| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 // TODO(vtl): I currently potentially overflow in doing index calculations. | |
| 6 // E.g., |start_index_| and |current_num_bytes_| fit into a |uint32_t|, but | |
| 7 // their sum may not. This is bad and poses a security risk. (We're currently | |
| 8 // saved by the limit on capacity -- the maximum size of the buffer, checked in | |
| 9 // |DataPipe::ValidateOptions()|, is currently sufficiently small.) | |
| 10 | |
| 11 #include "mojo/edk/system/local_data_pipe.h" | |
| 12 | |
| 13 #include <string.h> | |
| 14 | |
| 15 #include <algorithm> | |
| 16 | |
| 17 #include "base/logging.h" | |
| 18 #include "mojo/edk/system/configuration.h" | |
| 19 | |
| 20 namespace mojo { | |
| 21 namespace system { | |
| 22 | |
| 23 LocalDataPipe::LocalDataPipe(const MojoCreateDataPipeOptions& options) | |
| 24 : DataPipe(true, true, options), start_index_(0), current_num_bytes_(0) { | |
| 25 // Note: |buffer_| is lazily allocated, since a common case will be that one | |
| 26 // of the handles is immediately passed off to another process. | |
| 27 } | |
| 28 | |
| 29 LocalDataPipe::~LocalDataPipe() { | |
| 30 } | |
| 31 | |
| 32 void LocalDataPipe::ProducerCloseImplNoLock() { | |
| 33 // If the consumer is still open and we still have data, we have to keep the | |
| 34 // buffer around. Currently, we won't free it even if it empties later. (We | |
| 35 // could do this -- requiring a check on every read -- but that seems to be | |
| 36 // optimizing for the uncommon case.) | |
| 37 if (!consumer_open_no_lock() || !current_num_bytes_) { | |
| 38 // Note: There can only be a two-phase *read* (by the consumer) if we still | |
| 39 // have data. | |
| 40 DCHECK(!consumer_in_two_phase_read_no_lock()); | |
| 41 DestroyBufferNoLock(); | |
| 42 } | |
| 43 } | |
| 44 | |
| 45 MojoResult LocalDataPipe::ProducerWriteDataImplNoLock( | |
| 46 UserPointer<const void> elements, | |
| 47 UserPointer<uint32_t> num_bytes, | |
| 48 uint32_t max_num_bytes_to_write, | |
| 49 uint32_t min_num_bytes_to_write) { | |
| 50 DCHECK_EQ(max_num_bytes_to_write % element_num_bytes(), 0u); | |
| 51 DCHECK_EQ(min_num_bytes_to_write % element_num_bytes(), 0u); | |
| 52 DCHECK_GT(max_num_bytes_to_write, 0u); | |
| 53 DCHECK(consumer_open_no_lock()); | |
| 54 | |
| 55 size_t num_bytes_to_write = 0; | |
| 56 if (may_discard()) { | |
| 57 if (min_num_bytes_to_write > capacity_num_bytes()) | |
| 58 return MOJO_RESULT_OUT_OF_RANGE; | |
| 59 | |
| 60 num_bytes_to_write = std::min(static_cast<size_t>(max_num_bytes_to_write), | |
| 61 capacity_num_bytes()); | |
| 62 if (num_bytes_to_write > capacity_num_bytes() - current_num_bytes_) { | |
| 63 // Discard as much as needed (discard oldest first). | |
| 64 MarkDataAsConsumedNoLock(num_bytes_to_write - | |
| 65 (capacity_num_bytes() - current_num_bytes_)); | |
| 66 // No need to wake up write waiters, since we're definitely going to leave | |
| 67 // the buffer full. | |
| 68 } | |
| 69 } else { | |
| 70 if (min_num_bytes_to_write > capacity_num_bytes() - current_num_bytes_) { | |
