1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/browser/renderer_host/render_widget_helper.h"
6
7 #include "base/bind.h"
8 #include "base/bind_helpers.h"
9 #include "base/lazy_instance.h"
10 #include "base/posix/eintr_wrapper.h"
11 #include "base/threading/thread.h"
12 #include "base/threading/thread_restrictions.h"
13 #include "content/browser/gpu/gpu_surface_tracker.h"
14 #include "content/browser/loader/resource_dispatcher_host_impl.h"
15 #include "content/browser/renderer_host/render_process_host_impl.h"
16 #include "content/browser/renderer_host/render_view_host_impl.h"
17 #include "content/browser/dom_storage/session_storage_namespace_impl.h"
18 #include "content/common/view_messages.h"
19
20 namespace content {
21 namespace {
22
23 typedef std::map<int, RenderWidgetHelper*> WidgetHelperMap;
24 base::LazyInstance<WidgetHelperMap> g_widget_helpers =
25 LAZY_INSTANCE_INITIALIZER;
26
AddWidgetHelper(int render_process_id,const scoped_refptr<RenderWidgetHelper> & widget_helper)27 void AddWidgetHelper(int render_process_id,
28 const scoped_refptr<RenderWidgetHelper>& widget_helper) {
29 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
30 // We don't care if RenderWidgetHelpers overwrite an existing process_id. Just
31 // want this to be up to date.
32 g_widget_helpers.Get()[render_process_id] = widget_helper.get();
33 }
34
35 } // namespace
36
37 // A helper used with DidReceiveBackingStoreMsg that we hold a pointer to in
38 // pending_paints_.
39 class RenderWidgetHelper::BackingStoreMsgProxy {
40 public:
41 BackingStoreMsgProxy(RenderWidgetHelper* h, const IPC::Message& m);
42 ~BackingStoreMsgProxy();
43 void Run();
Cancel()44 void Cancel() { cancelled_ = true; }
45
message() const46 const IPC::Message& message() const { return message_; }
47
48 private:
49 scoped_refptr<RenderWidgetHelper> helper_;
50 IPC::Message message_;
51 bool cancelled_; // If true, then the message will not be dispatched.
52
53 DISALLOW_COPY_AND_ASSIGN(BackingStoreMsgProxy);
54 };
55
BackingStoreMsgProxy(RenderWidgetHelper * h,const IPC::Message & m)56 RenderWidgetHelper::BackingStoreMsgProxy::BackingStoreMsgProxy(
57 RenderWidgetHelper* h, const IPC::Message& m)
58 : helper_(h),
59 message_(m),
60 cancelled_(false) {
61 }
62
~BackingStoreMsgProxy()63 RenderWidgetHelper::BackingStoreMsgProxy::~BackingStoreMsgProxy() {
64 // If the paint message was never dispatched, then we need to let the
65 // helper know that we are going away.
66 if (!cancelled_ && helper_.get())
67 helper_->OnDiscardBackingStoreMsg(this);
68 }
69
Run()70 void RenderWidgetHelper::BackingStoreMsgProxy::Run() {
71 if (!cancelled_) {
72 helper_->OnDispatchBackingStoreMsg(this);
73 helper_ = NULL;
74 }
75 }
76
RenderWidgetHelper()77 RenderWidgetHelper::RenderWidgetHelper()
78 : render_process_id_(-1),
79 #if defined(OS_WIN)
80 event_(CreateEvent(NULL, FALSE /* auto-reset */, FALSE, NULL)),
81 #elif defined(OS_POSIX)
82 event_(false /* auto-reset */, false),
83 #endif
84 resource_dispatcher_host_(NULL) {
85 }
86
~RenderWidgetHelper()87 RenderWidgetHelper::~RenderWidgetHelper() {
88 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
89
90 // Delete this RWH from the map if it is found.
91 WidgetHelperMap& widget_map = g_widget_helpers.Get();
92 WidgetHelperMap::iterator it = widget_map.find(render_process_id_);
93 if (it != widget_map.end() && it->second == this)
94 widget_map.erase(it);
95
96 // The elements of pending_paints_ each hold an owning reference back to this
97 // object, so we should not be destroyed unless pending_paints_ is empty!
