| blob | ba2fa1b9dc2c1a4ad29cb7952c90e8e235e108fc |
1 /*
2 * Copyright 2008, Google Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 *
9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above
12 * copyright notice, this list of conditions and the following disclaimer
13 * in the documentation and/or other materials provided with the
14 * distribution.
15 * * Neither the name of Google Inc. nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
32 /*
33 * NaCl Service Runtime. I/O Descriptor / Handle abstraction.
34 */
36 #ifndef NATIVE_CLIENT_SERVICE_RUNTIME_NACL_DESC_BASE_H_
37 #define NATIVE_CLIENT_SERVICE_RUNTIME_NACL_DESC_BASE_H_
40 /* defines PATH_MAX */
58 EXTERN_C_BEGIN
63 /*
64 * Externalization / internalization state, used by
65 * Externalize/Internalize functions. Externalize convert the
66 * descriptor represented by the self (this) object to an entry in the
67 * handles table in a NaClMessageHeader, and the Internalize function
68 * is a factory that takes a dgram and NaClDescXferState and
69 * constructs a vector of NaClDesc objects.
70 *
71 * This is essentially a pair of input/output iterators. The *_end
72 * values are not needed during externalization, since the SendMsg
73 * code will have queried ExternalizeSize to ensure that there is
74 * enough space. During internalization, however, we try to be more
75 * paranoid and check that we do not overrun our buffers.
76 *
77 * NB: we must assume that the NaClHandle values passed are the right
78 * type; if not, it is possible to violate invariant properties
79 * required by the various subclasses of NaClDesc.
80 */
82 /*
83 * In/out value, used for both serialization and deserialization.
84 * The Externalize method read/write type tags that are part of the
85 * message header as well as data-based capabilities in a
86 * self-describing format.
87 */
91 /*
92 * In/out value. Next handle to work on.
93 */
96 };
99 NACL_DESC_DIR,
100 NACL_DESC_HOST_IO,
101 NACL_DESC_CONN_CAP,
102 NACL_DESC_BOUND_SOCKET,
103 NACL_DESC_CONNECTED_SOCKET,
104 NACL_DESC_SHM,
105 NACL_DESC_MUTEX,
106 NACL_DESC_CONDVAR,
107 NACL_DESC_SEMAPHORE
108 /*
109 * Add new NaCDesc subclasses here.
110 *
111 * NB: when we add new tag types, NaClDescInternalize[] **MUST**
112 * also be updated to add new internalization functions.
113 */
114 };
115 #define NACL_DESC_TYPE_MAX (NACL_DESC_SEMAPHORE+1)
116 #define NACL_DESC_TYPE_END_TAG (0xff)
121 };
125 /*
126 * We add 0x10 here because pad must have at least one element.
127 * This unfortunately also means that if NaClInternalRealHeader is
128 * already a multiple of 16 in size, we will add in an unnecessary
129 * 16-byte pad. The preprocessor does not have access to sizeof
130 * information, so we cannot just get rid of the pad.
131 */
134 /* total size is a multiple of 16 bytes */
135 };
137 #define NACL_HANDLE_TRANSFER_PROTOCOL 0xd3c0de00
138 /* incr from here */
140 /*
141 * Array of function pointers, indexed by NaClDescTypeTag, any one of
142 * which will extract an externalized representation of the NaClDesc
143 * subclass object from the message, as referenced via
144 * NaClDescXferState, and when successful return the internalized
145 * representation -- a newl created NaClDesc subclass object -- to the
146 * caller via an out parameter. Returns 0 on success, negative errno
147 * value on failure.
148 *
149 * NB: we should have atomic failures. The caller is expected to
150 * allocate an array of NaClDesc pointers, and insert into the open
151 * file table of the receiving NaClApp (via the NaClDescEffector
152 * interface) only when all internalizations succeed. Since even the
153 * insertion can fail, the caller must keep track of the descriptor
154 * numbers in case it has to back out and report that the message is
155 * dropped.
