Capability: passing fds over IPC

chrome/common/ipc_channel_posix.cc

 // Copyright (c) 2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/ipc_channel_posix.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <stddef.h>
 #include <sys/types.h>
@@ skipping 10 matching lines @@
 
 #include "base/command_line.h"
 #include "base/lock.h"
 #include "base/logging.h"
 #include "base/process_util.h"
 #include "base/scoped_ptr.h"
 #include "base/string_util.h"
 #include "base/singleton.h"
 #include "chrome/common/chrome_counters.h"
 #include "chrome/common/chrome_switches.h"
+#include "chrome/common/file_descriptor_posix.h"
 #include "chrome/common/ipc_message_utils.h"
 
 namespace IPC {
 
 //------------------------------------------------------------------------------
 namespace {
 
 // When running as a browser, we install the client socket in a specific file
 // descriptor number (@kClientChannelFd). However, we also have to support the
 // case where we are running unittests in the same process.
@@ skipping 309 matching lines @@
   }
 
   if (!waiting_connect_)
     return ProcessOutgoingMessages();
   return true;
 }
 
 bool Channel::ChannelImpl::ProcessIncomingMessages() {
   ssize_t bytes_read = 0;
 
+  struct msghdr msg = {0};
+  struct iovec iov = {input_buf_, Channel::kReadBufferSize};
+
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+  msg.msg_control = input_cmsg_buf_;
+  msg.msg_controllen = sizeof(input_cmsg_buf_);
+
   for (;;) {
     if (bytes_read == 0) {
       if (pipe_ == -1)
         return false;
 
       // Read from pipe.
-      // recv() returns 0 if the connection has closed or EAGAIN if no data is
-      // waiting on the pipe.
+      // recvmsg() returns 0 if the connection has closed or EAGAIN if no data
+      // is waiting on the pipe.
       do {
-        bytes_read = read(pipe_, input_buf_, Channel::kReadBufferSize);
+        bytes_read = recvmsg(pipe_, &msg, MSG_DONTWAIT);
       } while (bytes_read == -1 && errno == EINTR);
 
       if (bytes_read < 0) {
         if (errno == EAGAIN) {
           return true;
         } else {
           LOG(ERROR) << "pipe error (" << pipe_ << "): " << strerror(errno);
           return false;
         }
       } else if (bytes_read == 0) {
         // The pipe has closed...
         Close();
         return false;
       }
     }
     DCHECK(bytes_read);
 
     if (client_pipe_ != -1) {
       Singleton<PipeMap>()->Remove(pipe_name_);
       close(client_pipe_);
       client_pipe_ = -1;
     }
 
+    // a pointer to an array of |num_wire_fds| file descriptors from the read
+    const int* wire_fds;
+    unsigned num_wire_fds = 0;
+
+    // walk the list of control messages and, if we find an array of file
+    // descriptors, save a pointer to the array
+    for (struct cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); cmsg;
+         cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+      if (cmsg->cmsg_level == SOL_SOCKET &&
+          cmsg->cmsg_type == SCM_RIGHTS) {
+        const unsigned payload_len = cmsg->cmsg_len - CMSG_LEN(0);
+        DCHECK(payload_len % sizeof(int) == 0);
+        wire_fds = reinterpret_cast<int*>(CMSG_DATA(cmsg));
+        num_wire_fds = payload_len / 4;
+
+        if (msg.msg_flags & MSG_CTRUNC) {
+          LOG(ERROR) << "SCM_RIGHTS message was truncated"
+                     << " cmsg_len:" << cmsg->cmsg_len
+                     << " fd:" << pipe_;
+          for (unsigned i = 0; i < num_wire_fds; ++i)
+            close(wire_fds[i]);
+          return false;
+        }
+        break;
+      }
+    }
+
     // Process messages from input buffer.
     const char *p;
     const char *end;
     if (input_overflow_buf_.empty()) {
       p = input_buf_;
       end = p + bytes_read;
     } else {
       if (input_overflow_buf_.size() >
          static_cast<size_t>(kMaximumMessageSize - bytes_read)) {
         input_overflow_buf_.clear();
         LOG(ERROR) << "IPC message is too big";
         return false;
       }
       input_overflow_buf_.append(input_buf_, bytes_read);
       p = input_overflow_buf_.data();
       end = p + input_overflow_buf_.size();
     }
 
