/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- * vim: sw=4 ts=4 et : */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef mozilla_ipc_ProtocolUtils_h #define mozilla_ipc_ProtocolUtils_h 1 #include "base/process.h" #include "base/process_util.h" #include "chrome/common/ipc_message_utils.h" #include "prenv.h" #include "IPCMessageStart.h" #include "mozilla/Attributes.h" #include "mozilla/ipc/FileDescriptor.h" #include "mozilla/ipc/Shmem.h" #include "mozilla/ipc/Transport.h" #include "mozilla/ipc/MessageLink.h" #include "mozilla/LinkedList.h" #include "mozilla/Mutex.h" #include "MainThreadUtils.h" #if defined(ANDROID) && defined(DEBUG) #include #endif template class nsTHashtable; template class nsPtrHashKey; // WARNING: this takes into account the private, special-message-type // enum in ipc_channel.h. They need to be kept in sync. namespace { // XXX the max message ID is actually kuint32max now ... when this // changed, the assumptions of the special message IDs changed in that // they're not carving out messages from likely-unallocated space, but // rather carving out messages from the end of space allocated to // protocol 0. Oops! We can get away with this until protocol 0 // starts approaching its 65,536th message. enum { CHANNEL_OPENED_MESSAGE_TYPE = kuint16max - 6, SHMEM_DESTROYED_MESSAGE_TYPE = kuint16max - 5, SHMEM_CREATED_MESSAGE_TYPE = kuint16max - 4, GOODBYE_MESSAGE_TYPE = kuint16max - 3, CANCEL_MESSAGE_TYPE = kuint16max - 2, // kuint16max - 1 is used by ipc_channel.h. }; } // namespace namespace mozilla { namespace dom { class ContentParent; } // namespace dom namespace net { class NeckoParent; } // namespace net namespace ipc { #ifdef XP_WIN const base::ProcessHandle kInvalidProcessHandle = INVALID_HANDLE_VALUE; // In theory, on Windows, this is a valid process ID, but in practice they are // currently divisible by four. Process IDs share the kernel handle allocation // code and they are guaranteed to be divisible by four. // As this could change for process IDs we shouldn't generally rely on this // property, however even if that were to change, it seems safe to rely on this // particular value never being used. const base::ProcessId kInvalidProcessId = kuint32max; #else const base::ProcessHandle kInvalidProcessHandle = -1; const base::ProcessId kInvalidProcessId = -1; #endif // Scoped base::ProcessHandle to ensure base::CloseProcessHandle is called. struct ScopedProcessHandleTraits { typedef base::ProcessHandle type; static type empty() { return kInvalidProcessHandle; } static void release(type aProcessHandle) { if (aProcessHandle && aProcessHandle != kInvalidProcessHandle) { base::CloseProcessHandle(aProcessHandle); } } }; typedef mozilla::Scoped ScopedProcessHandle; class ProtocolFdMapping; class ProtocolCloneContext; // Used to pass references to protocol actors across the wire. // Actors created on the parent-side have a positive ID, and actors // allocated on the child side have a negative ID. struct ActorHandle { int mId; }; // Used internally to represent a "trigger" that might cause a state // transition. Triggers are normalized across parent+child to Send // and Recv (instead of child-in, child-out, parent-in, parent-out) so // that they can share the same state machine implementation. To // further normalize, |Send| is used for 'call', |Recv| for 'answer'. struct Trigger { enum Action { Send, Recv }; Trigger(Action action, int32_t msg) : mAction(action), mMsg(msg) {} Action mAction; int32_t mMsg; }; class ProtocolCloneContext { typedef mozilla::dom::ContentParent ContentParent; typedef mozilla::net::NeckoParent NeckoParent; RefPtr mContentParent; NeckoParent* mNeckoParent; public: ProtocolCloneContext(); ~ProtocolCloneContext(); void SetContentParent(ContentParent* aContentParent); ContentParent* GetContentParent() { return mContentParent; } void SetNeckoParent(NeckoParent* aNeckoParent) { mNeckoParent = aNeckoParent; } NeckoParent* GetNeckoParent() { return mNeckoParent; } }; template