| 71 // Don't return "should wait" since you can't wait for a specified amount | |
| 72 // of data. | |
| 73 return MOJO_RESULT_OUT_OF_RANGE; | |
| 74 } | |
| 75 | |
| 76 num_bytes_to_write = std::min(static_cast<size_t>(max_num_bytes_to_write), | |
| 77 capacity_num_bytes() - current_num_bytes_); | |
| 78 } | |
| 79 if (num_bytes_to_write == 0) | |
| 80 return MOJO_RESULT_SHOULD_WAIT; | |
| 81 | |
| 82 // The amount we can write in our first |memcpy()|. | |
| 83 size_t num_bytes_to_write_first = | |
| 84 std::min(num_bytes_to_write, GetMaxNumBytesToWriteNoLock()); | |
| 85 // Do the first (and possibly only) |memcpy()|. | |
| 86 size_t first_write_index = | |
| 87 (start_index_ + current_num_bytes_) % capacity_num_bytes(); | |
| 88 EnsureBufferNoLock(); | |
| 89 elements.GetArray(buffer_.get() + first_write_index, | |
| 90 num_bytes_to_write_first); | |
| 91 | |
| 92 if (num_bytes_to_write_first < num_bytes_to_write) { | |
| 93 // The "second write index" is zero. | |
| 94 elements.At(num_bytes_to_write_first) | |
| 95 .GetArray(buffer_.get(), num_bytes_to_write - num_bytes_to_write_first); | |
| 96 } | |
| 97 | |
| 98 current_num_bytes_ += num_bytes_to_write; | |
| 99 DCHECK_LE(current_num_bytes_, capacity_num_bytes()); | |
| 100 num_bytes.Put(static_cast<uint32_t>(num_bytes_to_write)); | |
| 101 return MOJO_RESULT_OK; | |
| 102 } | |
| 103 | |
| 104 MojoResult LocalDataPipe::ProducerBeginWriteDataImplNoLock( | |
| 105 UserPointer<void*> buffer, | |
| 106 UserPointer<uint32_t> buffer_num_bytes, | |
| 107 uint32_t min_num_bytes_to_write) { | |
| 108 DCHECK(consumer_open_no_lock()); | |
| 109 | |
| 110 // The index we need to start writing at. | |
| 111 size_t write_index = | |
| 112 (start_index_ + current_num_bytes_) % capacity_num_bytes(); | |
| 113 | |
| 114 size_t max_num_bytes_to_write = GetMaxNumBytesToWriteNoLock(); | |
| 115 if (min_num_bytes_to_write > max_num_bytes_to_write) { | |
| 116 // In "may discard" mode, we can always write from the write index to the | |
| 117 // end of the buffer. | |
| 118 if (may_discard() && | |
| 119 min_num_bytes_to_write <= capacity_num_bytes() - write_index) { | |
| 120 // To do so, we need to discard an appropriate amount of data. | |
| 121 // We should only reach here if the start index is after the write index! | |
| 122 DCHECK_GE(start_index_, write_index); | |
| 123 DCHECK_GT(min_num_bytes_to_write - max_num_bytes_to_write, 0u); | |
| 124 MarkDataAsConsumedNoLock(min_num_bytes_to_write - max_num_bytes_to_write); | |
| 125 max_num_bytes_to_write = min_num_bytes_to_write; | |
| 126 } else { | |
| 127 // Don't return "should wait" since you can't wait for a specified amount | |
| 128 // of data. | |
| 129 return MOJO_RESULT_OUT_OF_RANGE; | |
| 130 } | |
| 131 } | |
| 132 | |
| 133 // Don't go into a two-phase write if there's no room. | |
| 134 if (max_num_bytes_to_write == 0) | |
| 135 return MOJO_RESULT_SHOULD_WAIT; | |
| 136 | |
| 137 EnsureBufferNoLock(); | |
| 138 buffer.Put(buffer_.get() + write_index); | |
| 139 buffer_num_bytes.Put(static_cast<uint32_t>(max_num_bytes_to_write)); | |
| 140 set_producer_two_phase_max_num_bytes_written_no_lock( | |
