fix excesive number of mutexes created by sandbox

sandbox/win/src/sharedmem_ipc_server.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/callback.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "sandbox/win/src/sharedmem_ipc_server.h"
 #include "sandbox/win/src/sharedmem_ipc_client.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_types.h"
 #include "sandbox/win/src/crosscall_params.h"
 #include "sandbox/win/src/crosscall_server.h"
 
+namespace {
+// This handle must not be closed.
+volatile HANDLE g_alive_mutex = NULL;
+}
+
 namespace sandbox {
 
 SharedMemIPCServer::SharedMemIPCServer(HANDLE target_process,
                                        DWORD target_process_id,
                                        HANDLE target_job,
                                        ThreadProvider* thread_provider,
                                        Dispatcher* dispatcher)
     : client_control_(NULL),
       thread_provider_(thread_provider),
       target_process_(target_process),
       target_process_id_(target_process_id),
       target_job_object_(target_job),
       call_dispatcher_(dispatcher) {
+  // We create a initially owned mutex. If the server dies unexpectedly,
+  // the thread that owns it will fail to release the lock and windows will
+  // report to the target (when it tries to acquire it) that the wait was
+  // abandoned. Note: We purposely leak the local handle because we want it to
+  // be closed by Windows itself so it is properly marked as abandoned if the
+  // server dies.
+  if (!g_alive_mutex) {
+    HANDLE mutex = ::CreateMutexW(NULL, TRUE, NULL);
+    if (::InterlockedCompareExchangePointer(&g_alive_mutex, mutex, NULL)) {
+      // We lost the race to create the mutex.
+      ::CloseHandle(mutex);
+    }
+  }
 }
 
 SharedMemIPCServer::~SharedMemIPCServer() {
   // Free the wait handles associated with the thread pool.
   if (!thread_provider_->UnRegisterWaits(this)) {
     // Better to leak than to crash.
     return;
   }
   // Free the IPC signal events.
   ServerContexts::iterator it;
@@ skipping 63 matching lines @@
     service_context->dispatcher = call_dispatcher_;
     service_context->target_info.process = target_process_;
     service_context->target_info.process_id = target_process_id_;
     service_context->target_info.job_object = target_job_object_;
     // Advance to the next channel.
     base_start += channel_size;
     // Register the ping event with the threadpool.
     thread_provider_->RegisterWait(this, service_context->ping_event,
                                    ThreadPingEventReady, service_context);
   }
-
-  // We create a mutex that the server locks. If the server dies unexpectedly,
-  // the thread that owns it will fail to release the lock and windows will
-  // report to the target (when it tries to acquire it) that the wait was
-  // abandoned. Note: We purposely leak the local handle because we want it to
-  // be closed by Windows itself so it is properly marked as abandoned if the
-  // server dies.
-  if (!::DuplicateHandle(::GetCurrentProcess(),
-                         ::CreateMutexW(NULL, TRUE, NULL),
+  if (!::DuplicateHandle(::GetCurrentProcess(), g_alive_mutex,
                          target_process_, &client_control_->server_alive,
                          SYNCHRONIZE | EVENT_MODIFY_STATE, FALSE, 0)) {
     return false;
   }
   // This last setting indicates to the client all is setup.
   client_control_->channels_count = channel_count;
   return true;
 }
 
 // Releases memory allocated for IPC arguments, if needed.
@@ skipping 271 matching lines @@
   }
   *server_pong = ::CreateEventW(NULL, FALSE, FALSE, NULL);
   if (!::DuplicateHandle(::GetCurrentProcess(), *server_pong, target_process_,
                          client_pong, kDesiredAccess, FALSE, 0)) {
     return false;
   }
   return true;
 }
 
 }  // namespace sandbox