class IProtocolManager { public: enum ActorDestroyReason { FailedConstructor, Deletion, AncestorDeletion, NormalShutdown, AbnormalShutdown }; typedef base::ProcessId ProcessId; virtual int32_t Register(ListenerT*) = 0; virtual int32_t RegisterID(ListenerT*, int32_t) = 0; virtual ListenerT* Lookup(int32_t) = 0; virtual void Unregister(int32_t) = 0; virtual void RemoveManagee(int32_t, ListenerT*) = 0; virtual Shmem::SharedMemory* CreateSharedMemory( size_t, SharedMemory::SharedMemoryType, bool, int32_t*) = 0; virtual Shmem::SharedMemory* LookupSharedMemory(int32_t) = 0; virtual bool IsTrackingSharedMemory(Shmem::SharedMemory*) = 0; virtual bool DestroySharedMemory(Shmem&) = 0; // XXX odd ducks, acknowledged virtual ProcessId OtherPid() const = 0; virtual MessageChannel* GetIPCChannel() = 0; // The implementation of function is generated by code generator. virtual void CloneManagees(ListenerT* aSource, ProtocolCloneContext* aCtx) = 0; }; typedef IPCMessageStart ProtocolId; /** * All RPC protocols should implement this interface. */ class IProtocol : public MessageListener { public: /** * This function is used to clone this protocol actor. * * see IProtocol::CloneProtocol() */ virtual IProtocol* CloneProtocol(MessageChannel* aChannel, ProtocolCloneContext* aCtx) = 0; }; template class Endpoint; /** * All top-level protocols should inherit this class. * * IToplevelProtocol tracks all top-level protocol actors created from * this protocol actor. */ class IToplevelProtocol : private LinkedListElement { friend class LinkedList; friend class LinkedListElement; template friend class Endpoint; protected: explicit IToplevelProtocol(ProtocolId aProtoId); ~IToplevelProtocol(); /** * Add an actor to the list of actors that have been opened by this * protocol. */ void AddOpenedActor(IToplevelProtocol* aActor); public: void SetTransport(Transport* aTrans) { mTrans = aTrans; } Transport* GetTransport() const { return mTrans; } ProtocolId GetProtocolId() const { return mProtocolId; } void GetOpenedActors(nsTArray& aActors); virtual MessageChannel* GetIPCChannel() = 0; // This Unsafe version should only be used when all other threads are // frozen, since it performs no locking. It also takes a stack-allocated // array and its size (number of elements) rather than an nsTArray. The Nuwa // code that calls this function is not allowed to allocate memory. size_t GetOpenedActorsUnsafe(IToplevelProtocol** aActors, size_t aActorsMax); virtual IToplevelProtocol* CloneToplevel(const InfallibleTArray& aFds, base::ProcessHandle aPeerProcess, ProtocolCloneContext* aCtx); void CloneOpenedToplevels(IToplevelProtocol* aTemplate, const InfallibleTArray& aFds, base::ProcessHandle aPeerProcess, ProtocolCloneContext* aCtx); private: void AddOpenedActorLocked(IToplevelProtocol* aActor); void GetOpenedActorsLocked(nsTArray& aActors); LinkedList mOpenActors; // All protocol actors opened by this. IToplevelProtocol* mOpener; ProtocolId mProtocolId; Transport* mTrans; }; inline bool LoggingEnabled() { #if defined(DEBUG) return !!PR_GetEnv("MOZ_IPC_MESSAGE_LOG"); #else return false; #endif } inline bool LoggingEnabledFor(const char *aTopLevelProtocol) { #if defined(DEBUG) const char *filter = PR_GetEnv("MOZ_IPC_MESSAGE_LOG"); if (!filter) { return false; } return strcmp(filter, "1") == 0 || strcmp(filter, aTopLevelProtocol) == 0; #else return false; #endif } enum class MessageDirection { eSending, eReceiving, }; MOZ_NEVER_INLINE void LogMessageForProtocol(const char* aTopLevelProtocol, base::ProcessId aOtherPid, const char* aContextDescription, const char* aMessageDescription, MessageDirection aDirection); MOZ_NEVER_INLINE void ProtocolErrorBreakpoint(const char* aMsg); // The code generator calls this function for errors which come from the // methods of protocols. Doing this saves codesize by making the error // cases significantly smaller. MOZ_NEVER_INLINE void FatalError(const char* aProtocolName, const char* aMsg, bool aIsParent); // The code