SFI NaCl: Batch-open resource files

components/nacl/loader/nacl_listener.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/nacl/loader/nacl_listener.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
@@ skipping 126 matching lines @@
 // Creates the PPAPI IPC channel between the NaCl IRT and the host
 // (browser/renderer) process, and starts to listen it on the thread where
 // the given message_loop_proxy runs.
 // Also, creates and sets the corresponding NaClDesc to the given nap with
 // the FD #.
 void SetUpIPCAdapter(
     IPC::ChannelHandle* handle,
     scoped_refptr<base::MessageLoopProxy> message_loop_proxy,
     struct NaClApp* nap,
     int nacl_fd,
-    NaClIPCAdapter::ResolveFileTokenCallback resolve_file_token_cb) {
+    NaClIPCAdapter::ResolveFileTokenCallback resolve_file_token_cb,
+    NaClIPCAdapter::OpenResourceCallback open_resource_cb) {
   scoped_refptr<NaClIPCAdapter> ipc_adapter(
       new NaClIPCAdapter(*handle,
                          message_loop_proxy.get(),
-                         resolve_file_token_cb));
+                         resolve_file_token_cb,
+                         open_resource_cb));
   ipc_adapter->ConnectChannel();
 #if defined(OS_POSIX)
   handle->socket =
       base::FileDescriptor(ipc_adapter->TakeClientFileDescriptor());
 #endif
 
   // Pass a NaClDesc to the untrusted side. This will hold a ref to the
   // NaClIPCAdapter.
   NaClAppSetDesc(nap, nacl_fd, ipc_adapter->MakeNaClDesc());
 }
@@ skipping 108 matching lines @@
 
 bool NaClListener::OnMessageReceived(const IPC::Message& msg) {
   bool handled = true;
   IPC_BEGIN_MESSAGE_MAP(NaClListener, msg)
       IPC_MESSAGE_HANDLER(NaClProcessMsg_Start, OnStart)
       IPC_MESSAGE_UNHANDLED(handled = false)
   IPC_END_MESSAGE_MAP()
   return handled;
 }
 
+bool NaClListener::OnOpenResource(
+    const IPC::Message& msg,
+    const std::string& key,
+    NaClIPCAdapter::OpenResourceReplyCallback cb) {
+  // This callback is executed only on |io_thread_| with NaClIPCAdapter's
+  // |lock_| not being held.
+  DCHECK(!cb.is_null());
+  PrefetchedResourceFilesMap::iterator it =
+      prefetched_resource_files_.find(key);
+
+  if (it != prefetched_resource_files_.end()) {
+    // Fast path for prefetched FDs.
+    IPC::PlatformFileForTransit file = it->second.first;
+    base::FilePath path = it->second.second;
+    prefetched_resource_files_.erase(it);
+    // A pre-opened resource descriptor is available. Run the reply callback
+    // and return true.
+    cb.Run(msg, file, path);
+    return true;
+  }
+
+  // Return false to fall back to the slow path. Let the IPC adapter issue an

[Mark Seaborn, 2015/05/04 17:08:39]

Nit: "the IPC adapter" -> "NaClIPCAdapter" to be more specific?

[Yusuke Sato, 2015/05/05 18:27:16]

Done.

+  // IPC to the renderer.
+  return false;
+}
+
 void NaClListener::OnStart(const nacl::NaClStartParams& params) {
 #if defined(OS_LINUX) || defined(OS_MACOSX)
   int urandom_fd = dup(base::GetUrandomFD());
   if (urandom_fd < 0) {
     LOG(ERROR) << "Failed to dup() the urandom FD";
     return;
   }
   NaClChromeMainSetUrandomFd(urandom_fd);
 #endif
   struct NaClApp* nap = NULL;
   NaClChromeMainInit();
 
   crash_info_shmem_.reset(new base::SharedMemory(params.crash_info_shmem_handle,
                                                  false));
   CHECK(crash_info_shmem_->Map(nacl::kNaClCrashInfoShmemSize));
   NaClSetFatalErrorCallback(&FatalLogHandler);
 
   nap = NaClAppCreate();
   if (nap == NULL) {
     LOG(ERROR) << "NaClAppCreate() failed";
     return;
   }
 
   IPC::ChannelHandle browser_handle;
   IPC::ChannelHandle ppapi_renderer_handle;
   IPC::ChannelHandle manifest_service_handle;
 
+  for (size_t i = 0; i < params.prefetched_resource_files.size(); ++i) {
+    bool result = prefetched_resource_files_.insert(std::make_pair(

[Mark Seaborn, 2015/05/04 17:08:39]

I think you'll need to rebase this use of std::pair on Hidehiko's refactoring.