| 141 static_cast<uint32_t>(max_num_bytes_to_write)); | |
| 142 return MOJO_RESULT_OK; | |
| 143 } | |
| 144 | |
| 145 MojoResult LocalDataPipe::ProducerEndWriteDataImplNoLock( | |
| 146 uint32_t num_bytes_written) { | |
| 147 DCHECK_LE(num_bytes_written, | |
| 148 producer_two_phase_max_num_bytes_written_no_lock()); | |
| 149 current_num_bytes_ += num_bytes_written; | |
| 150 DCHECK_LE(current_num_bytes_, capacity_num_bytes()); | |
| 151 set_producer_two_phase_max_num_bytes_written_no_lock(0); | |
| 152 return MOJO_RESULT_OK; | |
| 153 } | |
| 154 | |
| 155 HandleSignalsState LocalDataPipe::ProducerGetHandleSignalsStateImplNoLock() | |
| 156 const { | |
| 157 HandleSignalsState rv; | |
| 158 if (consumer_open_no_lock()) { | |
| 159 if ((may_discard() || current_num_bytes_ < capacity_num_bytes()) && | |
| 160 !producer_in_two_phase_write_no_lock()) | |
| 161 rv.satisfied_signals |= MOJO_HANDLE_SIGNAL_WRITABLE; | |
| 162 rv.satisfiable_signals |= MOJO_HANDLE_SIGNAL_WRITABLE; | |
| 163 } else { | |
| 164 rv.satisfied_signals |= MOJO_HANDLE_SIGNAL_PEER_CLOSED; | |
| 165 } | |
| 166 rv.satisfiable_signals |= MOJO_HANDLE_SIGNAL_PEER_CLOSED; | |
| 167 return rv; | |
| 168 } | |
| 169 | |
| 170 void LocalDataPipe::ConsumerCloseImplNoLock() { | |
| 171 // If the producer is around and in a two-phase write, we have to keep the | |
| 172 // buffer around. (We then don't free it until the producer is closed. This | |
| 173 // could be rectified, but again seems like optimizing for the uncommon case.) | |
| 174 if (!producer_open_no_lock() || !producer_in_two_phase_write_no_lock()) | |
| 175 DestroyBufferNoLock(); | |
| 176 current_num_bytes_ = 0; | |
| 177 } | |
| 178 | |
| 179 MojoResult LocalDataPipe::ConsumerReadDataImplNoLock( | |
| 180 UserPointer<void> elements, | |
| 181 UserPointer<uint32_t> num_bytes, | |
| 182 uint32_t max_num_bytes_to_read, | |
| 183 uint32_t min_num_bytes_to_read, | |
| 184 bool peek) { | |
| 185 DCHECK_EQ(max_num_bytes_to_read % element_num_bytes(), 0u); | |
| 186 DCHECK_EQ(min_num_bytes_to_read % element_num_bytes(), 0u); | |
| 187 DCHECK_GT(max_num_bytes_to_read, 0u); | |
| 188 | |
| 189 if (min_num_bytes_to_read > current_num_bytes_) { | |
| 190 // Don't return "should wait" since you can't wait for a specified amount of | |
| 191 // data. | |
| 192 return producer_open_no_lock() ? MOJO_RESULT_OUT_OF_RANGE | |
| 193 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 194 } | |
| 195 | |
| 196 size_t num_bytes_to_read = | |
| 197 std::min(static_cast<size_t>(max_num_bytes_to_read), current_num_bytes_); | |
| 198 if (num_bytes_to_read == 0) { | |
| 199 return producer_open_no_lock() ? MOJO_RESULT_SHOULD_WAIT | |
| 200 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 201 } | |
| 202 | |
| 203 // The amount we can read in our first |memcpy()|. | |
| 204 size_t num_bytes_to_read_first = | |
| 205 std::min(num_bytes_to_read, GetMaxNumBytesToReadNoLock()); | |
| 206 elements.PutArray(buffer_.get() + start_index_, num_bytes_to_read_first); | |
| 207 | |
| 208 if (num_bytes_to_read_first < num_bytes_to_read) { | |
| 209 // The "second read index" is zero. | |