98 DCHECK(pending_paints_.empty());
99
100 #if defined(OS_POSIX) && !defined(TOOLKIT_GTK) && !defined(OS_ANDROID)
101 ClearAllocatedDIBs();
102 #endif
103 }
104
Init(int render_process_id,ResourceDispatcherHostImpl * resource_dispatcher_host)105 void RenderWidgetHelper::Init(
106 int render_process_id,
107 ResourceDispatcherHostImpl* resource_dispatcher_host) {
108 render_process_id_ = render_process_id;
109 resource_dispatcher_host_ = resource_dispatcher_host;
110
111 BrowserThread::PostTask(
112 BrowserThread::IO, FROM_HERE,
113 base::Bind(&AddWidgetHelper,
114 render_process_id_, make_scoped_refptr(this)));
115 }
116
GetNextRoutingID()117 int RenderWidgetHelper::GetNextRoutingID() {
118 return next_routing_id_.GetNext() + 1;
119 }
120
121 // static
FromProcessHostID(int render_process_host_id)122 RenderWidgetHelper* RenderWidgetHelper::FromProcessHostID(
123 int render_process_host_id) {
124 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
125 WidgetHelperMap::const_iterator ci = g_widget_helpers.Get().find(
126 render_process_host_id);
127 return (ci == g_widget_helpers.Get().end())? NULL : ci->second;
128 }
129
ResumeDeferredNavigation(const GlobalRequestID & request_id)130 void RenderWidgetHelper::ResumeDeferredNavigation(
131 const GlobalRequestID& request_id) {
132 BrowserThread::PostTask(
133 BrowserThread::IO, FROM_HERE,
134 base::Bind(&RenderWidgetHelper::OnResumeDeferredNavigation,
135 this,
136 request_id));
137 }
138
WaitForBackingStoreMsg(int render_widget_id,const base::TimeDelta & max_delay,IPC::Message * msg)139 bool RenderWidgetHelper::WaitForBackingStoreMsg(
140 int render_widget_id, const base::TimeDelta& max_delay, IPC::Message* msg) {
141 base::TimeTicks time_start = base::TimeTicks::Now();
142
143 for (;;) {
144 BackingStoreMsgProxy* proxy = NULL;
145 {
146 base::AutoLock lock(pending_paints_lock_);
147
148 BackingStoreMsgProxyMap::iterator it =
149 pending_paints_.find(render_widget_id);
150 if (it != pending_paints_.end()) {
151 BackingStoreMsgProxyQueue &queue = it->second;
152 DCHECK(!queue.empty());
153 proxy = queue.front();
154
155 // Flag the proxy as cancelled so that when it is run as a task it will
156 // do nothing.
157 proxy->Cancel();
158
159 queue.pop_front();
160 if (queue.empty())
161 pending_paints_.erase(it);
162 }
163 }
164
165 if (proxy) {
166 *msg = proxy->message();
167 DCHECK(msg->routing_id() == render_widget_id);
168 return true;
169 }
170
171 // Calculate the maximum amount of time that we are willing to sleep.
172 base::TimeDelta max_sleep_time =
173 max_delay - (base::TimeTicks::Now() - time_start);
174 if (max_sleep_time <= base::TimeDelta::FromMilliseconds(0))
175 break;
176
177 base::ThreadRestrictions::ScopedAllowWait allow_wait;
178 event_.TimedWait(max_sleep_time);
179 }
180
181 return false;
182 }
183
ResumeRequestsForView(int route_id)184 void RenderWidgetHelper::ResumeRequestsForView(int route_id) {
185 // We only need to resume blocked requests if we used a valid route_id.
186 // See CreateNewWindow.
187 if (route_id != MSG_ROUTING_NONE) {
188 BrowserThread::PostTask(
189 BrowserThread::IO, FROM_HERE,
190 base::Bind(&RenderWidgetHelper::OnResumeRequestsForView,
191 this, route_id));
192 }
193 }
194
DidReceiveBackingStoreMsg(const IPC::Message & msg)195 void RenderWidgetHelper::DidReceiveBackingStoreMsg(const IPC::Message& msg) {
196 int render_widget_id = msg.routing_id();
197
198 BackingStoreMsgProxy* proxy = new BackingStoreMsgProxy(this, msg);
199 {
200 base::AutoLock lock(pending_paints_lock_);
201
202 pending_paints_[render_widget_id].push_back(proxy);
203 }
204
205 // Notify anyone waiting on the UI thread that there is a new entry in the
206 // proxy map. If they don't find the entry they are looking for, then they
207 // will just continue waiting.
208 event_.Signal();
209
210 BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
211 base::Bind(&BackingStoreMsgProxy::Run, base::Owned(proxy)));
212 }
213
OnDiscardBackingStoreMsg(BackingStoreMsgProxy * proxy)214 void RenderWidgetHelper::OnDiscardBackingStoreMsg(BackingStoreMsgProxy* proxy) {
215 const IPC::Message& msg = proxy->message();
216
217 // Remove the proxy from the map now that we are going to handle it normally.
