[mojo-edk] Explicitly serialise HANDLEs into messages instead of PlatformHandles.

mojo/edk/system/channel.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "mojo/edk/system/channel.h"
 
 #include <string.h>
 
 #include <algorithm>
 #include <limits>
@@ skipping 29 matching lines @@
 const size_t kMaxAttachedHandles = 128;
 
 Channel::Message::Message(size_t payload_size,
                           size_t max_handles,
                           Header::MessageType message_type)
     : max_handles_(max_handles) {
   DCHECK_LE(max_handles_, kMaxAttachedHandles);
 
   size_t extra_header_size = 0;
 #if defined(OS_WIN)
-  // On Windows we serialize platform handles into the extra header space.
-  extra_header_size = max_handles_ * sizeof(PlatformHandle);
+  // On Windows we serialize HANDLES into the extra header space.
+  extra_header_size = max_handles_ * sizeof(HANDLE);

[Will Harris, 2016/05/26 19:23:11]

sizeof(HANDLE) is 8 on 64-bit, but handles are actually guaranteed to fit in
32-bit value, so you could reduce this if you wanted, but it would require casts
see base::win::HandleToUint32()

[Anand Mistry (off Chromium), 2016/05/27 03:44:34]

I've changed this to be a uint32_t. But I've change this to use a struct instead
which follows how mach ports are handled, and adds some extensibility (and
indirection) if needed.

 #elif defined(OS_MACOSX) && !defined(OS_IOS)
   // On OSX, some of the platform handles may be mach ports, which are
   // serialised into the message buffer. Since there could be a mix of fds and
   // mach ports, we store the mach ports as an <index, port> pair (of uint32_t),
   // so that the original ordering of handles can be re-created.
   if (max_handles) {
     extra_header_size =
         sizeof(MachPortsExtraHeader) + (max_handles * sizeof(MachPortsEntry));
   }
 #endif
@@ skipping 26 matching lines @@
   header_->message_type = message_type;
 #if defined(OS_CHROMEOS) || defined(OS_ANDROID)
   header_->num_handles = static_cast<uint16_t>(max_handles);
 #else
   header_->num_header_bytes =
       static_cast<uint16_t>(sizeof(Header) + extra_header_size);
 #endif
 
   if (max_handles_ > 0) {
 #if defined(OS_WIN)
-    handles_ = reinterpret_cast<PlatformHandle*>(mutable_extra_header());
+    handles_ = reinterpret_cast<HANDLE*>(mutable_extra_header());
     // Initialize all handles to invalid values.
     for (size_t i = 0; i < max_handles_; ++i)
-      handles()[i] = PlatformHandle();
+      handles_[i] = INVALID_HANDLE_VALUE;
 #elif defined(OS_MACOSX) && !defined(OS_IOS)
     mach_ports_header_ =
         reinterpret_cast<MachPortsExtraHeader*>(mutable_extra_header());
     mach_ports_header_->num_ports = 0;
     // Initialize all handles to invalid values.
     for (size_t i = 0; i < max_handles_; ++i) {
       mach_ports_header_->entries[i] =
           {0, static_cast<uint32_t>(MACH_PORT_NULL)};
     }
 #endif
   }
 }
 
 Channel::Message::~Message() {
-#if defined(OS_WIN)
-  // On POSIX the ScopedPlatformHandleVectorPtr will do this for us.
-  for (size_t i = 0; i < header_->num_handles; ++i)
-    handles()[i].CloseIfNecessary();
-#endif
   base::AlignedFree(data_);
 }
 
