Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(210)

Unified Diff: ipc/file_descriptor_set_posix.cc

Issue 835873004: IPC: Generalize FileDescriptorSet to MessageAttachmentSet (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Landing Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « ipc/file_descriptor_set_posix.h ('k') | ipc/file_descriptor_set_posix_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ipc/file_descriptor_set_posix.cc
diff --git a/ipc/file_descriptor_set_posix.cc b/ipc/file_descriptor_set_posix.cc
deleted file mode 100644
index 568fee3323c7d0d3f8db7cbe1db8019df21c722d..0000000000000000000000000000000000000000
--- a/ipc/file_descriptor_set_posix.cc
+++ /dev/null
@@ -1,162 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "ipc/file_descriptor_set_posix.h"
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include "base/logging.h"
-#include "base/posix/eintr_wrapper.h"
-
-FileDescriptorSet::FileDescriptorSet()
- : consumed_descriptor_highwater_(0) {
-}
-
-FileDescriptorSet::~FileDescriptorSet() {
- if (consumed_descriptor_highwater_ == size())
- return;
-
- // We close all the owning descriptors. If this message should have
- // been transmitted, then closing those with close flags set mirrors
- // the expected behaviour.
- //
- // If this message was received with more descriptors than expected
- // (which could a DOS against the browser by a rogue renderer) then all
- // the descriptors have their close flag set and we free all the extra
- // kernel resources.
- LOG(WARNING) << "FileDescriptorSet destroyed with unconsumed descriptors: "
- << consumed_descriptor_highwater_ << "/" << size();
-}
-
-bool FileDescriptorSet::AddToBorrow(base::PlatformFile fd) {
- DCHECK_EQ(consumed_descriptor_highwater_, 0u);
-
- if (size() == kMaxDescriptorsPerMessage) {
- DLOG(WARNING) << "Cannot add file descriptor. FileDescriptorSet full.";
- return false;
- }
-
- descriptors_.push_back(fd);
- return true;
-}
-
-bool FileDescriptorSet::AddToOwn(base::ScopedFD fd) {
- DCHECK_EQ(consumed_descriptor_highwater_, 0u);
-
- if (size() == kMaxDescriptorsPerMessage) {
- DLOG(WARNING) << "Cannot add file descriptor. FileDescriptorSet full.";
- return false;
- }
-
- descriptors_.push_back(fd.get());
- owned_descriptors_.push_back(new base::ScopedFD(fd.Pass()));
- DCHECK(size() <= kMaxDescriptorsPerMessage);
- return true;
-}
-
-base::PlatformFile FileDescriptorSet::TakeDescriptorAt(unsigned index) {
- if (index >= size()) {
- DLOG(WARNING) << "Accessing out of bound index:"
- << index << "/" << size();
- return -1;
- }
-
-
- // We should always walk the descriptors in order, so it's reasonable to
- // enforce this. Consider the case where a compromised renderer sends us
- // the following message:
- //
- // ExampleMsg:
- // num_fds:2 msg:FD(index = 1) control:SCM_RIGHTS {n, m}
- //
- // Here the renderer sent us a message which should have a descriptor, but
- // actually sent two in an attempt to fill our fd table and kill us. By
- // setting the index of the descriptor in the message to 1 (it should be
- // 0), we would record a highwater of 1 and then consider all the
- // descriptors to have been used.
- //
- // So we can either track of the use of each descriptor in a bitset, or we
- // can enforce that we walk the indexes strictly in order.
- //
- // There's one more wrinkle: When logging messages, we may reparse them. So
- // we have an exception: When the consumed_descriptor_highwater_ is at the
- // end of the array and index 0 is requested, we reset the highwater value.
- // TODO(morrita): This is absurd. This "wringle" disallow to introduce clearer
- // ownership model. Only client is NaclIPCAdapter. See crbug.com/415294
- if (index == 0 && consumed_descriptor_highwater_ == descriptors_.size())
- consumed_descriptor_highwater_ = 0;
-
- if (index != consumed_descriptor_highwater_)
- return -1;
-
- consumed_descriptor_highwater_ = index + 1;
-
- base::PlatformFile file = descriptors_[index];
-
- // TODO(morrita): In production, descriptors_.size() should be same as
- // owned_descriptors_.size() as all read descriptors are owned by Message.
- // We have to do this because unit test breaks this assumption. It should be
- // changed to exercise with own-able descriptors.
- for (ScopedVector<base::ScopedFD>::const_iterator i =
- owned_descriptors_.begin();
- i != owned_descriptors_.end();
- ++i) {
- if ((*i)->get() == file) {
- ignore_result((*i)->release());
- break;
- }
- }
-
- return file;
-}
-
-void FileDescriptorSet::PeekDescriptors(base::PlatformFile* buffer) const {
- std::copy(descriptors_.begin(), descriptors_.end(), buffer);
-}
-
-bool FileDescriptorSet::ContainsDirectoryDescriptor() const {
- struct stat st;
-
- for (std::vector<base::PlatformFile>::const_iterator i = descriptors_.begin();
- i != descriptors_.end();
- ++i) {
- if (fstat(*i, &st) == 0 && S_ISDIR(st.st_mode))
- return true;
- }
-
- return false;
-}
-
-void FileDescriptorSet::CommitAll() {
- descriptors_.clear();
- owned_descriptors_.clear();
- consumed_descriptor_highwater_ = 0;
-}
-
-void FileDescriptorSet::ReleaseFDsToClose(
- std::vector<base::PlatformFile>* fds) {
- for (ScopedVector<base::ScopedFD>::iterator i = owned_descriptors_.begin();
- i != owned_descriptors_.end();
- ++i) {
- fds->push_back((*i)->release());
- }
-
- CommitAll();
-}
-
-void FileDescriptorSet::AddDescriptorsToOwn(const base::PlatformFile* buffer,
- unsigned count) {
- DCHECK(count <= kMaxDescriptorsPerMessage);
- DCHECK_EQ(size(), 0u);
- DCHECK_EQ(consumed_descriptor_highwater_, 0u);
-
- descriptors_.reserve(count);
- owned_descriptors_.reserve(count);
- for (unsigned i = 0; i < count; ++i) {
- descriptors_.push_back(buffer[i]);
- owned_descriptors_.push_back(new base::ScopedFD(buffer[i]));
- }
-}
« no previous file with comments | « ipc/file_descriptor_set_posix.h ('k') | ipc/file_descriptor_set_posix_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698