Non-SFI NaCl: Batch-open resource files

components/nacl/renderer/ppb_nacl_private_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/nacl/renderer/ppb_nacl_private_impl.h"
 
 #include <numeric>
 #include <string>
 #include <vector>
 
@@ skipping 283 matching lines @@
   DCHECK(pp_process_type > PP_UNKNOWN_NACL_PROCESS_TYPE &&
          pp_process_type < PP_NUM_NACL_PROCESS_TYPES);
   return static_cast<NaClAppProcessType>(pp_process_type);
 }
 
 // Launch NaCl's sel_ldr process.
 void LaunchSelLdr(PP_Instance instance,
                   PP_Bool main_service_runtime,
                   const char* alleged_url,
                   const PP_NaClFileInfo* nexe_file_info,
+                  const PP_NaClResourceFileHandle* resource_file_handles,
                   PP_Bool uses_nonsfi_mode,
                   PP_Bool enable_ppapi_dev,
                   PP_NaClAppProcessType pp_process_type,
                   void* imc_handle,
                   PP_CompletionCallback callback) {
   CHECK(ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->
             BelongsToCurrentThread());
   NaClAppProcessType process_type = PP_ToNaClAppProcessType(pp_process_type);
   // Create the manifest service proxy here, so on error case, it will be
   // destructed (without passing it to ManifestServiceChannel).
@@ skipping 33 matching lines @@
   // must also check on the trusted side of the proxy.
   if (enable_ppapi_dev)
     perm_bits |= ppapi::PERMISSION_DEV;
   instance_info.permissions =
       ppapi::PpapiPermissions::GetForCommandLine(perm_bits);
   std::string error_message_string;
   NaClLaunchResult launch_result;
 
   IPC::PlatformFileForTransit nexe_for_transit =
       IPC::InvalidPlatformFileForTransit();
+  std::vector<IPC::PlatformFileForTransit> resource_files_for_transit;
+  std::vector<std::pair<uint64, uint64> > resource_file_tokens;
+  std::vector<std::string> resource_keys;
 #if defined(OS_POSIX)
   if (nexe_file_info->handle != PP_kInvalidFileHandle)
     nexe_for_transit = base::FileDescriptor(nexe_file_info->handle, true);
+  for (size_t i = 0;
+       resource_file_handles &&
+           (resource_file_handles[i].handle != PP_kInvalidFileHandle);
+       ++i) {
+    resource_files_for_transit.push_back(
+        base::FileDescriptor(resource_file_handles[i].handle, true));
+    resource_file_tokens.push_back(
+        std::make_pair(resource_file_handles[i].token_lo,
+                       resource_file_handles[i].token_hi));
+    resource_keys.push_back(resource_file_handles[i].key);
+  }
 #elif defined(OS_WIN)
   // Duplicate the handle on the browser side instead of the renderer.
   // This is because BrokerGetFileForProcess isn't part of content/public, and
   // it's simpler to do the duplication in the browser anyway.
   nexe_for_transit = nexe_file_info->handle;
+  // TODO(yusukes): Support pre-opening resource files.
+  CHECK(resource_file_handles == NULL);
 #else
 #error Unsupported target platform.
 #endif
   if (!sender->Send(new NaClHostMsg_LaunchNaCl(
           NaClLaunchParams(
               instance_info.url.spec(),
               nexe_for_transit,
               nexe_file_info->token_lo,
               nexe_file_info->token_hi,
+              resource_files_for_transit,
+              resource_file_tokens,
+              resource_keys,
               routing_id,
               perm_bits,
               PP_ToBool(uses_nonsfi_mode),
               process_type),
           &launch_result,
           &error_message_string))) {
     ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask(
         FROM_HERE,
         base::Bind(callback.func, callback.user_data,
                    static_cast<int32_t>(PP_ERROR_FAILED)));
@@ skipping 290 matching lines @@
     }
   }
 
   // If the resource host isn't initialized, don't try to do that here.
   // Just return because something is already very wrong.
   if (g_pnacl_resource_host.Get().get() == NULL)
     return;
   g_pnacl_resource_host.Get()->ReportTranslationFinished(instance, success);
 }
 
-PP_FileHandle OpenNaClExecutable(PP_Instance instance,
-                                 const char* file_url,
-                                 uint64_t* nonce_lo,
-                                 uint64_t* nonce_hi) {
+PP_FileHandle OpenNaClExecutable(

[teravest, 2014/10/24 16:18:06]

OpenNaClExecutable should probably be renamed to OpenNaClResources throughout.

[Yusuke Sato, 2014/11/04 22:50:22]

Done.

