| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 // TODO(vtl): I currently potentially overflow in doing index calculations. | |
| 6 // E.g., |start_index_| and |current_num_bytes_| fit into a |uint32_t|, but | |
| 7 // their sum may not. This is bad and poses a security risk. (We're currently | |
| 8 // saved by the limit on capacity -- the maximum size of the buffer, checked in | |
| 9 // |DataPipe::ValidateOptions()|, is currently sufficiently small.) | |
| 10 | |
| 11 #include "mojo/edk/system/local_data_pipe.h" | |
| 12 | |
| 13 #include <string.h> | |
| 14 | |
| 15 #include <algorithm> | |
| 16 | |
| 17 #include "base/logging.h" | |
| 18 #include "mojo/edk/system/configuration.h" | |
| 19 | |
| 20 namespace mojo { | |
| 21 namespace system { | |
| 22 | |
| 23 LocalDataPipe::LocalDataPipe(const MojoCreateDataPipeOptions& options) | |
| 24 : DataPipe(true, true, options), start_index_(0), current_num_bytes_(0) { | |
| 25 // Note: |buffer_| is lazily allocated, since a common case will be that one | |
| 26 // of the handles is immediately passed off to another process. | |
| 27 } | |
| 28 | |
| 29 LocalDataPipe::~LocalDataPipe() { | |
| 30 } | |
| 31 | |
| 32 void LocalDataPipe::ProducerCloseImplNoLock() { | |
| 33 // If the consumer is still open and we still have data, we have to keep the | |
| 34 // buffer around. Currently, we won't free it even if it empties later. (We | |
| 35 // could do this -- requiring a check on every read -- but that seems to be | |
| 36 // optimizing for the uncommon case.) | |
| 37 if (!consumer_open_no_lock() || !current_num_bytes_) { | |
| 38 // Note: There can only be a two-phase *read* (by the consumer) if we still | |
| 39 // have data. | |
| 40 DCHECK(!consumer_in_two_phase_read_no_lock()); | |
| 41 DestroyBufferNoLock(); | |
| 42 } | |
| 43 } | |
| 44 | |
| 45 MojoResult LocalDataPipe::ProducerWriteDataImplNoLock( | |
| 46 UserPointer<const void> elements, | |
| 47 UserPointer<uint32_t> num_bytes, | |
| 48 uint32_t max_num_bytes_to_write, | |
| 49 uint32_t min_num_bytes_to_write) { | |
| 50 DCHECK_EQ(max_num_bytes_to_write % element_num_bytes(), 0u); | |
| 51 DCHECK_EQ(min_num_bytes_to_write % element_num_bytes(), 0u); | |
| 52 DCHECK_GT(max_num_bytes_to_write, 0u); | |
| 53 DCHECK(consumer_open_no_lock()); | |
| 54 | |
| 55 size_t num_bytes_to_write = 0; | |
| 56 if (may_discard()) { | |
| 57 if (min_num_bytes_to_write > capacity_num_bytes()) | |
| 58 return MOJO_RESULT_OUT_OF_RANGE; | |
| 59 | |
| 60 num_bytes_to_write = std::min(static_cast<size_t>(max_num_bytes_to_write), | |
| 61 capacity_num_bytes()); | |
| 62 if (num_bytes_to_write > capacity_num_bytes() - current_num_bytes_) { | |
| 63 // Discard as much as needed (discard oldest first). | |
| 64 MarkDataAsConsumedNoLock(num_bytes_to_write - | |
| 65 (capacity_num_bytes() - current_num_bytes_)); | |
| 66 // No need to wake up write waiters, since we're definitely going to leave | |
| 67 // the buffer full. | |
| 68 } | |
| 69 } else { | |
| 70 if (min_num_bytes_to_write > capacity_num_bytes() - current_num_bytes_) { | |
| 71 // Don't return "should wait" since you can't wait for a specified amount | |
| 72 // of data. | |
| 73 return MOJO_RESULT_OUT_OF_RANGE; | |
| 74 } | |
| 75 | |
| 76 num_bytes_to_write = std::min(static_cast<size_t>(max_num_bytes_to_write), | |
| 77 capacity_num_bytes() - current_num_bytes_); | |
| 78 } | |