+    // A pointer to an array of |num_fds| file descriptors which includes any
+    // fds that have spilled over from a previous read.
+    const int* fds;
+    unsigned num_fds;
+    unsigned fds_i = 0;  // the index of the first unused descriptor
+
+    if (input_overflow_fds_.empty()) {
+      fds = wire_fds;
+      num_fds = num_wire_fds;
+    } else {
+      const size_t prev_size = input_overflow_fds_.size();
+      input_overflow_fds_.resize(prev_size + num_wire_fds);
+      memcpy(&input_overflow_fds_[prev_size], wire_fds,
+             num_wire_fds * sizeof(int));
+      fds = &input_overflow_fds_[0];
+      num_fds = input_overflow_fds_.size();
+    }
+
     while (p < end) {
       const char* message_tail = Message::FindNext(p, end);
       if (message_tail) {
         int len = static_cast<int>(message_tail - p);
         const Message m(p, len);
+        if (m.header()->num_fds) {
+          // the message has file descriptors
+          if (m.header()->num_fds > num_fds - fds_i) {
+            // the message has been completely received, but we didn't get
+            // enough file descriptors.
+            LOG(WARNING) << "Message needs unreceived descriptors"
+                         << " channel:" << this
+                         << " message-type:" << m.type()
+                         << " header()->num_fds:" << m.header()->num_fds
+                         << " num_fds:" << num_fds
+                         << " fds_i:" << fds_i;
+            // close the existing file descriptors so that we don't leak them
+            for (unsigned i = fds_i; i < num_fds; ++i)
+              close(fds[i]);
+            input_overflow_fds_.clear();
+            return false;
+          }
+
+          m.descriptor_set()->SetDescriptors(&fds[fds_i], m.header()->num_fds);
+          fds_i += m.header()->num_fds;
+        }
 #ifdef IPC_MESSAGE_DEBUG_EXTRA
         DLOG(INFO) << "received message on channel @" << this <<
                       " with type " << m.type();
 #endif
         if (m.routing_id() == MSG_ROUTING_NONE &&
             m.type() == HELLO_MESSAGE_TYPE) {
           // The Hello message contains only the process id.
           listener_->OnChannelConnected(MessageIterator(m).NextInt());
         } else {
           listener_->OnMessageReceived(m);
         }
         p = message_tail;
       } else {
         // Last message is partial.
         break;
       }
     }
     input_overflow_buf_.assign(p, end - p);
+    input_overflow_fds_ = std::vector<int>(&fds[fds_i], &fds[num_fds]);
 
     bytes_read = 0;  // Get more data.
   }
 
   return true;
 }
 
 bool Channel::ChannelImpl::ProcessOutgoingMessages() {
   DCHECK(!waiting_connect_);  // Why are we trying to send messages if there's
                               // no connection?
   is_blocked_on_write_ = false;
 
   if (output_queue_.empty())
     return true;
 
   if (pipe_ == -1)
     return false;
 
   // Write out all the messages we can till the write blocks or there are no
   // more outgoing messages.
   while (!output_queue_.empty()) {
     Message* msg = output_queue_.front();
 
     size_t amt_to_write = msg->size() - message_send_bytes_written_;
     DCHECK(amt_to_write != 0);
     const char *out_bytes = reinterpret_cast<const char*>(msg->data()) +
         message_send_bytes_written_;
     ssize_t bytes_written = -1;
     do {
-      bytes_written = write(pipe_, out_bytes, amt_to_write);
+      struct msghdr msgh = {0};
+      struct iovec iov = {const_cast<char*>(out_bytes), amt_to_write};
+      msgh.msg_iov = &iov;
+      msgh.msg_iovlen = 1;
+      char buf[CMSG_SPACE(
+          sizeof(int[DescriptorSet::MAX_DESCRIPTORS_PER_MESSAGE]))];
+
+      if (message_send_bytes_written_ == 0 &&
+          !msg->descriptor_set()->empty()) {
+        // This is the first chunk of a message which has descriptors to send
+        struct cmsghdr *cmsg;
+        const unsigned num_fds = msg->descriptor_set()->size();
+
+        DCHECK_LE(num_fds, DescriptorSet::MAX_DESCRIPTORS_PER_MESSAGE);
+
+        msgh.msg_control = buf;
+        msgh.msg_controllen = CMSG_SPACE(sizeof(int) * num_fds);
+        cmsg = CMSG_FIRSTHDR(&msgh);
+        cmsg->cmsg_level = SOL_SOCKET;
+        cmsg->cmsg_type = SCM_RIGHTS;
+        cmsg->cmsg_len = CMSG_LEN(sizeof(int) * num_fds);
+        msg->descriptor_set()->GetDescriptors(
+            reinterpret_cast<int*>(CMSG_DATA(cmsg)));
+        msgh.msg_controllen = cmsg->cmsg_len;
+
+        msg->header()->num_fds = num_fds;
+      }
+
+      bytes_written = sendmsg(pipe_, &msgh, MSG_DONTWAIT);
+      if (bytes_written > 0)
+        msg->descriptor_set()->CommitAll();
     } while (bytes_written == -1 && errno == EINTR);
 
     if (bytes_written < 0 && errno != EAGAIN) {
       LOG(ERROR) << "pipe error: " << strerror(errno);
       return false;
     }
 
     if (static_cast<size_t>(bytes_written) != amt_to_write) {
       if (bytes_written > 0) {
         // If write() fails with EAGAIN then bytes_written will be -1.
@@ skipping 140 matching lines @@
   }
 
   // Unlink the FIFO
   unlink(pipe_name_.c_str());
 
   while (!output_queue_.empty()) {
     Message* m = output_queue_.front();
     output_queue_.pop();
     delete m;
   }
+
+  // Close any outstanding, received file descriptors
+  for (std::vector<int>::iterator
+       i = input_overflow_fds_.begin(); i != input_overflow_fds_.end(); ++i) {
+    close(*i);
+  }
+  input_overflow_fds_.clear();
 }
 
 //------------------------------------------------------------------------------
 // Channel's methods simply call through to ChannelImpl.
 Channel::Channel(const std::wstring& channel_id, Mode mode,
                  Listener* listener)
     : channel_impl_(new ChannelImpl(channel_id, mode, listener)) {
 }
 
 Channel::~Channel() {
@@ skipping 19 matching lines @@
 void Channel::GetClientFileDescriptorMapping(int *src_fd, int *dest_fd) {
   return channel_impl_->GetClientFileDescriptorMapping(src_fd, dest_fd);
 }
 
 void Channel::OnClientConnected() {
   return channel_impl_->OnClientConnected();
 }
 
 
 }  // namespace IPC