search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
More explicit thread checking in SafeBrowsingDatabase.
[chromium-blink-merge.git] / mojo / edk / system / handle_table.cc
blobe054919eca83e5bf2e3c6112e821c7c415728fae
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "mojo/edk/system/handle_table.h"
6
7 #include <limits>
8 #include "base/logging.h"
9 #include "base/macros.h"
10 #include "mojo/edk/system/configuration.h"
11 #include "mojo/edk/system/dispatcher.h"
12
13 namespace mojo {
14 namespace system {
15
16 HandleTable::Entry::Entry() : busy(false) {
17 }
18
19 HandleTable::Entry::Entry(const scoped_refptr<Dispatcher>& dispatcher)
20 : dispatcher(dispatcher), busy(false) {
21 }
22
23 HandleTable::Entry::~Entry() {
24 DCHECK(!busy);
25 }
26
27 HandleTable::HandleTable() : next_handle_(MOJO_HANDLE_INVALID + 1) {
28 }
29
30 HandleTable::~HandleTable() {
31 // This should usually not be reached (the only instance should be owned by
32 // the singleton |Core|, which lives forever), except in tests.
33 }
34
35 Dispatcher* HandleTable::GetDispatcher(MojoHandle handle) {
36 DCHECK_NE(handle, MOJO_HANDLE_INVALID);
37
38 HandleToEntryMap::iterator it = handle_to_entry_map_.find(handle);
39 if (it == handle_to_entry_map_.end())
40 return nullptr;
41 return it->second.dispatcher.get();
42 }
43
44 MojoResult HandleTable::GetAndRemoveDispatcher(
45 MojoHandle handle,
46 scoped_refptr<Dispatcher>* dispatcher) {
47 DCHECK_NE(handle, MOJO_HANDLE_INVALID);
48 DCHECK(dispatcher);
49
50 HandleToEntryMap::iterator it = handle_to_entry_map_.find(handle);
51 if (it == handle_to_entry_map_.end())
52 return MOJO_RESULT_INVALID_ARGUMENT;
53 if (it->second.busy)
54 return MOJO_RESULT_BUSY;
55 *dispatcher = it->second.dispatcher;
56 handle_to_entry_map_.erase(it);
57
58 return MOJO_RESULT_OK;
59 }
60
61 MojoHandle HandleTable::AddDispatcher(
62 const scoped_refptr<Dispatcher>& dispatcher) {
63 if (handle_to_entry_map_.size() >= GetConfiguration().max_handle_table_size)
64 return MOJO_HANDLE_INVALID;
65 return AddDispatcherNoSizeCheck(dispatcher);
66 }
67
68 std::pair<MojoHandle, MojoHandle> HandleTable::AddDispatcherPair(
69 const scoped_refptr<Dispatcher>& dispatcher0,
70 const scoped_refptr<Dispatcher>& dispatcher1) {
71 if (handle_to_entry_map_.size() + 1 >=
72 GetConfiguration().max_handle_table_size)
73 return std::make_pair(MOJO_HANDLE_INVALID, MOJO_HANDLE_INVALID);
74 return std::make_pair(AddDispatcherNoSizeCheck(dispatcher0),
75 AddDispatcherNoSizeCheck(dispatcher1));
76 }
77
78 bool HandleTable::AddDispatcherVector(const DispatcherVector& dispatchers,
79 MojoHandle* handles) {
80 size_t max_message_num_handles = GetConfiguration().max_message_num_handles;
81 size_t max_handle_table_size = GetConfiguration().max_handle_table_size;
82
83 DCHECK_LE(dispatchers.size(), max_message_num_handles);
84 DCHECK(handles);
85 DCHECK_LT(
86 static_cast<uint64_t>(max_handle_table_size) + max_message_num_handles,
87 std::numeric_limits<size_t>::max())
88 << "Addition may overflow";
89
90 if (handle_to_entry_map_.size() + dispatchers.size() > max_handle_table_size)
91 return false;
92
93 for (size_t i = 0; i < dispatchers.size(); i++) {
94 if (dispatchers[i]) {
95 handles[i] = AddDispatcherNoSizeCheck(dispatchers[i]);
96 } else {
97 LOG(WARNING) << "Invalid dispatcher at index " << i;
98 handles[i] = MOJO_HANDLE_INVALID;
99 }
100 }
101 return true;
102 }
103
104 MojoResult HandleTable::MarkBusyAndStartTransport(
105 MojoHandle disallowed_handle,
106 const MojoHandle* handles,
107 uint32_t num_handles,
108 std::vector<DispatcherTransport>* transports) {
109 DCHECK_NE(disallowed_handle, MOJO_HANDLE_INVALID);
110 DCHECK(handles);
111 DCHECK_LE(num_handles, GetConfiguration().max_message_num_handles);
112 DCHECK(transports);
113 DCHECK_EQ(transports->size(), num_handles);
114
115 std::vector<Entry*> entries(num_handles);
116
117 // First verify all the handles and get their dispatchers.