156 *
157 * Also, when the NaClDesc object is constructed, the NaClHandle
158 * consumed (from the NaClDescXferState) MUST BE replaced with
159 * NACL_INVALID_HANDLE.
160 */
165 /*
166 * The virtual function table for NaClDesc and its subclasses.
167 *
168 * This interface will change when non-blocking I/O and epoll is
169 * added.
170 */
180 off_t offset);
181 /*
182 * UnmapUnsafe really unmaps and leaves a hole in the address space.
183 * It is intended for use by Map (through the effector interface) to
184 * clear out memory according to the memory object that is backing
185 * the memory, prior to putting new memory in place. Should not
186 * invoke effp->vtbl->UpdateAddrMap.
187 */
192 /*
193 * Unmap is the version that removes the mapping but continues to
194 * hold the address space in reserve, preventing it from being used
195 * accidentally by other threads. (Address-space squatting.)
196 *
197 * Should invoke effp->vtbl->UpdateAddrMap.
198 */
213 off_t offset,
215 /*
216 * TODO: Need to figure out which requests we support. Also,
217 * request determines arg size and whether it is an input or output arg!
218 */
229 /*
230 * Directory access support. Directories require support for getdents.
231 */
237 /*
238 * typeTag is one of the enumeration values from NaClDescTypeTag.
239 *
240 * This is not a class variable, since one must access it through an
241 * instance. Having a value in the vtable is not allowed in C++;
242 * instead, we would implement this as a virtual function that
243 * returns the type tag, or RTTI which would typically be done via
244 * examining the vtable pointer.
245 */
248 /*
249 * Externalization queries this for how many data bytes and how many
250 * handles are needed to transfer the "this" or "self" descriptor
251 * via IMC. If the descriptor is not transferrable, this should
252 * return -NACL_ABI_EINVAL. Success is indicated by 0, and other
253 * kinds of failure should be the usual negative errno. Should
254 * never have to put the calling thread to sleep or otherwise
255 * manipulate thread or process state.
256 *
257 * The nbytes returned do not include any kind of type tag. The
258 * type tag overhead is computed by the MsgSend code, since tagging
259 * format need not be known by the per-descriptor externalization
260 * code.
261 */
265 /*
266 * Externalize the "this" or "self" descriptor: this will take an
267 * IMC datagram object to which the Nrd will be appended, either as
268 * special control data or as a descriptor/handle to be passed to
269 * the recipient. Should never have to put the calling thread to
270 * sleep or otherwise manipulate thread or process state.
271 */
274 /*
275 * Lock and similar syscalls cannot just indefintely block,
276 * since address space move will require that all other threads are
277 * stopped and in a known
278 */
315 /*
316 * Inappropriate methods for the subclass will just return
317 * -NACL_ABI_EINVAL.
318 */
319 };
325 };
327 /*
328 * Placement new style ctor; creates w/ ref_count of 1.
329 *
330 * The subclasses' ctor must call this base class ctor during their
331 * contruction.
332 */
335 /* Typically it is incorrect to call the dtor directly; see NaClDescUnref */
340 /* when ref_count reaches zero, will call dtor and free */
343 /*
344 * subclasses
345 */
347 /*
348 * Directory descriptors
349 */
355 };
360 /*
361 * I/O descriptors
362 */
367 /*
368 * No locks are needed for accessing class members; NaClHostDesc
369 * should ensure thread safety, and uses are read-only.
370 *
371 * If we later added state that needs locking, beware lock order.
372 */
374 };
381 /*
382 * IMC socket addresses.
383 */
387 };
394 /*
395 * IMC bound sockets.
396 */
399 NaClHandle h;
400 };
407 /*
408 * IMC connected sockets.
409 */
412 NaClHandle h;
413 };
422 NaClHandle h;
424 };
434 };
444 };
454 };
459 /* utility routines */
463 /* in PLATFORM/nacl_desc.c */
468 /* default functions for the vtable - return -NACL_ABI_EINVAL */
477 off_t offset);
497 off_t offset,
558 EXTERN_C_END