blob: 18aa8168ec7040ca0d9fc34b9caa43aabd1d787d [file] [log] [blame]
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef BASE_MEMORY_SHARED_MEMORY_HANDLE_H_
#define BASE_MEMORY_SHARED_MEMORY_HANDLE_H_
#include <stddef.h>
#include "base/unguessable_token.h"
#include "build_config.h"
#if defined(OS_WIN)
#include "base/process/process_handle.h"
#include "base/win/windows_types.h"
#elif defined(OS_MACOSX) && !defined(OS_IOS)
#include <mach/mach.h>
#include "base/base_export.h"
#include "base/file_descriptor_posix.h"
#include "base/macros.h"
#include "base/process/process_handle.h"
#elif defined(OS_POSIX) || defined(OS_FUCHSIA)
#include <sys/types.h>
#include "base/file_descriptor_posix.h"
#endif
namespace base {
// SharedMemoryHandle is the smallest possible IPC-transportable "reference" to
// a shared memory OS resource. A "reference" can be consumed exactly once [by
// base::SharedMemory] to map the shared memory OS resource into the virtual
// address space of the current process.
// TODO(erikchen): This class should have strong ownership semantics to prevent
// leaks of the underlying OS resource. https://crbug.com/640840.
class BASE_EXPORT SharedMemoryHandle {
public:
// The default constructor returns an invalid SharedMemoryHandle.
SharedMemoryHandle();
// Standard copy constructor. The new instance shares the underlying OS
// primitives.
SharedMemoryHandle(const SharedMemoryHandle& handle);
// Standard assignment operator. The updated instance shares the underlying
// OS primitives.
SharedMemoryHandle& operator=(const SharedMemoryHandle& handle);
// Closes the underlying OS resource.
// The fact that this method needs to be "const" is an artifact of the
// original interface for base::SharedMemory::CloseHandle.
// TODO(erikchen): This doesn't clear the underlying reference, which seems
// like a bug, but is how this class has always worked. Fix this:
// https://crbug.com/716072.
void Close() const;
// Whether ownership of the underlying OS resource is implicitly passed to
// the IPC subsystem during serialization.
void SetOwnershipPassesToIPC(bool ownership_passes);
bool OwnershipPassesToIPC() const;
// Whether the underlying OS resource is valid.
bool IsValid() const;
// Duplicates the underlying OS resource. Using the return value as a
// parameter to an IPC message will cause the IPC subsystem to consume the OS
// resource.
SharedMemoryHandle Duplicate() const;
// Uniques identifies the shared memory region that the underlying OS resource
// points to. Multiple SharedMemoryHandles that point to the same shared
// memory region will have the same GUID. Preserved across IPC.
base::UnguessableToken GetGUID() const;
// Returns the size of the memory region that SharedMemoryHandle points to.
size_t GetSize() const;
#if defined(OS_WIN)
// Takes implicit ownership of |h|.
// |guid| uniquely identifies the shared memory region pointed to by the
// underlying OS resource. If the HANDLE is associated with another
// SharedMemoryHandle, the caller must pass the |guid| of that
// SharedMemoryHandle. Otherwise, the caller should generate a new
// UnguessableToken.
// Passing the wrong |size| has no immediate consequence, but may cause errors
// when trying to map the SharedMemoryHandle at a later point in time.
SharedMemoryHandle(HANDLE h, size_t size, const base::UnguessableToken& guid);
HANDLE GetHandle() const;
#elif defined(OS_FUCHSIA)
// Takes implicit ownership of |h|.
// |guid| uniquely identifies the shared memory region pointed to by the
// underlying OS resource. If the zx_handle_t is associated with another
// SharedMemoryHandle, the caller must pass the |guid| of that
// SharedMemoryHandle. Otherwise, the caller should generate a new
// UnguessableToken.
// Passing the wrong |size| has no immediate consequence, but may cause errors
// when trying to map the SharedMemoryHandle at a later point in time.
SharedMemoryHandle(zx_handle_t h,
size_t size,
const base::UnguessableToken& guid);
zx_handle_t GetHandle() const;
#elif defined(OS_MACOSX) && !defined(OS_IOS)
enum Type {
// The SharedMemoryHandle is backed by a POSIX fd.
POSIX,
// The SharedMemoryHandle is backed by the Mach primitive "memory object".
MACH,
};
// Makes a Mach-based SharedMemoryHandle of the given size. On error,
// subsequent calls to IsValid() return false.
// Passing the wrong |size| has no immediate consequence, but may cause errors
// when trying to map the SharedMemoryHandle at a later point in time.