| 79 if (num_bytes_to_write == 0) | |
| 80 return MOJO_RESULT_SHOULD_WAIT; | |
| 81 | |
| 82 // The amount we can write in our first |memcpy()|. | |
| 83 size_t num_bytes_to_write_first = | |
| 84 std::min(num_bytes_to_write, GetMaxNumBytesToWriteNoLock()); | |
| 85 // Do the first (and possibly only) |memcpy()|. | |
| 86 size_t first_write_index = | |
| 87 (start_index_ + current_num_bytes_) % capacity_num_bytes(); | |
| 88 EnsureBufferNoLock(); | |
| 89 elements.GetArray(buffer_.get() + first_write_index, | |
| 90 num_bytes_to_write_first); | |
| 91 | |
| 92 if (num_bytes_to_write_first < num_bytes_to_write) { | |
| 93 // The "second write index" is zero. | |
| 94 elements.At(num_bytes_to_write_first) | |
| 95 .GetArray(buffer_.get(), num_bytes_to_write - num_bytes_to_write_first); | |
| 96 } | |
| 97 | |
| 98 current_num_bytes_ += num_bytes_to_write; | |
| 99 DCHECK_LE(current_num_bytes_, capacity_num_bytes()); | |
| 100 num_bytes.Put(static_cast<uint32_t>(num_bytes_to_write)); | |
| 101 return MOJO_RESULT_OK; | |
| 102 } | |
| 103 | |
| 104 MojoResult LocalDataPipe::ProducerBeginWriteDataImplNoLock( | |
| 105 UserPointer<void*> buffer, | |
| 106 UserPointer<uint32_t> buffer_num_bytes, | |
| 107 uint32_t min_num_bytes_to_write) { | |
| 108 DCHECK(consumer_open_no_lock()); | |
| 109 | |
| 110 // The index we need to start writing at. | |
| 111 size_t write_index = | |
| 112 (start_index_ + current_num_bytes_) % capacity_num_bytes(); | |
| 113 | |
| 114 size_t max_num_bytes_to_write = GetMaxNumBytesToWriteNoLock(); | |
| 115 if (min_num_bytes_to_write > max_num_bytes_to_write) { | |
| 116 // In "may discard" mode, we can always write from the write index to the | |
| 117 // end of the buffer. | |
| 118 if (may_discard() && | |
| 119 min_num_bytes_to_write <= capacity_num_bytes() - write_index) { | |
| 120 // To do so, we need to discard an appropriate amount of data. | |
| 121 // We should only reach here if the start index is after the write index! | |
| 122 DCHECK_GE(start_index_, write_index); | |
| 123 DCHECK_GT(min_num_bytes_to_write - max_num_bytes_to_write, 0u); | |
| 124 MarkDataAsConsumedNoLock(min_num_bytes_to_write - max_num_bytes_to_write); | |
| 125 max_num_bytes_to_write = min_num_bytes_to_write; | |
| 126 } else { | |
| 127 // Don't return "should wait" since you can't wait for a specified amount | |
| 128 // of data. | |
| 129 return MOJO_RESULT_OUT_OF_RANGE; | |
| 130 } | |
| 131 } | |
| 132 | |
| 133 // Don't go into a two-phase write if there's no room. | |
| 134 if (max_num_bytes_to_write == 0) | |
| 135 return MOJO_RESULT_SHOULD_WAIT; | |
| 136 | |
| 137 EnsureBufferNoLock(); | |
| 138 buffer.Put(buffer_.get() + write_index); | |
| 139 buffer_num_bytes.Put(static_cast<uint32_t>(max_num_bytes_to_write)); | |
| 140 set_producer_two_phase_max_num_bytes_written_no_lock( | |
| 141 static_cast<uint32_t>(max_num_bytes_to_write)); | |
| 142 return MOJO_RESULT_OK; | |
| 143 } | |
| 144 | |
| 145 MojoResult LocalDataPipe::ProducerEndWriteDataImplNoLock( | |
| 146 uint32_t num_bytes_written) { | |
| 147 DCHECK_LE(num_bytes_written, | |
| 148 producer_two_phase_max_num_bytes_written_no_lock()); | |
| 149 current_num_bytes_ += num_bytes_written; | |
| 150 DCHECK_LE(current_num_bytes_, capacity_num_bytes()); | |
| 151 set_producer_two_phase_max_num_bytes_written_no_lock(0); | |
| 152 return MOJO_RESULT_OK; | |