+    PP_Instance instance,
+    const char* file_url,
+    uint64_t* nonce_lo,
+    uint64_t* nonce_hi,
+    const std::vector<std::string>& resource_file_urls,
+    PP_NaClResourceFileHandle** out_resource_file_handles) {
   // Fast path only works for installed file URLs.
   GURL gurl(file_url);
   if (!gurl.SchemeIs("chrome-extension"))
     return PP_kInvalidFileHandle;
 
   content::PepperPluginInstance* plugin_instance =
       content::PepperPluginInstance::Get(instance);
   if (!plugin_instance)
     return PP_kInvalidFileHandle;
   // IMPORTANT: Make sure the document can request the given URL. If we don't
   // check, a malicious app could probe the extension system. This enforces a
   // same-origin policy which prevents the app from requesting resources from
   // another app.
   blink::WebSecurityOrigin security_origin =
       plugin_instance->GetContainer()->element().document().securityOrigin();
   if (!security_origin.canRequest(gurl))
     return PP_kInvalidFileHandle;
 
   IPC::PlatformFileForTransit out_fd = IPC::InvalidPlatformFileForTransit();
   IPC::Sender* sender = content::RenderThread::Get();
   DCHECK(sender);
   *nonce_lo = 0;
   *nonce_hi = 0;
   base::FilePath file_path;
-  if (!sender->Send(
-      new NaClHostMsg_OpenNaClExecutable(GetRoutingID(instance),
-                                         GURL(file_url),
-                                         &out_fd,
-                                         nonce_lo,
-                                         nonce_hi))) {
+
+  std::vector<GURL> resource_urls;
+  for (size_t i = 0; i < resource_file_urls.size(); ++i) {
+    GURL gurl(resource_file_urls[i]);
+    if (!gurl.SchemeIs("chrome-extension"))
+      return PP_kInvalidFileHandle;
+    if (!security_origin.canRequest(gurl))
+      return PP_kInvalidFileHandle;
+    resource_urls.push_back(gurl);
+  }
+
+  nacl::NaClOpenExecutableResult open_result;
+  if (!sender->Send(new NaClHostMsg_OpenNaClExecutable(GetRoutingID(instance),
+                                                       GURL(file_url),
+                                                       resource_urls,
+                                                       &open_result))) {
     return PP_kInvalidFileHandle;
   }
 
-  if (out_fd == IPC::InvalidPlatformFileForTransit())
+  if (open_result.file == IPC::InvalidPlatformFileForTransit())
     return PP_kInvalidFileHandle;
 
+  for (size_t i = 0; i < open_result.resource_files.size(); ++i) {
+    if (open_result.resource_files[i] == IPC::InvalidPlatformFileForTransit())
+      return PP_kInvalidFileHandle;

[teravest, 2014/10/24 16:18:06]

There should at least be some debug logging added to note which resource file
failed to open.

[Yusuke Sato, 2014/11/04 22:50:22]

Done.

+  }
+  CHECK(open_result.resource_files.size() ==
+        open_result.resource_file_tokens.size());
+
+  out_fd = open_result.file;
+  *nonce_lo = open_result.file_token_lo;
+  *nonce_lo = open_result.file_token_hi;

[teravest, 2014/10/24 16:18:06]

Shouldn't this be nonce_hi? Is the behavior for file tokens tested?

[Yusuke Sato, 2014/11/04 22:50:22]

Good catch. Fixed. This will be used in the next CL for SFI-NaCl.

+
+  if (out_resource_file_handles && !open_result.resource_files.empty()) {
+    *out_resource_file_handles =
+        new PP_NaClResourceFileHandle[open_result.resource_files.size() + 1];
+    for (size_t i = 0; i < open_result.resource_files.size(); ++i) {
+      PP_NaClResourceFileHandle& entry = (*out_resource_file_handles)[i];
+      entry.handle = IPC::PlatformFileForTransitToPlatformFile(
+          open_result.resource_files[i]);
+      entry.token_lo = open_result.resource_file_tokens[i].first;
+      entry.token_hi = open_result.resource_file_tokens[i].second;
+      entry.key = NULL;  // DownloadNexe fills this later.
+    }
+    PP_NaClResourceFileHandle& sentinel =
+        (*out_resource_file_handles)[open_result.resource_files.size()];

[teravest, 2014/10/24 16:18:06]

So, out_resource_file_handles is always guaranteed to have length one more than
open_result.resource_files?

Why store a sentinel value instead of passing a length around?

[Yusuke Sato, 2014/11/04 22:50:22]

Done.