 // static
 Channel::MessagePtr Channel::Message::Deserialize(const void* data,
                                                   size_t data_num_bytes) {
 #if !defined(OS_WIN) && !(defined(OS_MACOSX) && !defined(OS_IOS))
   // We only serialize messages into other messages when performing message
   // relay on Windows and OSX.
   NOTREACHED();
@@ skipping 10 matching lines @@
   }
 
   if (header->num_bytes < header->num_header_bytes) {
     DLOG(ERROR) << "Decoding invalid message: " << header->num_bytes << " < "
                 << header->num_header_bytes;
     return nullptr;
   }
 
   uint32_t extra_header_size = header->num_header_bytes - sizeof(Header);
 #if defined(OS_WIN)
-  uint32_t max_handles = extra_header_size / sizeof(PlatformHandle);
+  uint32_t max_handles = extra_header_size / sizeof(HANDLE);
 #elif defined(OS_MACOSX) && !defined(OS_IOS)
   uint32_t max_handles = (extra_header_size - sizeof(MachPortsExtraHeader)) /
       sizeof(MachPortsEntry);
 #endif
   if (header->num_handles > max_handles) {
     DLOG(ERROR) << "Decoding invalid message:" << header->num_handles
                 << " > " << max_handles;
     return nullptr;
   }
 
@@ skipping 11 matching lines @@
   }
 
   if (message->extra_header_size()) {
     // Copy extra header bytes.
     memcpy(message->mutable_extra_header(),
            static_cast<const char*>(data) + sizeof(Header),
            message->extra_header_size());
   }
 
   message->header_->num_handles = header->num_handles;
+#if defined(OS_WIN)
+  ScopedPlatformHandleVectorPtr handles(
+      new PlatformHandleVector(header->num_handles));
+  for (size_t i = 0; i < header->num_handles; i++)
+    (*handles)[i].handle = message->handles_[i];
+  message->SetHandles(std::move(handles));
+#endif
 
   return message;
 #endif
 }
 
 size_t Channel::Message::payload_size() const {
 #if defined(OS_CHROMEOS) || defined(OS_ANDROID)
   return header_->num_bytes - sizeof(Header);
 #else
   return size_ - header_->num_header_bytes;
 #endif
 }
 
-PlatformHandle* Channel::Message::handles() {
-#if defined(OS_CHROMEOS) || defined(OS_ANDROID)
-  // Old semantics for ChromeOS and Android.
-  if (header_->num_handles == 0)
-    return nullptr;
-  CHECK(handle_vector_);
-  return handle_vector_->data();
-#else
-  if (max_handles_ == 0)
-    return nullptr;
-#if defined(OS_WIN)
-  return handles_;
-#else
-  CHECK(handle_vector_);
-  return handle_vector_->data();
-#endif  // defined(OS_WIN)
-#endif  // defined(OS_CHROMEOS) || defined(OS_ANDROID)
-}
-
 #if defined(OS_MACOSX) && !defined(OS_IOS)
 bool Channel::Message::has_mach_ports() const {
   if (!has_handles())
     return false;
 
   for (const auto& handle : (*handle_vector_)) {
     if (handle.type == PlatformHandle::Type::MACH ||
         handle.type == PlatformHandle::Type::MACH_NAME) {
       return true;
     }
@@ skipping 13 matching lines @@
   std::swap(handle_vector_, new_handles);
 
 #else
   if (max_handles_ == 0) {
     CHECK(!new_handles || new_handles->size() == 0);
     return;
   }
 
   CHECK(new_handles && new_handles->size() <= max_handles_);
   header_->num_handles = static_cast<uint16_t>(new_handles->size());
+  std::swap(handle_vector_, new_handles);
 #if defined(OS_WIN)
-  memcpy(handles(), new_handles->data(),
-         sizeof(PlatformHandle) * new_handles->size());
-  new_handles->clear();
-#else
-  std::swap(handle_vector_, new_handles);
+  memset(handles_, 0, extra_header_size());
+  for (size_t i = 0; i < handle_vector_->size(); i++)
+    handles_[i] = (*handle_vector_)[i].handle;
 #endif  // defined(OS_WIN)
 #endif  // defined(OS_CHROMEOS) || defined(OS_ANDROID)
 