SharedMemoryHandle(mach_vm_size_t size, const base::UnguessableToken& guid);
// Makes a Mach-based SharedMemoryHandle from |memory_object|, a named entry
// in the current task. The memory region has size |size|.
// Passing the wrong |size| has no immediate consequence, but may cause errors
// when trying to map the SharedMemoryHandle at a later point in time.
SharedMemoryHandle(mach_port_t memory_object,
mach_vm_size_t size,
const base::UnguessableToken& guid);
// Exposed so that the SharedMemoryHandle can be transported between
// processes.
mach_port_t GetMemoryObject() const;
// The SharedMemoryHandle must be valid.
// Returns whether the SharedMemoryHandle was successfully mapped into memory.
// On success, |memory| is an output variable that contains the start of the
// mapped memory.
bool MapAt(off_t offset, size_t bytes, void** memory, bool read_only);
#elif defined(OS_POSIX)
// Creates a SharedMemoryHandle from an |fd| supplied from an external
// service.
// Passing the wrong |size| has no immediate consequence, but may cause errors
// when trying to map the SharedMemoryHandle at a later point in time.
static SharedMemoryHandle ImportHandle(int fd, size_t size);
// Returns the underlying OS resource.
int GetHandle() const;
// Invalidates [but doesn't close] the underlying OS resource. This will leak
// unless the caller is careful.
int Release();
#endif
#if defined(OS_ANDROID)
// Marks the current file descriptor as read-only, for the purpose of
// mapping. This is independent of the region's read-only status.
void SetReadOnly() { read_only_ = true; }
// Returns true iff the descriptor is to be used for read-only
// mappings.
bool IsReadOnly() const { return read_only_; }
// Returns true iff the corresponding region is read-only.
bool IsRegionReadOnly() const;
// Try to set the region read-only. This will fail any future attempt
// at read-write mapping.
bool SetRegionReadOnly() const;
#endif
#if defined(OS_POSIX)
// Constructs a SharedMemoryHandle backed by a FileDescriptor. The newly
// created instance has the same ownership semantics as base::FileDescriptor.
// This typically means that the SharedMemoryHandle takes ownership of the
// |fd| if |auto_close| is true. Unfortunately, it's common for existing code
// to make shallow copies of SharedMemoryHandle, and the one that is finally
// passed into a base::SharedMemory is the one that "consumes" the fd.
//
// |guid| uniquely identifies the shared memory region pointed to by the
// underlying OS resource. If |file_descriptor| is associated with another
// SharedMemoryHandle, the caller must pass the |guid| of that
// SharedMemoryHandle. Otherwise, the caller should generate a new
// UnguessableToken.
// Passing the wrong |size| has no immediate consequence, but may cause errors
// when trying to map the SharedMemoryHandle at a later point in time.
SharedMemoryHandle(const base::FileDescriptor& file_descriptor,
size_t size,
const base::UnguessableToken& guid);
#endif
private:
#if defined(OS_WIN)
HANDLE handle_ = nullptr;
// Whether passing this object as a parameter to an IPC message passes
// ownership of |handle_| to the IPC stack. This is meant to mimic the
// behavior of the |auto_close| parameter of FileDescriptor. This member only
// affects attachment-brokered SharedMemoryHandles.
// Defaults to |false|.
bool ownership_passes_to_ipc_ = false;
#elif defined(OS_FUCHSIA)
zx_handle_t handle_ = ZX_HANDLE_INVALID;
bool ownership_passes_to_ipc_ = false;
#elif defined(OS_MACOSX) && !defined(OS_IOS)
friend class SharedMemory;
friend bool CheckReadOnlySharedMemoryHandleForTesting(
SharedMemoryHandle handle);
Type type_ = MACH;
// Each instance of a SharedMemoryHandle is backed either by a POSIX fd or a
// mach port. |type_| determines the backing member.
union {
FileDescriptor file_descriptor_;
struct {
mach_port_t memory_object_ = MACH_PORT_NULL;
// Whether passing this object as a parameter to an IPC message passes
// ownership of |memory_object_| to the IPC stack. This is meant to mimic
// the behavior of the |auto_close| parameter of FileDescriptor.
// Defaults to |false|.
bool ownership_passes_to_ipc_ = false;
};
};
#elif defined(OS_ANDROID)
friend class SharedMemory;
FileDescriptor file_descriptor_;
bool read_only_ = false;
#elif defined(OS_POSIX)
FileDescriptor file_descriptor_;
#endif
base::UnguessableToken guid_;
// The size of the region referenced by the SharedMemoryHandle.
size_t size_ = 0;
};
} // namespace base
#endif // BASE_MEMORY_SHARED_MEMORY_HANDLE_H_