+    sentinel.handle = PP_kInvalidFileHandle;
+    sentinel.token_lo = 0;
+    sentinel.token_hi = 0;
+    sentinel.key = NULL;
+  }
+
   return IPC::PlatformFileForTransitToPlatformFile(out_fd);
 }
 
 void DispatchEvent(PP_Instance instance,
                    PP_NaClEventType event_type,
                    const char *resource_url,
                    PP_Bool length_is_computable,
                    uint64_t loaded_bytes,
                    uint64_t total_bytes) {
   ProgressEvent event(event_type,
@@ skipping 473 matching lines @@
 };
 
 void DownloadNexeCompletion(const DownloadNexeRequest& request,
                             PP_NaClFileInfo* out_file_info,
                             FileDownloader::Status status,
                             base::File target_file,
                             int http_status);
 
 void DownloadNexe(PP_Instance instance,
                   const char* url,
+                  PP_Bool download_resource_files,
                   PP_NaClFileInfo* out_file_info,
+                  PP_NaClResourceFileHandle** out_resource_file_handles,
                   PP_CompletionCallback callback) {
   CHECK(url);
   CHECK(out_file_info);
+  CHECK(!download_resource_files || out_resource_file_handles);
+
   DownloadNexeRequest request;
   request.instance = instance;
   request.url = url;
   request.callback = callback;
   request.start_time = base::Time::Now();
 
+  std::vector<std::string> resource_file_urls;
+  std::vector<std::string> resource_file_keys;
+  if (download_resource_files) {
+    JsonManifest* manifest = GetJsonManifest(instance);
+    if (manifest)
+      manifest->GetFilesUrl(&resource_file_urls, &resource_file_keys);
+    CHECK(resource_file_urls.size() == resource_file_keys.size());
+
+    // TODO(yusukes): Increase kMaxDescriptorsPerMessage in
+    // ipc/file_descriptor_set_posix.h, NACL_ABI_IMC_USER_DESC_MAX in
+    // native_client/src/public/imc_types.h, and NACL_HANDLE_COUNT_MAX in
+    // native_client/src/shared/imc/nacl_imc_c.h, and remove the resize()
+    // calls.
+    if (resource_file_urls.size() > 2) {

[teravest, 2014/10/24 16:18:06]

So what happens if more than two resource file urls are requeted? Only the first
two get fetched?

[Yusuke Sato, 2014/11/04 22:50:22]

Yes.

[Yusuke Sato, 2014/11/05 07:03:23]

It turned out that removing the restriction does not require native_client/
changes. Slightly modified two files in ipc/ and removed the resize(2) calls.

+      resource_file_urls.resize(2);
+      resource_file_keys.resize(2);
+    }
+  }
+
   // Try the fast path for retrieving the file first.
   PP_FileHandle handle = OpenNaClExecutable(instance,
                                             url,
                                             &out_file_info->token_lo,
-                                            &out_file_info->token_hi);
+                                            &out_file_info->token_hi,
+                                            resource_file_urls,
+                                            out_resource_file_handles);
   if (handle != PP_kInvalidFileHandle) {
+    if (!resource_file_urls.empty()) {
+      for (size_t i = 0; i < resource_file_urls.size(); ++i) {
+        PP_NaClResourceFileHandle& entry = (*out_resource_file_handles)[i];
+        CHECK(entry.handle != PP_kInvalidFileHandle) << i;
+        entry.key = strdup(resource_file_keys[i].c_str());
+      }
+    }
     DownloadNexeCompletion(request,
                            out_file_info,
                            FileDownloader::SUCCESS,
                            base::File(handle),
                            200);
     return;
   }
 
   // The fast path didn't work, we'll fetch the file using URLLoader and write
   // it to local storage.
   base::File target_file(CreateTemporaryFile(instance));
   GURL gurl(url);
 
+  // On the slow path, do not retry to pre-open the resource files.
+  if (out_resource_file_handles)
+    *out_resource_file_handles = NULL;
+
   content::PepperPluginInstance* plugin_instance =
       content::PepperPluginInstance::Get(instance);
   if (!plugin_instance) {
     ppapi::PpapiGlobals::Get()->GetMainThreadMessageLoop()->PostTask(
         FROM_HERE,
         base::Bind(callback.func, callback.user_data,
                    static_cast<int32_t>(PP_ERROR_FAILED)));
   }
   const blink::WebDocument& document =
       plugin_instance->GetContainer()->element().document();
@@ skipping 120 matching lines @@
                    kInvalidNaClFileInfo));
     return;
   }
 
   // Try the fast path for retrieving the file first.
   uint64_t file_token_lo = 0;
   uint64_t file_token_hi = 0;
   PP_FileHandle file_handle = OpenNaClExecutable(instance,
                                                  url.c_str(),
                                                  &file_token_lo,
-                                                 &file_token_hi);
+                                                 &file_token_hi,
+                                                 std::vector<std::string>(),
+                                                 NULL);
   if (file_handle != PP_kInvalidFileHandle) {
     PP_NaClFileInfo file_info;
     file_info.handle = file_handle;
     file_info.token_lo = file_token_lo;
     file_info.token_hi = file_token_hi;
     base::MessageLoop::current()->PostTask(
         FROM_HERE,
         base::Bind(callback, static_cast<int32_t>(PP_OK), file_info));
     return;
   }
@@ skipping 301 matching lines @@
   &StreamPexe
 };
 
 }  // namespace
 
 const PPB_NaCl_Private* GetNaClPrivateInterface() {
   return &nacl_interface;
 }
 
 }  // namespace nacl