118 uint32_t i;
119 MojoResult error_result = MOJO_RESULT_INTERNAL;
120 for (i = 0; i < num_handles; i++) {
121 // Sending your own handle is not allowed (and, for consistency, returns
122 // "busy").
123 if (handles[i] == disallowed_handle) {
124 error_result = MOJO_RESULT_BUSY;
125 break;
126 }
127
128 HandleToEntryMap::iterator it = handle_to_entry_map_.find(handles[i]);
129 if (it == handle_to_entry_map_.end()) {
130 error_result = MOJO_RESULT_INVALID_ARGUMENT;
131 break;
132 }
133
134 entries[i] = &it->second;
135 if (entries[i]->busy) {
136 error_result = MOJO_RESULT_BUSY;
137 break;
138 }
139 // Note: By marking the handle as busy here, we're also preventing the
140 // same handle from being sent multiple times in the same message.
141 entries[i]->busy = true;
142
143 // Try to start the transport.
144 DispatcherTransport transport =
145 Dispatcher::HandleTableAccess::TryStartTransport(
146 entries[i]->dispatcher.get());
147 if (!transport.is_valid()) {
148 // Only log for Debug builds, since this is not a problem with the system
149 // code, but with user code.
150 DLOG(WARNING) << "Likely race condition in user code detected: attempt "
151 "to transfer handle " << handles[i]
152 << " while it is in use on a different thread";
153
154 // Unset the busy flag (since it won't be unset below).
155 entries[i]->busy = false;
156 error_result = MOJO_RESULT_BUSY;
157 break;
158 }
159
160 // Check if the dispatcher is busy (e.g., in a two-phase read/write).
161 // (Note that this must be done after the dispatcher's lock is acquired.)
162 if (transport.IsBusy()) {
163 // Unset the busy flag and end the transport (since it won't be done
164 // below).
165 entries[i]->busy = false;
166 transport.End();
167 error_result = MOJO_RESULT_BUSY;
168 break;
169 }
170
171 // Hang on to the transport (which we'll need to end the transport).
172 (*transports)[i] = transport;
173 }
174 if (i < num_handles) {
175 DCHECK_NE(error_result, MOJO_RESULT_INTERNAL);
176
177 // Unset the busy flags and release the locks.
178 for (uint32_t j = 0; j < i; j++) {
179 DCHECK(entries[j]->busy);
180 entries[j]->busy = false;
181 (*transports)[j].End();
182 }
183 return error_result;
184 }
185
186 return MOJO_RESULT_OK;
187 }
188
189 MojoHandle HandleTable::AddDispatcherNoSizeCheck(
190 const scoped_refptr<Dispatcher>& dispatcher) {
191 DCHECK(dispatcher);
192 DCHECK_LT(handle_to_entry_map_.size(),
193 GetConfiguration().max_handle_table_size);
194 DCHECK_NE(next_handle_, MOJO_HANDLE_INVALID);
195
196 // TODO(vtl): Maybe we want to do something different/smarter. (Or maybe try
197 // assigning randomly?)
198 while (handle_to_entry_map_.find(next_handle_) !=
199 handle_to_entry_map_.end()) {
200 next_handle_++;
201 if (next_handle_ == MOJO_HANDLE_INVALID)
202 next_handle_++;
203 }
204
205 MojoHandle new_handle = next_handle_;
206 handle_to_entry_map_[new_handle] = Entry(dispatcher);
207
208 next_handle_++;
209 if (next_handle_ == MOJO_HANDLE_INVALID)
210 next_handle_++;
211
212 return new_handle;
213 }
214
215 void HandleTable::RemoveBusyHandles(const MojoHandle* handles,
216 uint32_t num_handles) {
217 DCHECK(handles);
218 DCHECK_LE(num_handles, GetConfiguration().max_message_num_handles);
219
220 for (uint32_t i = 0; i < num_handles; i++) {
221 HandleToEntryMap::iterator it = handle_to_entry_map_.find(handles[i]);
222 DCHECK(it != handle_to_entry_map_.end());
223 DCHECK(it->second.busy);
224 it->second.busy = false; // For the sake of a |DCHECK()|.
225 handle_to_entry_map_.erase(it);
226 }
227 }
228
229 void HandleTable::RestoreBusyHandles(const MojoHandle* handles,
230 uint32_t num_handles) {
231 DCHECK(handles);
232 DCHECK_LE(num_handles, GetConfiguration().max_message_num_handles);
233
234 for (uint32_t i = 0; i < num_handles; i++) {
235 HandleToEntryMap::iterator it = handle_to_entry_map_.find(handles[i]);
236 DCHECK(it != handle_to_entry_map_.end());
237 DCHECK(it->second.busy);
238 it->second.busy = false;
239 }
240 }
241
242 } // namespace system
243 } // namespace mojo