218 {
219 base::AutoLock lock(pending_paints_lock_);
220
221 BackingStoreMsgProxyMap::iterator it =
222 pending_paints_.find(msg.routing_id());
223 DCHECK(it != pending_paints_.end());
224 BackingStoreMsgProxyQueue &queue = it->second;
225 DCHECK(queue.front() == proxy);
226
227 queue.pop_front();
228 if (queue.empty())
229 pending_paints_.erase(it);
230 }
231 }
232
OnDispatchBackingStoreMsg(BackingStoreMsgProxy * proxy)233 void RenderWidgetHelper::OnDispatchBackingStoreMsg(
234 BackingStoreMsgProxy* proxy) {
235 OnDiscardBackingStoreMsg(proxy);
236
237 // It is reasonable for the host to no longer exist.
238 RenderProcessHost* host = RenderProcessHost::FromID(render_process_id_);
239 if (host)
240 host->OnMessageReceived(proxy->message());
241 }
242
OnResumeDeferredNavigation(const GlobalRequestID & request_id)243 void RenderWidgetHelper::OnResumeDeferredNavigation(
244 const GlobalRequestID& request_id) {
245 resource_dispatcher_host_->ResumeDeferredNavigation(request_id);
246 }
247
CreateNewWindow(const ViewHostMsg_CreateWindow_Params & params,bool no_javascript_access,base::ProcessHandle render_process,int * route_id,int * main_frame_route_id,int * surface_id,SessionStorageNamespace * session_storage_namespace)248 void RenderWidgetHelper::CreateNewWindow(
249 const ViewHostMsg_CreateWindow_Params& params,
250 bool no_javascript_access,
251 base::ProcessHandle render_process,
252 int* route_id,
253 int* main_frame_route_id,
254 int* surface_id,
255 SessionStorageNamespace* session_storage_namespace) {
256 if (params.opener_suppressed || no_javascript_access) {
257 // If the opener is supppressed or script access is disallowed, we should
258 // open the window in a new BrowsingInstance, and thus a new process. That
259 // means the current renderer process will not be able to route messages to
260 // it. Because of this, we will immediately show and navigate the window
261 // in OnCreateWindowOnUI, using the params provided here.
262 *route_id = MSG_ROUTING_NONE;
263 *main_frame_route_id = MSG_ROUTING_NONE;
264 *surface_id = 0;
265 } else {
266 *route_id = GetNextRoutingID();
267 *main_frame_route_id = GetNextRoutingID();
268 *surface_id = GpuSurfaceTracker::Get()->AddSurfaceForRenderer(
269 render_process_id_, *route_id);
270 // Block resource requests until the view is created, since the HWND might
271 // be needed if a response ends up creating a plugin.
272 resource_dispatcher_host_->BlockRequestsForRoute(
273 render_process_id_, *route_id);
274 resource_dispatcher_host_->BlockRequestsForRoute(
275 render_process_id_, *main_frame_route_id);
276 }
277
278 BrowserThread::PostTask(
279 BrowserThread::UI, FROM_HERE,
280 base::Bind(&RenderWidgetHelper::OnCreateWindowOnUI,
281 this, params, *route_id, *main_frame_route_id,
282 make_scoped_refptr(session_storage_namespace)));
283 }
284
OnCreateWindowOnUI(const ViewHostMsg_CreateWindow_Params & params,int route_id,int main_frame_route_id,SessionStorageNamespace * session_storage_namespace)285 void RenderWidgetHelper::OnCreateWindowOnUI(
286 const ViewHostMsg_CreateWindow_Params& params,
287 int route_id,
288 int main_frame_route_id,
289 SessionStorageNamespace* session_storage_namespace) {
290 RenderViewHostImpl* host =
291 RenderViewHostImpl::FromID(render_process_id_, params.opener_id);
292 if (host)
293 host->CreateNewWindow(route_id, main_frame_route_id, params,
294 session_storage_namespace);
295 }
296
OnResumeRequestsForView(int route_id)297 void RenderWidgetHelper::OnResumeRequestsForView(int route_id) {
298 resource_dispatcher_host_->ResumeBlockedRequestsForRoute(
299 render_process_id_, route_id);
300 }
301