generator calls this function for errors which are not // protocol-specific: errors in generated struct methods or errors in // transition functions, for instance. Doing this saves codesize by // by making the error cases significantly smaller. MOZ_NEVER_INLINE void LogicError(const char* aMsg); struct PrivateIPDLInterface {}; nsresult Bridge(const PrivateIPDLInterface&, MessageChannel*, base::ProcessId, MessageChannel*, base::ProcessId, ProtocolId, ProtocolId); bool Open(const PrivateIPDLInterface&, MessageChannel*, base::ProcessId, Transport::Mode, ProtocolId, ProtocolId); bool UnpackChannelOpened(const PrivateIPDLInterface&, const IPC::Message&, TransportDescriptor*, base::ProcessId*, ProtocolId*); #if defined(XP_WIN) // This is a restricted version of Windows' DuplicateHandle() function // that works inside the sandbox and can send handles but not retrieve // them. Unlike DuplicateHandle(), it takes a process ID rather than // a process handle. It returns true on success, false otherwise. bool DuplicateHandle(HANDLE aSourceHandle, DWORD aTargetProcessId, HANDLE* aTargetHandle, DWORD aDesiredAccess, DWORD aOptions); #endif /** * Annotate the crash reporter with the error code from the most recent system * call. Returns the system error. */ #ifdef MOZ_CRASHREPORTER void AnnotateSystemError(); void AnnotateProcessInformation(base::ProcessId aPid); #else #define AnnotateSystemError() do { } while (0) #define AnnotateProcessInformation(...) do { } while (0) #endif /** * An endpoint represents one end of a partially initialized IPDL channel. To * set up a new top-level protocol: * * Endpoint parentEp; * Endpoint childEp; * nsresult rv; * rv = PFoo::CreateEndpoints(parentPid, childPid, &parentEp, &childEp); * * You're required to pass in parentPid and childPid, which are the pids of the * processes in which the parent and child endpoints will be used. * * Endpoints can be passed in IPDL messages or sent to other threads using * PostTask. Once an Endpoint has arrived at its destination process and thread, * you need to create the top-level actor and bind it to the endpoint: * * FooParent* parent = new FooParent(); * bool rv1 = parentEp.Bind(parent, processActor); * bool rv2 = parent->SendBar(...); * * (See Bind below for an explanation of processActor.) Once the actor is bound * to the endpoint, it can send and receive messages. */ template class Endpoint { public: typedef base::ProcessId ProcessId; Endpoint() : mValid(false) {} Endpoint(const PrivateIPDLInterface&, mozilla::ipc::Transport::Mode aMode, TransportDescriptor aTransport, ProcessId aMyPid, ProcessId aOtherPid, ProtocolId aProtocolId) : mValid(true) , mMode(aMode) , mTransport(aTransport) , mMyPid(aMyPid) , mOtherPid(aOtherPid) , mProtocolId(aProtocolId) {} Endpoint(Endpoint&& aOther) : mValid(aOther.mValid) , mMode(aOther.mMode) , mTransport(aOther.mTransport) , mMyPid(aOther.mMyPid) , mOtherPid(aOther.mOtherPid) , mProtocolId(aOther.mProtocolId) { aOther.mValid = false; } Endpoint& operator=(Endpoint&& aOther) { mValid = aOther.mValid; mMode = aOther.mMode; mTransport = aOther.mTransport; mMyPid = aOther.mMyPid; mOtherPid = aOther.mOtherPid; mProtocolId = aOther.mProtocolId; aOther.mValid = false; return *this; } ~Endpoint() { if (mValid) { CloseDescriptor(mTransport); } } // This method binds aActor to this endpoint. After this call, the actor can // be used to send and receive messages. The endpoint becomes invalid. The // |aProcessActor| parameter is used to associate protocols with content // processes. In practice, this parameter should always be a ContentParent // or ContentChild, depending on which process you are in. It is used to // find all the channels that need to be "frozen" or "revived" when creating // or cloning the Nuwa process. bool Bind(PFooSide* aActor, IToplevelProtocol* aProcessActor) { MOZ_RELEASE_ASSERT(mValid); MOZ_RELEASE_ASSERT(mMyPid == base::GetCurrentProcId()); Transport* t = mozilla::ipc::OpenDescriptor(mTransport, mMode); if (!t) { return false; } if (!aActor->Open(t, mOtherPid, XRE_GetIOMessageLoop(), mMode == Transport::MODE_SERVER ? ParentSide : ChildSide)) { return false; } mValid = false; aActor->SetTransport(t); if (aProcessActor) { aProcessActor->AddOpenedActor(aActor); } return true; } private: friend struct IPC::ParamTraits>; Endpoint(const Endpoint&) = delete; Endpoint& operator=(const Endpoint&) = delete; bool mValid; mozilla::ipc::Transport::Mode mMode; TransportDescriptor mTransport; ProcessId mMyPid, mOtherPid; ProtocolId mProtocolId; }; // This function is used internally to create a pair of Endpoints. See the // comment above Endpoint for a description of how it might be used. template nsresult CreateEndpoints(const PrivateIPDLInterface& aPrivate, base::ProcessId aParentDestPid, base::ProcessId aChildDestPid, ProtocolId aProtocol, ProtocolId aChildProtocol, Endpoint* aParentEndpoint, Endpoint* aChildEndpoint) { MOZ_RELEASE_ASSERT(aParentDestPid); MOZ_RELEASE_ASSERT(aChildDestPid); TransportDescriptor parentTransport, childTransport; nsresult rv; if (NS_FAILED(rv = CreateTransport(aParentDestPid, &parentTransport, &childTransport))) { return rv; } *aParentEndpoint = Endpoint(aPrivate, mozilla::ipc::Transport::MODE_SERVER, parentTransport, aParentDestPid, aChildDestPid, aProtocol); *aChildEndpoint = Endpoint(aPrivate, mozilla::ipc::Transport::MODE_CLIENT, childTransport, aChildDestPid, aParentDestPid, aChildProtocol); return NS_OK; } } // namespace ipc template using ManagedContainer = nsTHashtable>; template Protocol* LoneManagedOrNullAsserts(const ManagedContainer& aManagees) { if (aManagees.IsEmpty()) { return nullptr; } MOZ_ASSERT(aManagees.Count() == 1); return aManagees.ConstIter().Get()->GetKey(); } // appId's are for B2G only currently, where managees.Count() == 1. This is // not guaranteed currently in Desktop, so for paths used for desktop, // don't assert there's one managee. template Protocol* SingleManagedOrNull(const ManagedContainer& aManagees) { if (aManagees.Count() != 1) { return nullptr; } return aManagees.ConstIter().Get()->GetKey(); } } // namespace mozilla namespace IPC { template <> struct ParamTraits { typedef mozilla::ipc::ActorHandle paramType; static void Write(Message* aMsg, const paramType& aParam) { IPC::WriteParam(aMsg, aParam.mId); } static bool Read(const Message* aMsg, void** aIter, paramType* aResult) { int id; if (IPC::ReadParam(aMsg, aIter, &id)) { aResult->mId = id; return true; } return false; } static void Log(const paramType& aParam, std::wstring* aLog) { aLog->append(StringPrintf(L"(%d)", aParam.mId)); } }; template struct ParamTraits> { typedef mozilla::ipc::Endpoint paramType; static void Write(Message* aMsg, const paramType& aParam) { MOZ_RELEASE_ASSERT(aParam.mValid); IPC::WriteParam(aMsg, static_cast(aParam.mMode)); // We duplicate the descriptor so that our own file descriptor remains // valid after the write. An alternative would be to set // aParam.mTransport.mValid to false, but that won't work because aParam // is const. mozilla::ipc::TransportDescriptor desc = mozilla::ipc::DuplicateDescriptor(aParam.mTransport); IPC::WriteParam(aMsg, desc); IPC::WriteParam(aMsg, aParam.mMyPid); IPC::WriteParam(aMsg, aParam.mOtherPid); IPC::WriteParam(aMsg, static_cast(aParam.mProtocolId)); } static bool Read(const Message* aMsg, void** aIter, paramType* aResult) { MOZ_RELEASE_ASSERT(!aResult->mValid); aResult->mValid = true; uint32_t mode, protocolId; if (!IPC::ReadParam(aMsg, aIter, &mode) || !IPC::ReadParam(aMsg, aIter, &aResult->mTransport) || !IPC::ReadParam(aMsg, aIter, &aResult->mMyPid) || !IPC::ReadParam(aMsg, aIter, &aResult->mOtherPid) || !IPC::ReadParam(aMsg, aIter, &protocolId)) { return false; } aResult->mMode = Channel::Mode(mode); aResult->mProtocolId = mozilla::ipc::ProtocolId(protocolId); return true; } static void Log(const paramType& aParam, std::wstring* aLog) { aLog->append(StringPrintf(L"Endpoint")); } }; } // namespace IPC #endif // mozilla_ipc_ProtocolUtils_h