_for_renderer.clear();
 }
 
 bool NaClProcessHost::StartWithLaunchedProcess() {
 #if defined(OS_LINUX)
   if (wait_for_nacl_gdb_) {
     if (LaunchNaClGdb(base::GetProcId(process_->GetData().handle))) {
       // We will be called with wait_for_nacl_gdb_ = false once debugger is
       // attached to the program.
       return true;
     }
@@ skipping 86 matching lines @@
   } else {
     NaClStartDebugExceptionHandlerThread(
         process_handle.Take(), info,
         base::MessageLoopProxy::current(),
         base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker,
                    weak_factory_.GetWeakPtr()));
     return true;
   }
 }
 #endif