| 210 elements.At(num_bytes_to_read_first) | |
| 211 .PutArray(buffer_.get(), num_bytes_to_read - num_bytes_to_read_first); | |
| 212 } | |
| 213 | |
| 214 if (!peek) | |
| 215 MarkDataAsConsumedNoLock(num_bytes_to_read); | |
| 216 num_bytes.Put(static_cast<uint32_t>(num_bytes_to_read)); | |
| 217 return MOJO_RESULT_OK; | |
| 218 } | |
| 219 | |
| 220 MojoResult LocalDataPipe::ConsumerDiscardDataImplNoLock( | |
| 221 UserPointer<uint32_t> num_bytes, | |
| 222 uint32_t max_num_bytes_to_discard, | |
| 223 uint32_t min_num_bytes_to_discard) { | |
| 224 DCHECK_EQ(max_num_bytes_to_discard % element_num_bytes(), 0u); | |
| 225 DCHECK_EQ(min_num_bytes_to_discard % element_num_bytes(), 0u); | |
| 226 DCHECK_GT(max_num_bytes_to_discard, 0u); | |
| 227 | |
| 228 if (min_num_bytes_to_discard > current_num_bytes_) { | |
| 229 // Don't return "should wait" since you can't wait for a specified amount of | |
| 230 // data. | |
| 231 return producer_open_no_lock() ? MOJO_RESULT_OUT_OF_RANGE | |
| 232 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 233 } | |
| 234 | |
| 235 // Be consistent with other operations; error if no data available. | |
| 236 if (current_num_bytes_ == 0) { | |
| 237 return producer_open_no_lock() ? MOJO_RESULT_SHOULD_WAIT | |
| 238 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 239 } | |
| 240 | |
| 241 size_t num_bytes_to_discard = std::min( | |
| 242 static_cast<size_t>(max_num_bytes_to_discard), current_num_bytes_); | |
| 243 MarkDataAsConsumedNoLock(num_bytes_to_discard); | |
| 244 num_bytes.Put(static_cast<uint32_t>(num_bytes_to_discard)); | |
| 245 return MOJO_RESULT_OK; | |
| 246 } | |
| 247 | |
| 248 MojoResult LocalDataPipe::ConsumerQueryDataImplNoLock( | |
| 249 UserPointer<uint32_t> num_bytes) { | |
| 250 // Note: This cast is safe, since the capacity fits into a |uint32_t|. | |
| 251 num_bytes.Put(static_cast<uint32_t>(current_num_bytes_)); | |
| 252 return MOJO_RESULT_OK; | |
| 253 } | |
| 254 | |
| 255 MojoResult LocalDataPipe::ConsumerBeginReadDataImplNoLock( | |
| 256 UserPointer<const void*> buffer, | |
| 257 UserPointer<uint32_t> buffer_num_bytes, | |
| 258 uint32_t min_num_bytes_to_read) { | |
| 259 size_t max_num_bytes_to_read = GetMaxNumBytesToReadNoLock(); | |
| 260 if (min_num_bytes_to_read > max_num_bytes_to_read) { | |
| 261 // Don't return "should wait" since you can't wait for a specified amount of | |
| 262 // data. | |
| 263 return producer_open_no_lock() ? MOJO_RESULT_OUT_OF_RANGE | |
| 264 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 265 } | |
| 266 | |
| 267 // Don't go into a two-phase read if there's no data. | |
| 268 if (max_num_bytes_to_read == 0) { | |
| 269 return producer_open_no_lock() ? MOJO_RESULT_SHOULD_WAIT | |
| 270 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 271 } | |
| 272 | |
| 273 buffer.Put(buffer_.get() + start_index_); | |
| 274 buffer_num_bytes.Put(static_cast<uint32_t>(max_num_bytes_to_read)); | |
| 275 set_consumer_two_phase_max_num_bytes_read_no_lock( | |
| 276 static_cast<uint32_t>(max_num_bytes_to_read)); | |
| 277 return MOJO_RESULT_OK; | |
| 278 } | |