| 153 } | |
| 154 | |
| 155 HandleSignalsState LocalDataPipe::ProducerGetHandleSignalsStateImplNoLock() | |
| 156 const { | |
| 157 HandleSignalsState rv; | |
| 158 if (consumer_open_no_lock()) { | |
| 159 if ((may_discard() || current_num_bytes_ < capacity_num_bytes()) && | |
| 160 !producer_in_two_phase_write_no_lock()) | |
| 161 rv.satisfied_signals |= MOJO_HANDLE_SIGNAL_WRITABLE; | |
| 162 rv.satisfiable_signals |= MOJO_HANDLE_SIGNAL_WRITABLE; | |
| 163 } else { | |
| 164 rv.satisfied_signals |= MOJO_HANDLE_SIGNAL_PEER_CLOSED; | |
| 165 } | |
| 166 rv.satisfiable_signals |= MOJO_HANDLE_SIGNAL_PEER_CLOSED; | |
| 167 return rv; | |
| 168 } | |
| 169 | |
| 170 void LocalDataPipe::ProducerStartSerializeImplNoLock( | |
| 171 Channel* channel, | |
| 172 size_t* max_size, | |
| 173 size_t* max_platform_handles) { | |
| 174 // TODO(vtl): Support serializing producer data pipe handles. | |
| 175 *max_size = 0; | |
| 176 *max_platform_handles = 0; | |
| 177 } | |
| 178 | |
| 179 bool LocalDataPipe::ProducerEndSerializeImplNoLock( | |
| 180 Channel* channel, | |
| 181 void* destination, | |
| 182 size_t* actual_size, | |
| 183 embedder::PlatformHandleVector* platform_handles) { | |
| 184 // TODO(vtl): Support serializing producer data pipe handles. | |
| 185 ProducerCloseNoLock(); | |
| 186 return false; | |
| 187 } | |
| 188 | |
| 189 void LocalDataPipe::ConsumerCloseImplNoLock() { | |
| 190 // If the producer is around and in a two-phase write, we have to keep the | |
| 191 // buffer around. (We then don't free it until the producer is closed. This | |
| 192 // could be rectified, but again seems like optimizing for the uncommon case.) | |
| 193 if (!producer_open_no_lock() || !producer_in_two_phase_write_no_lock()) | |
| 194 DestroyBufferNoLock(); | |
| 195 current_num_bytes_ = 0; | |
| 196 } | |
| 197 | |
| 198 MojoResult LocalDataPipe::ConsumerReadDataImplNoLock( | |
| 199 UserPointer<void> elements, | |
| 200 UserPointer<uint32_t> num_bytes, | |
| 201 uint32_t max_num_bytes_to_read, | |
| 202 uint32_t min_num_bytes_to_read, | |
| 203 bool peek) { | |
| 204 DCHECK_EQ(max_num_bytes_to_read % element_num_bytes(), 0u); | |
| 205 DCHECK_EQ(min_num_bytes_to_read % element_num_bytes(), 0u); | |
| 206 DCHECK_GT(max_num_bytes_to_read, 0u); | |
| 207 | |
| 208 if (min_num_bytes_to_read > current_num_bytes_) { | |
| 209 // Don't return "should wait" since you can't wait for a specified amount of | |
| 210 // data. | |
| 211 return producer_open_no_lock() ? MOJO_RESULT_OUT_OF_RANGE | |
| 212 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 213 } | |
| 214 | |
| 215 size_t num_bytes_to_read = | |
| 216 std::min(static_cast<size_t>(max_num_bytes_to_read), current_num_bytes_); | |
| 217 if (num_bytes_to_read == 0) { | |
| 218 return producer_open_no_lock() ? MOJO_RESULT_SHOULD_WAIT | |
| 219 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 220 } | |
| 221 | |
| 222 // The amount we can read in our first |memcpy()|. | |
| 223 size_t num_bytes_to_read_first = | |
| 224 std::min(num_bytes_to_read, GetMaxNumBytesToReadNoLock()); | |
| 225 elements.PutArray(buffer_.get() + start_index_, num_bytes_to_read_first); | |
| 226 | |
| 227 if (num_bytes_to_read_first < num_bytes_to_read) { | |
| 228 // The "second read index" is zero. | |
| 229 elements.At(num_bytes_to_read_first) | |
| 230 .PutArray(buffer_.get(), num_bytes_to_read - num_bytes_to_read_first); | |