CreateNewWidget(int opener_id,blink::WebPopupType popup_type,int * route_id,int * surface_id)302 void RenderWidgetHelper::CreateNewWidget(int opener_id,
303 blink::WebPopupType popup_type,
304 int* route_id,
305 int* surface_id) {
306 *route_id = GetNextRoutingID();
307 *surface_id = GpuSurfaceTracker::Get()->AddSurfaceForRenderer(
308 render_process_id_, *route_id);
309 BrowserThread::PostTask(
310 BrowserThread::UI, FROM_HERE,
311 base::Bind(
312 &RenderWidgetHelper::OnCreateWidgetOnUI, this, opener_id, *route_id,
313 popup_type));
314 }
315
CreateNewFullscreenWidget(int opener_id,int * route_id,int * surface_id)316 void RenderWidgetHelper::CreateNewFullscreenWidget(int opener_id,
317 int* route_id,
318 int* surface_id) {
319 *route_id = GetNextRoutingID();
320 *surface_id = GpuSurfaceTracker::Get()->AddSurfaceForRenderer(
321 render_process_id_, *route_id);
322 BrowserThread::PostTask(
323 BrowserThread::UI, FROM_HERE,
324 base::Bind(
325 &RenderWidgetHelper::OnCreateFullscreenWidgetOnUI, this,
326 opener_id, *route_id));
327 }
328
OnCreateWidgetOnUI(int opener_id,int route_id,blink::WebPopupType popup_type)329 void RenderWidgetHelper::OnCreateWidgetOnUI(
330 int opener_id, int route_id, blink::WebPopupType popup_type) {
331 RenderViewHostImpl* host = RenderViewHostImpl::FromID(
332 render_process_id_, opener_id);
333 if (host)
334 host->CreateNewWidget(route_id, popup_type);
335 }
336
OnCreateFullscreenWidgetOnUI(int opener_id,int route_id)337 void RenderWidgetHelper::OnCreateFullscreenWidgetOnUI(int opener_id,
338 int route_id) {
339 RenderViewHostImpl* host = RenderViewHostImpl::FromID(
340 render_process_id_, opener_id);
341 if (host)
342 host->CreateNewFullscreenWidget(route_id);
343 }
344
345 #if defined(OS_POSIX) && !defined(TOOLKIT_GTK) && !defined(OS_ANDROID)
MapTransportDIB(TransportDIB::Id dib_id)346 TransportDIB* RenderWidgetHelper::MapTransportDIB(TransportDIB::Id dib_id) {
347 base::AutoLock locked(allocated_dibs_lock_);
348
349 const std::map<TransportDIB::Id, int>::iterator
350 i = allocated_dibs_.find(dib_id);
351 if (i == allocated_dibs_.end())
352 return NULL;
353
354 base::FileDescriptor fd(dup(i->second), true);
355 return TransportDIB::Map(fd);
356 }
357
AllocTransportDIB(uint32 size,bool cache_in_browser,TransportDIB::Handle * result)358 void RenderWidgetHelper::AllocTransportDIB(uint32 size,
359 bool cache_in_browser,
360 TransportDIB::Handle* result) {
361 scoped_ptr<base::SharedMemory> shared_memory(new base::SharedMemory());
362 if (!shared_memory->CreateAnonymous(size)) {
363 result->fd = -1;
364 result->auto_close = false;
365 return;
366 }
367
368 shared_memory->GiveToProcess(0 /* pid, not needed */, result);
369
370 if (cache_in_browser) {
371 // Keep a copy of the file descriptor around
372 base::AutoLock locked(allocated_dibs_lock_);
373 allocated_dibs_[shared_memory->id()] = dup(result->fd);
374 }
375 }
376
FreeTransportDIB(TransportDIB::Id dib_id)377 void RenderWidgetHelper::FreeTransportDIB(TransportDIB::Id dib_id) {
378 base::AutoLock locked(allocated_dibs_lock_);
379
380 const std::map<TransportDIB::Id, int>::iterator
381 i = allocated_dibs_.find(dib_id);
382
383 if (i != allocated_dibs_.end()) {
384 if (IGNORE_EINTR(close(i->second)) < 0)
385 PLOG(ERROR) << "close";
386 allocated_dibs_.erase(i);
387 } else {
388 DLOG(WARNING) << "Renderer asked us to free unknown transport DIB";
389 }
390 }
391
ClearAllocatedDIBs()392 void RenderWidgetHelper::ClearAllocatedDIBs() {
393 for (std::map<TransportDIB::Id, int>::iterator
394 i = allocated_dibs_.begin(); i != allocated_dibs_.end(); ++i) {
395 if (IGNORE_EINTR(close(i->second)) < 0)
396 PLOG(ERROR) << "close: " << i->first;
397 }
398
399 allocated_dibs_.clear();
400 }
401 #endif
402
403 } // namespace content
404