NaCl: Clean up how FDs are passed to nacl_helper instances on Linux

chrome/nacl/nacl_helper_linux.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // A mini-zygote specifically for Native Client.
 
 #include "components/nacl/common/nacl_helper_linux.h"
 
 #include <errno.h>
 #include <fcntl.h>
@@ skipping 12 matching lines @@
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/posix/global_descriptors.h"
 #include "base/posix/unix_domain_socket_linux.h"
 #include "base/process/kill.h"
 #include "base/rand_util.h"
 #include "components/nacl/loader/nacl_listener.h"
 #include "components/nacl/loader/nacl_sandbox_linux.h"
+#include "content/public/common/zygote_fork_delegate_linux.h"
 #include "crypto/nss_util.h"
 #include "ipc/ipc_descriptors.h"
 #include "ipc/ipc_switches.h"
 #include "sandbox/linux/services/libc_urandom_override.h"
 
 namespace {
 
 struct NaClLoaderSystemInfo {
   size_t prereserved_sandbox_size;
   long number_of_cores;
 };
 
 // The child must mimic the behavior of zygote_main_linux.cc on the child
 // side of the fork. See zygote_main_linux.cc:HandleForkRequest from
 //   if (!child) {
 void BecomeNaClLoader(const std::vector<int>& child_fds,
                       const NaClLoaderSystemInfo& system_info) {
   VLOG(1) << "NaCl loader: setting up IPC descriptor";
   // don't need zygote FD any more
   if (HANDLE_EINTR(close(kNaClZygoteDescriptor)) != 0)
     LOG(ERROR) << "close(kNaClZygoteDescriptor) failed.";
   bool sandbox_initialized = InitializeBpfSandbox();
   if (!sandbox_initialized) {
     LOG(ERROR) << "Could not initialize NaCl's second "
       << "layer sandbox (seccomp-bpf).";
   }
-  base::GlobalDescriptors::GetInstance()->Set(kPrimaryIPCChannel,
-                                              child_fds[kNaClBrowserFDIndex]);
+  base::GlobalDescriptors::GetInstance()->Set(
+      kPrimaryIPCChannel,
+      child_fds[content::ZygoteForkDelegate::kBrowserFDIndex]);
 
   base::MessageLoopForIO main_message_loop;
   NaClListener listener;
   listener.set_prereserved_sandbox_size(system_info.prereserved_sandbox_size);
   listener.set_number_of_cores(system_info.number_of_cores);
   listener.Listen();
   _exit(0);
 }
 
 // Start the NaCl loader in a child created by the NaCl loader Zygote.
 void ChildNaClLoaderInit(const std::vector<int>& child_fds,
                          const NaClLoaderSystemInfo& system_info) {
+  int parent_fd = child_fds[content::ZygoteForkDelegate::kParentFDIndex];

[jln (very slow on Chromium), 2013/10/07 18:12:06]

Do you want to make these const?

[Mark Seaborn, 2013/10/08 18:31:06]

I don't normally do that for local variables, but it doesn't hurt, so OK.

+  int dummy_fd = child_fds[content::ZygoteForkDelegate::kDummyFDIndex];
   bool validack = false;
   const size_t kMaxReadSize = 1024;
   char buffer[kMaxReadSize];
   // Wait until the parent process has discovered our PID.  We
   // should not fork any child processes (which the seccomp
   // sandbox does) until then, because that can interfere with the
   // parent's discovery of our PID.
-  const int nread = HANDLE_EINTR(read(child_fds[kNaClParentFDIndex], buffer,
-                                      kMaxReadSize));
+  const int nread = HANDLE_EINTR(read(parent_fd, buffer, kMaxReadSize));
   const std::string switch_prefix = std::string("--") +
       switches::kProcessChannelID + std::string("=");
   const size_t len = switch_prefix.length();
 
   if (nread < 0) {
     perror("read");
     LOG(ERROR) << "read returned " << nread;
   } else if (nread > static_cast<int>(len)) {
     if (switch_prefix.compare(0, len, buffer, 0, len) == 0) {
       VLOG(1) << "NaCl loader is synchronised with Chrome zygote";
       CommandLine::ForCurrentProcess()->AppendSwitchASCII(
           switches::kProcessChannelID,
           std::string(&buffer[len], nread - len));
       validack = true;
     }
   }
-  if (HANDLE_EINTR(close(child_fds[kNaClDummyFDIndex])) != 0)
-    LOG(ERROR) << "close(child_fds[kNaClDummyFDIndex]) failed";
-  if (HANDLE_EINTR(close(child_fds[kNaClParentFDIndex])) != 0)
-    LOG(ERROR) << "close(child_fds[kNaClParentFDIndex]) failed";
+  if (HANDLE_EINTR(close(dummy_fd)) != 0)
+    LOG(ERROR) << "close(dummy_fd) failed";
+  if (HANDLE_EINTR(close(parent_fd)) != 0)
+    LOG(ERROR) << "close(parent_fd) failed";
   if (validack) {
     BecomeNaClLoader(child_fds, system_info);
   } else {
     LOG(ERROR) << "Failed to synch with zygote";
   }
   _exit(1);
 }
 
 // Handle a fork request from the Zygote.
 // Some of this code was lifted from
 // content/browser/zygote_main_linux.cc:ForkWithRealPid()
 bool HandleForkRequest(const std::vector<int>& child_fds,
                        const NaClLoaderSystemInfo& system_info,
                        Pickle* output_pickle) {
-  if (kNaClParentFDIndex + 1 != child_fds.size()) {
+  if (content::ZygoteForkDelegate::kParentFDIndex + 1 != child_fds.size()) {

[jln (very slow on Chromium), 2013/10/07 18:12:06]

kNumPassedFds ? (see comment at the enum declaration)

[Mark Seaborn, 2013/10/08 18:31:06]

Done.

     LOG(ERROR) << "nacl_helper: unexpected number of fds, got "
         << child_fds.size();
     return false;
   }
 
   VLOG(1) << "nacl_helper: forking";
   pid_t child_pid = fork();
   if (child_pid < 0) {
     PLOG(ERROR) << "*** fork() failed.";
   }
@@ skipping 251 matching lines @@
   // Now handle requests from the Zygote.
   while (true) {
     bool request_handled = HandleZygoteRequest(kNaClZygoteDescriptor,
                                                system_info);
     // Do not turn this into a CHECK() without thinking about robustness
     // against malicious IPC requests.
     DCHECK(request_handled);
   }
   NOTREACHED();
 }