| 231 } | |
| 232 | |
| 233 if (!peek) | |
| 234 MarkDataAsConsumedNoLock(num_bytes_to_read); | |
| 235 num_bytes.Put(static_cast<uint32_t>(num_bytes_to_read)); | |
| 236 return MOJO_RESULT_OK; | |
| 237 } | |
| 238 | |
| 239 MojoResult LocalDataPipe::ConsumerDiscardDataImplNoLock( | |
| 240 UserPointer<uint32_t> num_bytes, | |
| 241 uint32_t max_num_bytes_to_discard, | |
| 242 uint32_t min_num_bytes_to_discard) { | |
| 243 DCHECK_EQ(max_num_bytes_to_discard % element_num_bytes(), 0u); | |
| 244 DCHECK_EQ(min_num_bytes_to_discard % element_num_bytes(), 0u); | |
| 245 DCHECK_GT(max_num_bytes_to_discard, 0u); | |
| 246 | |
| 247 if (min_num_bytes_to_discard > current_num_bytes_) { | |
| 248 // Don't return "should wait" since you can't wait for a specified amount of | |
| 249 // data. | |
| 250 return producer_open_no_lock() ? MOJO_RESULT_OUT_OF_RANGE | |
| 251 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 252 } | |
| 253 | |
| 254 // Be consistent with other operations; error if no data available. | |
| 255 if (current_num_bytes_ == 0) { | |
| 256 return producer_open_no_lock() ? MOJO_RESULT_SHOULD_WAIT | |
| 257 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 258 } | |
| 259 | |
| 260 size_t num_bytes_to_discard = std::min( | |
| 261 static_cast<size_t>(max_num_bytes_to_discard), current_num_bytes_); | |
| 262 MarkDataAsConsumedNoLock(num_bytes_to_discard); | |
| 263 num_bytes.Put(static_cast<uint32_t>(num_bytes_to_discard)); | |
| 264 return MOJO_RESULT_OK; | |
| 265 } | |
| 266 | |
| 267 MojoResult LocalDataPipe::ConsumerQueryDataImplNoLock( | |
| 268 UserPointer<uint32_t> num_bytes) { | |
| 269 // Note: This cast is safe, since the capacity fits into a |uint32_t|. | |
| 270 num_bytes.Put(static_cast<uint32_t>(current_num_bytes_)); | |
| 271 return MOJO_RESULT_OK; | |
| 272 } | |
| 273 | |
| 274 MojoResult LocalDataPipe::ConsumerBeginReadDataImplNoLock( | |
| 275 UserPointer<const void*> buffer, | |
| 276 UserPointer<uint32_t> buffer_num_bytes, | |
| 277 uint32_t min_num_bytes_to_read) { | |
| 278 size_t max_num_bytes_to_read = GetMaxNumBytesToReadNoLock(); | |
| 279 if (min_num_bytes_to_read > max_num_bytes_to_read) { | |
| 280 // Don't return "should wait" since you can't wait for a specified amount of | |
| 281 // data. | |
| 282 return producer_open_no_lock() ? MOJO_RESULT_OUT_OF_RANGE | |
| 283 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 284 } | |
| 285 | |
| 286 // Don't go into a two-phase read if there's no data. | |
| 287 if (max_num_bytes_to_read == 0) { | |
| 288 return producer_open_no_lock() ? MOJO_RESULT_SHOULD_WAIT | |
| 289 : MOJO_RESULT_FAILED_PRECONDITION; | |
| 290 } | |
| 291 | |
| 292 buffer.Put(buffer_.get() + start_index_); | |
| 293 buffer_num_bytes.Put(static_cast<uint32_t>(max_num_bytes_to_read)); | |
| 294 set_consumer_two_phase_max_num_bytes_read_no_lock( | |
| 295 static_cast<uint32_t>(max_num_bytes_to_read)); | |
| 296 return MOJO_RESULT_OK; | |
| 297 } | |
| 298 | |
| 299 MojoResult LocalDataPipe::ConsumerEndReadDataImplNoLock( | |
| 300 uint32_t num_bytes_read) { | |
| 301 DCHECK_LE(num_bytes_read, consumer_two_phase_max_num_bytes_read_no_lock()); | |
| 302 DCHECK_LE(start_index_ + num_bytes_read, capacity_num_bytes()); | |
| 303 MarkDataAsConsumedNoLock(num_bytes_read); | |
| 304 set_consumer_two_phase_max_num_bytes_read_no_lock(0); | |
| 305 return MOJO_RESULT_OK; | |
