| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef MEDIA_BASE_ANDROID_MEDIA_SERVICE_THROTTLER_H_ |
| 6 #define MEDIA_BASE_ANDROID_MEDIA_SERVICE_THROTTLER_H_ |
| 7 |
| 8 #include <memory> |
| 9 |
| 10 #include "base/callback_forward.h" |
| 11 #include "base/cancelable_callback.h" |
| 12 #include "base/lazy_instance.h" |
| 13 #include "base/macros.h" |
| 14 #include "base/single_thread_task_runner.h" |
| 15 #include "base/time/tick_clock.h" |
| 16 #include "base/time/time.h" |
| 17 #include "media/base/media_export.h" |
| 18 |
| 19 namespace media { |
| 20 class MediaServerCrashListener; |
| 21 |
| 22 // The MediaServiceThrottler's purpose is to prevent a compromised process from |
| 23 // attempting to crash the MediaServer, by repeatedly requesting resources or |
| 24 // issuing malformed requests. It is used to delay the creation of Android |
| 25 // MediaServer clients (currently only the MediaPlayerBridge) by some amount |
| 26 // that makes it impractical to DOS the MediaServer (by requesting the |
| 27 // playback of hundreds of malformed URLs per second, for example). |
| 28 // |
| 29 // GetDelayForClientCreation() linearly spaces out client creations and |
| 30 // guarantees that the clients will never be scheduled faster than some |
| 31 // threshold (see the .cc file for the latest values). |
| 32 // The MediaServiceThrottler also uses a MediaServerCrashListener to monitor for |
| 33 // MediaServer crashes. The delay between client creations is exponentially |
| 34 // increased (up to a cap) based on the number of recent MediaServer crashes. |
| 35 // |
| 36 // NOTE: The MediaServiceThrottler has small moving window that allows a certain |
| 37 // number of clients to be immediately scheduled, while still respecting the |
| 38 // max scheduling rates. This allows clients to be 'burst created' to account |
| 39 // for a burst of requests from a new page load. |
| 40 // |
| 41 // For an example of usage, look at MediaPlayerRenderer::Initialize(). |
| 42 class MEDIA_EXPORT MediaServiceThrottler { |
| 43 public: |
| 44 // Called to get the singleton MediaServiceThrottler instance. |
| 45 // The first thread on which GetInstance() is called is the thread on which |
| 46 // calls to OnMediaServerCrash() will be signaled. |
| 47 static MediaServiceThrottler* GetInstance(); |
| 48 |
| 49 // Returns the delay to wait until a new client is allowed to be created. |
| 50 base::TimeDelta GetDelayForClientCreation(); |
| 51 |
| 52 // Test only methods. |
| 53 void SetTickClockForTesting(base::TickClock* clock); |
| 54 void ResetInternalStateForTesting(); |
| 55 base::TimeDelta GetBaseThrottlingRateForTesting(); |
| 56 bool IsCrashListenerAliveForTesting(); |
| 57 void SetCrashListenerTaskRunnerForTesting( |
| 58 scoped_refptr<base::SingleThreadTaskRunner> crash_listener_task_runner); |
| 59 |
| 60 private: |
| 61 friend struct base::DefaultLazyInstanceTraits<MediaServiceThrottler>; |
| 62 friend class MediaServiceThrottlerTest; |
| 63 |
| 64 MediaServiceThrottler(); |
| 65 virtual ~MediaServiceThrottler(); |
| 66 |
| 67 // Called by the |crash_listener_| whenever a crash is detected. |
| 68 void OnMediaServerCrash(bool watchdog_needs_release); |
| 69 |
| 70 // Updates |current_craches_| according to a linear decay function. |
| 71 void UpdateServerCrashes(); |
| 72 |
| 73 // Ensures that the MediaServerCrashListener was properly started (can lead |
| 74 // to OnMediaServerCrash() being called in the case it hasn't). |
| 75 void EnsureCrashListenerStarted(); |
| 76 |
| 77 // Frees up the resources used by |crash_listener_|; |
| 78 void ReleaseCrashListener(); |
| 79 |
| 80 // Gets the delay for ScheduleClientCreation(), which grows exponentially |
| 81 // based on |current_crashes_|. |
| 82 base::TimeDelta GetThrottlingDelayFromServerCrashes(); |
| 83 |
| 84 std::unique_ptr<base::TickClock> clock_; |
| 85 |
| 86 // Effective number of media server crashes. |
| 87 // NOTE: This is of type double because we decay the number of crashes at a |
| 88 // rate of one per minute (e.g. 30s after a single crash, |curren_crashes_| |
| 89 // should be equal to 0.5). |
| 90 double current_crashes_; |
| 91 |
| 92 // Next time at which a client creation can be scheduled. |
| 93 base::TimeTicks next_schedulable_slot_; |
| 94 |
| 95 // Last media server crash time. |
| 96 base::TimeTicks last_server_crash_; |
| 97 |
| 98 // Last time UpdateServerCrashes() was called. |
| 99 base::TimeTicks last_current_crash_update_time_; |
| 100 |
| 101 // Last time ScheduleClientCreation() was called. |
| 102 base::TimeTicks last_schedule_call_; |
| 103 |
| 104 // Callbacks used to release |crash_listener_| after 60s of inactivity. |
| 105 base::Closure release_crash_listener_cb_; |
| 106 base::CancelableClosure cancelable_release_crash_listener_cb_; |
| 107 |
| 108 // Listener that verifies |
| 109 std::unique_ptr<MediaServerCrashListener> crash_listener_; |
| 110 |
| 111 scoped_refptr<base::SingleThreadTaskRunner> crash_listener_task_runner_; |
| 112 |
| 113 DISALLOW_COPY_AND_ASSIGN(MediaServiceThrottler); |
| 114 }; |
| 115 |
| 116 } // namespace media |
| 117 |
| 118 #endif // MEDIA_BASE_ANDROID_MEDIA_SERVICE_THROTTLER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2471903002:
Add MediaServiceThrottler (Closed)
