NaCl: enable meta-based validation for shared libraries.

chrome/browser/nacl_host/nacl_process_host.cc

Index: chrome/browser/nacl_host/nacl_process_host.cc
diff --git a/chrome/browser/nacl_host/nacl_process_host.cc b/chrome/browser/nacl_host/nacl_process_host.cc
index 26a1df5673dc7053c09b04a6747a045e8aaa1c6d..afbff6f9a06d3251cc6c714de2c13ac746eca232 100644
--- a/chrome/browser/nacl_host/nacl_process_host.cc
+++ b/chrome/browser/nacl_host/nacl_process_host.cc
@@ -623,6 +623,8 @@ bool NaClProcessHost::OnMessageReceived(const IPC::Message& msg) {
                         OnQueryKnownToValidate)
     IPC_MESSAGE_HANDLER(NaClProcessMsg_SetKnownToValidate,
                         OnSetKnownToValidate)
+    IPC_MESSAGE_HANDLER_DELAY_REPLY(NaClProcessMsg_ResolveFileNonce,
+                                    OnResolveFileNonce)
 #if defined(OS_WIN)
     IPC_MESSAGE_HANDLER_DELAY_REPLY(NaClProcessMsg_AttachDebugExceptionHandler,
                                     OnAttachDebugExceptionHandler)
@@ -761,7 +763,6 @@ bool NaClProcessHost::StartNaClExecution() {
   if (params.uses_irt) {
     base::PlatformFile irt_file = nacl_browser->IrtFile();
     CHECK_NE(irt_file, base::kInvalidPlatformFileValue);
-
     // Send over the IRT file handle.  We don't close our own copy!
     if (!ShareHandleToSelLdr(data.handle, irt_file, false, &params.handles))
       return false;
@@ -930,6 +931,68 @@ void NaClProcessHost::OnSetKnownToValidate(const std::string& signature) {
   NaClBrowser::GetInstance()->SetKnownToValidate(signature, off_the_record_);
 }
 
+void NaClProcessHost::FileResolved(
+    base::PlatformFile* file,
+    const base::FilePath& file_path,
+    IPC::Message* reply_msg) {
+

[Mark Seaborn, 2013/05/16 23:01:47]

Remove empty line at function start

[Nick Bray (chromium), 2013/05/21 20:09:06]

Done.

+  if (*file != base::kInvalidPlatformFileValue) {
+    IPC::PlatformFileForTransit handle = IPC::GetFileHandleForProcess(
+        *file,
+        process_->GetData().handle,
+        true /* close_source */);
+    NaClProcessMsg_ResolveFileNonce::WriteReplyParams(
+        reply_msg,
+        handle,
+        file_path);
+  } else {
+    NaClProcessMsg_ResolveFileNonce::WriteReplyParams(
+        reply_msg,
+        IPC::InvalidPlatformFileForTransit(),
+        base::FilePath(FILE_PATH_LITERAL("")));
+  }
+  Send(reply_msg);
+}
+
+void NaClProcessHost::OnResolveFileNonce(uint64 nonce,
+                                         IPC::Message* reply_msg) {
+  // Was the file registered?
+  // Note that the file path cache is of bounded size, and old entries can get
+  // evicted.  If a large number of NaCl modules are being launched at once,
+  // resolving the nonce may fail because the path cache was thrashed while the

[Mark Seaborn, 2013/05/16 23:01:47]

As I said in the other comment, this is bad, so you should at least have a TODO
to fix this.

[Nick Bray (chromium), 2013/05/21 20:09:06]

The cache is big enough this shouldn't happen in practice, this behavior is not
particularly bad, and there isn't a good alternative, given architectural
constraints.  A TODO would just be clutter.

+  // nonce was in flight.  In this case the query fails, and we need to fall
+  // back to the slower path.
+  base::FilePath file_path;
+  if (!NaClBrowser::GetInstance()->GetFilePath(nonce, &file_path)){

[Mark Seaborn, 2013/05/16 23:01:47]

Add space: ") {"

[Nick Bray (chromium), 2013/05/21 20:09:06]

Done.

+     NaClProcessMsg_ResolveFileNonce::WriteReplyParams(

[Mark Seaborn, 2013/05/16 23:01:47]

Wrong indentation here (it's using 2+3 instead of 2+2)

[Nick Bray (chromium), 2013/05/21 20:09:06]

Done.

+         reply_msg,
+         IPC::InvalidPlatformFileForTransit(),
+         base::FilePath(FILE_PATH_LITERAL("")));
+     Send(reply_msg);
+     return;
+  }
+
+  // Scratch space to share between the callbacks.
+  base::PlatformFile* data = new base::PlatformFile();
+
+  // Open the file.
+  if (!content::BrowserThread::PostBlockingPoolTaskAndReply(
+      FROM_HERE,

[Mark Seaborn, 2013/05/16 23:01:47]

Indent the function's arguments

[Nick Bray (chromium), 2013/05/21 20:09:06]

They are.  Four space indent.  Which is ambiguous with the bracket alignment, in
this case.  If you have a better suggestion, please be explicit.

+      base::Bind(nacl::OpenNaClExecutableImpl,
+                 file_path, data),
+      base::Bind(&NaClProcessHost::FileResolved,
+                 weak_factory_.GetWeakPtr(),
+                 base::Owned(data),
+                 file_path,
+                 reply_msg))) {
+     NaClProcessMsg_ResolveFileNonce::WriteReplyParams(
+         reply_msg,
+         IPC::InvalidPlatformFileForTransit(),
+         base::FilePath(FILE_PATH_LITERAL("")));
+     Send(reply_msg);
+  }
+}
+
 #if defined(OS_WIN)
 void NaClProcessHost::OnAttachDebugExceptionHandler(const std::string& info,
                                                     IPC::Message* reply_msg) {