[Yusuke Sato, 2015/05/05 18:27:16]

Done.

+        params.prefetched_resource_files[i].file_key,
+        std::make_pair(
+            params.prefetched_resource_files[i].file,
+            params.prefetched_resource_files[i].file_path_metadata))).second;
+    if (!result) {
+      DLOG(ERROR) << "Duplicated open_resource key: "

[Mark Seaborn, 2015/05/04 17:08:39]

How about just making this fatal?  The renderer should never send duplicated
keys anyway.

[Yusuke Sato, 2015/05/05 18:27:16]

Done.

+                  << params.prefetched_resource_files[i].file_key;
+    }
+  }
+
   if (params.enable_ipc_proxy) {
     browser_handle = IPC::Channel::GenerateVerifiedChannelID("nacl");
     ppapi_renderer_handle = IPC::Channel::GenerateVerifiedChannelID("nacl");
     manifest_service_handle = IPC::Channel::GenerateVerifiedChannelID("nacl");
 
     // Create the PPAPI IPC channels between the NaCl IRT and the host
     // (browser/renderer) processes. The IRT uses these channels to
     // communicate with the host and to initialize the IPC dispatchers.
     SetUpIPCAdapter(&browser_handle, io_thread_.message_loop_proxy(),
                     nap, NACL_CHROME_DESC_BASE,
-                    NaClIPCAdapter::ResolveFileTokenCallback());
+                    NaClIPCAdapter::ResolveFileTokenCallback(),
+                    NaClIPCAdapter::OpenResourceCallback());
     SetUpIPCAdapter(&ppapi_renderer_handle, io_thread_.message_loop_proxy(),
                     nap, NACL_CHROME_DESC_BASE + 1,
-                    NaClIPCAdapter::ResolveFileTokenCallback());
+                    NaClIPCAdapter::ResolveFileTokenCallback(),
+                    NaClIPCAdapter::OpenResourceCallback());
     SetUpIPCAdapter(&manifest_service_handle,
                     io_thread_.message_loop_proxy(),
                     nap,
                     NACL_CHROME_DESC_BASE + 2,
                     base::Bind(&NaClListener::ResolveFileToken,
+                               base::Unretained(this)),
+                    base::Bind(&NaClListener::OnOpenResource,
                                base::Unretained(this)));
   }
 
   trusted_listener_ = new NaClTrustedListener(
       IPC::Channel::GenerateVerifiedChannelID("nacl"),
       io_thread_.message_loop_proxy().get(),
       &shutdown_event_);
   if (!Send(new NaClProcessHostMsg_PpapiChannelsCreated(
           browser_handle,
           ppapi_renderer_handle,
@@ skipping 97 matching lines @@
   if (params.enable_mojo) {
     // InjectMojo adds a file descriptor to the process that allows Mojo calls
     // to use an implementation defined outside the NaCl sandbox. See
     // //mojo/nacl for implementation details.
     InjectMojo(nap);
   } else {
     // When Mojo isn't enabled, we inject a file descriptor that intentionally
     // fails on any imc_sendmsg() call to make debugging easier.
     InjectDisabledMojo(nap);
   }
-  // TODO(yusukes): Support pre-opening resource files.
-  CHECK(params.prefetched_resource_files.empty());
 
   int exit_status;
   if (!NaClChromeMainStart(nap, args, &exit_status))
     NaClExit(1);
 
   // Report the plugin's exit status if the application started successfully.
   trusted_listener_->Send(new NaClRendererMsg_ReportExitStatus(exit_status));
   NaClExit(exit_status);
 }
 
 void NaClListener::ResolveFileToken(
     uint64_t token_lo,
     uint64_t token_hi,
     base::Callback<void(IPC::PlatformFileForTransit, base::FilePath)> cb) {
   if (!Send(new NaClProcessMsg_ResolveFileToken(token_lo, token_hi))) {
     cb.Run(IPC::PlatformFileForTransit(), base::FilePath());
     return;
   }
   resolved_cb_ = cb;
 }
 
 void NaClListener::OnFileTokenResolved(
     uint64_t token_lo,
     uint64_t token_hi,
     IPC::PlatformFileForTransit ipc_fd,
     base::FilePath file_path) {
   resolved_cb_.Run(ipc_fd, file_path);
   resolved_cb_.Reset();
 }