| 306 } | |
| 307 | |
| 308 HandleSignalsState LocalDataPipe::ConsumerGetHandleSignalsStateImplNoLock() | |
| 309 const { | |
| 310 HandleSignalsState rv; | |
| 311 if (current_num_bytes_ > 0) { | |
| 312 if (!consumer_in_two_phase_read_no_lock()) | |
| 313 rv.satisfied_signals |= MOJO_HANDLE_SIGNAL_READABLE; | |
| 314 rv.satisfiable_signals |= MOJO_HANDLE_SIGNAL_READABLE; | |
| 315 } else if (producer_open_no_lock()) { | |
| 316 rv.satisfiable_signals |= MOJO_HANDLE_SIGNAL_READABLE; | |
| 317 } | |
| 318 if (!producer_open_no_lock()) | |
| 319 rv.satisfied_signals |= MOJO_HANDLE_SIGNAL_PEER_CLOSED; | |
| 320 rv.satisfiable_signals |= MOJO_HANDLE_SIGNAL_PEER_CLOSED; | |
| 321 return rv; | |
| 322 } | |
| 323 | |
| 324 void LocalDataPipe::ConsumerStartSerializeImplNoLock( | |
| 325 Channel* channel, | |
| 326 size_t* max_size, | |
| 327 size_t* max_platform_handles) { | |
| 328 // TODO(vtl): Support serializing consumer data pipe handles. | |
| 329 *max_size = 0; | |
| 330 *max_platform_handles = 0; | |
| 331 } | |
| 332 | |
| 333 bool LocalDataPipe::ConsumerEndSerializeImplNoLock( | |
| 334 Channel* channel, | |
| 335 void* destination, | |
| 336 size_t* actual_size, | |
| 337 embedder::PlatformHandleVector* platform_handles) { | |
| 338 // TODO(vtl): Support serializing consumer data pipe handles. | |
| 339 ConsumerCloseNoLock(); | |
| 340 return false; | |
| 341 } | |
| 342 | |
| 343 void LocalDataPipe::EnsureBufferNoLock() { | |
| 344 DCHECK(producer_open_no_lock()); | |
| 345 if (buffer_) | |
| 346 return; | |
| 347 buffer_.reset(static_cast<char*>( | |
| 348 base::AlignedAlloc(capacity_num_bytes(), | |
| 349 GetConfiguration().data_pipe_buffer_alignment_bytes))); | |
| 350 } | |
| 351 | |
| 352 void LocalDataPipe::DestroyBufferNoLock() { | |
| 353 #ifndef NDEBUG | |
| 354 // Scribble on the buffer to help detect use-after-frees. (This also helps the | |
| 355 // unit test detect certain bugs without needing ASAN or similar.) | |
| 356 if (buffer_) | |
| 357 memset(buffer_.get(), 0xcd, capacity_num_bytes()); | |
| 358 #endif | |
| 359 buffer_.reset(); | |
| 360 } | |
| 361 | |
| 362 size_t LocalDataPipe::GetMaxNumBytesToWriteNoLock() { | |
| 363 size_t next_index = start_index_ + current_num_bytes_; | |
| 364 if (next_index >= capacity_num_bytes()) { | |
| 365 next_index %= capacity_num_bytes(); | |
| 366 DCHECK_GE(start_index_, next_index); | |
| 367 DCHECK_EQ(start_index_ - next_index, | |
| 368 capacity_num_bytes() - current_num_bytes_); | |
| 369 return start_index_ - next_index; | |
| 370 } | |
| 371 return capacity_num_bytes() - next_index; | |
| 372 } | |
| 373 | |
| 374 size_t LocalDataPipe::GetMaxNumBytesToReadNoLock() { | |
| 375 if (start_index_ + current_num_bytes_ > capacity_num_bytes()) | |
| 376 return capacity_num_bytes() - start_index_; | |
| 377 return current_num_bytes_; | |
| 378 } | |
| 379 | |
| 380 void LocalDataPipe::MarkDataAsConsumedNoLock(size_t num_bytes) { | |
| 381 DCHECK_LE(num_bytes, current_num_bytes_); | |
| 382 start_index_ += num_bytes; | |
| 383 start_index_ %= capacity_num_bytes(); | |
| 384 current_num_bytes_ -= num_bytes; | |
| 385 } | |
| 386 | |
| 387 } // namespace system | |
| 388 } // namespace mojo | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 936173002:
Rename LocalDataPipe -> LocalDataPipeImpl. (Closed)
Base URL: https://github.com/domokit/mojo.git@master