 #if defined(OS_MACOSX) && !defined(OS_IOS)
   size_t mach_port_index = 0;
   if (mach_ports_header_) {
     for (size_t i = 0; i < max_handles_; ++i) {
       mach_ports_header_->entries[i] =
           {0, static_cast<uint32_t>(MACH_PORT_NULL)};
     }
     for (size_t i = 0; i < handle_vector_->size(); i++) {
       if ((*handle_vector_)[i].type == PlatformHandle::Type::MACH ||
           (*handle_vector_)[i].type == PlatformHandle::Type::MACH_NAME) {
         mach_port_t port = (*handle_vector_)[i].port;
         mach_ports_header_->entries[mach_port_index].index = i;
         mach_ports_header_->entries[mach_port_index].mach_port = port;
         mach_port_index++;
       }
     }
     mach_ports_header_->num_ports = static_cast<uint16_t>(mach_port_index);
   }
 #endif
 }
 
 ScopedPlatformHandleVectorPtr Channel::Message::TakeHandles() {
-#if defined(OS_WIN)
-  if (header_->num_handles == 0)
-    return ScopedPlatformHandleVectorPtr();
-  ScopedPlatformHandleVectorPtr moved_handles(
-      new PlatformHandleVector(header_->num_handles));
-  for (size_t i = 0; i < header_->num_handles; ++i)
-    std::swap(moved_handles->at(i), handles()[i]);
-  header_->num_handles = 0;
-  return moved_handles;
-#elif defined(OS_MACOSX) && !defined(OS_IOS)
+#if defined(OS_MACOSX) && !defined(OS_IOS)
   if (mach_ports_header_) {
     for (size_t i = 0; i < max_handles_; ++i) {
       mach_ports_header_->entries[i] =
           {0, static_cast<uint32_t>(MACH_PORT_NULL)};
     }
     mach_ports_header_->num_ports = 0;
   }
   header_->num_handles = 0;
   return std::move(handle_vector_);
 #else
@@ skipping 24 matching lines @@
   return std::move(handle_vector_);
 #else
   return std::move(handle_vector_);
 #endif
 }
 
 #if defined(OS_WIN)
 // static
 bool Channel::Message::RewriteHandles(base::ProcessHandle from_process,
                                       base::ProcessHandle to_process,
-                                      PlatformHandle* handles,
-                                      size_t num_handles) {
+                                      PlatformHandleVector* handles) {
   bool success = true;
-  for (size_t i = 0; i < num_handles; ++i) {
-    if (!handles[i].is_valid()) {
+  for (size_t i = 0; i < handles->size(); ++i) {
+    if (!(*handles)[i].is_valid()) {
       DLOG(ERROR) << "Refusing to duplicate invalid handle.";
       continue;
     }
-    DCHECK_EQ(handles[i].owning_process, from_process);
+    DCHECK_EQ((*handles)[i].owning_process, from_process);
     BOOL result = DuplicateHandle(
-        from_process, handles[i].handle, to_process,
-        &handles[i].handle, 0, FALSE,
+        from_process, (*handles)[i].handle, to_process,
+        &(*handles)[i].handle, 0, FALSE,
         DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE);
     if (result) {
-      handles[i].owning_process = to_process;
+      (*handles)[i].owning_process = to_process;
     } else {
       success = false;
 
       // If handle duplication fails, the source handle will already be closed
       // due to DUPLICATE_CLOSE_SOURCE. Replace the handle in the message with
       // an invalid handle.
-      handles[i].handle = INVALID_HANDLE_VALUE;
-      handles[i].owning_process = base::GetCurrentProcessHandle();
+      (*handles)[i].handle = INVALID_HANDLE_VALUE;
+      (*handles)[i].owning_process = base::GetCurrentProcessHandle();
     }
   }
   return success;
 }
 #endif
 
 // Helper class for managing a Channel's read buffer allocations. This maintains
 // a single contiguous buffer with the layout:
 //
 //   [discarded bytes][occupied bytes][unoccupied bytes]
@@ skipping 226 matching lines @@
 
 bool Channel::OnControlMessage(Message::Header::MessageType message_type,
                                const void* payload,
                                size_t payload_size,
                                ScopedPlatformHandleVectorPtr handles) {
   return false;
 }
 
 }  // namespace edk
 }  // namespace mojo