| 279 | |
| 280 MojoResult LocalDataPipe::ConsumerEndReadDataImplNoLock( | |
| 281 uint32_t num_bytes_read) { | |
| 282 DCHECK_LE(num_bytes_read, consumer_two_phase_max_num_bytes_read_no_lock()); | |
| 283 DCHECK_LE(start_index_ + num_bytes_read, capacity_num_bytes()); | |
| 284 MarkDataAsConsumedNoLock(num_bytes_read); | |
| 285 set_consumer_two_phase_max_num_bytes_read_no_lock(0); | |
| 286 return MOJO_RESULT_OK; | |
| 287 } | |
| 288 | |
| 289 HandleSignalsState LocalDataPipe::ConsumerGetHandleSignalsStateImplNoLock() | |
| 290 const { | |
| 291 HandleSignalsState rv; | |
| 292 if (current_num_bytes_ > 0) { | |
| 293 if (!consumer_in_two_phase_read_no_lock()) | |
| 294 rv.satisfied_signals |= MOJO_HANDLE_SIGNAL_READABLE; | |
| 295 rv.satisfiable_signals |= MOJO_HANDLE_SIGNAL_READABLE; | |
| 296 } else if (producer_open_no_lock()) { | |
| 297 rv.satisfiable_signals |= MOJO_HANDLE_SIGNAL_READABLE; | |
| 298 } | |
| 299 if (!producer_open_no_lock()) | |
| 300 rv.satisfied_signals |= MOJO_HANDLE_SIGNAL_PEER_CLOSED; | |
| 301 rv.satisfiable_signals |= MOJO_HANDLE_SIGNAL_PEER_CLOSED; | |
| 302 return rv; | |
| 303 } | |
| 304 | |
| 305 void LocalDataPipe::EnsureBufferNoLock() { | |
| 306 DCHECK(producer_open_no_lock()); | |
| 307 if (buffer_) | |
| 308 return; | |
| 309 buffer_.reset(static_cast<char*>( | |
| 310 base::AlignedAlloc(capacity_num_bytes(), | |
| 311 GetConfiguration().data_pipe_buffer_alignment_bytes))); | |
| 312 } | |
| 313 | |
| 314 void LocalDataPipe::DestroyBufferNoLock() { | |
| 315 #ifndef NDEBUG | |
| 316 // Scribble on the buffer to help detect use-after-frees. (This also helps the | |
| 317 // unit test detect certain bugs without needing ASAN or similar.) | |
| 318 if (buffer_) | |
| 319 memset(buffer_.get(), 0xcd, capacity_num_bytes()); | |
| 320 #endif | |
| 321 buffer_.reset(); | |
| 322 } | |
| 323 | |
| 324 size_t LocalDataPipe::GetMaxNumBytesToWriteNoLock() { | |
| 325 size_t next_index = start_index_ + current_num_bytes_; | |
| 326 if (next_index >= capacity_num_bytes()) { | |
| 327 next_index %= capacity_num_bytes(); | |
| 328 DCHECK_GE(start_index_, next_index); | |
| 329 DCHECK_EQ(start_index_ - next_index, | |
| 330 capacity_num_bytes() - current_num_bytes_); | |
| 331 return start_index_ - next_index; | |
| 332 } | |
| 333 return capacity_num_bytes() - next_index; | |
| 334 } | |
| 335 | |
| 336 size_t LocalDataPipe::GetMaxNumBytesToReadNoLock() { | |
| 337 if (start_index_ + current_num_bytes_ > capacity_num_bytes()) | |
| 338 return capacity_num_bytes() - start_index_; | |
| 339 return current_num_bytes_; | |
| 340 } | |
| 341 | |
| 342 void LocalDataPipe::MarkDataAsConsumedNoLock(size_t num_bytes) { | |
| 343 DCHECK_LE(num_bytes, current_num_bytes_); | |
| 344 start_index_ += num_bytes; | |
| 345 start_index_ %= capacity_num_bytes(); | |
| 346 current_num_bytes_ -= num_bytes; | |
| 347 } | |
| 348 | |
| 349 } // namespace system | |
| 350 } // namespace mojo | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 814543006:
Move //mojo/{public, edk} underneath //third_party (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master