1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/plugin/plugin_channel.h"
6
7 #include "base/bind.h"
8 #include "base/command_line.h"
9 #include "base/process/process_handle.h"
10 #include "base/strings/string_util.h"
11 #include "base/synchronization/lock.h"
12 #include "base/synchronization/waitable_event.h"
13 #include "build/build_config.h"
14 #include "content/child/child_process.h"
15 #include "content/child/npapi/plugin_instance.h"
16 #include "content/child/npapi/webplugin_delegate_impl.h"
17 #include "content/child/plugin_messages.h"
18 #include "content/common/plugin_process_messages.h"
19 #include "content/plugin/plugin_thread.h"
20 #include "content/plugin/webplugin_delegate_stub.h"
21 #include "content/plugin/webplugin_proxy.h"
22 #include "content/public/common/content_switches.h"
23 #include "ipc/message_filter.h"
24 #include "third_party/WebKit/public/web/WebBindings.h"
25
26 #if defined(OS_POSIX)
27 #include "ipc/ipc_channel_posix.h"
28 #endif
29
30 using blink::WebBindings;
31
32 namespace content {
33
34 namespace {
35
36 // How long we wait before releasing the plugin process.
37 const int kPluginReleaseTimeMinutes = 5;
38
39 } // namespace
40
41 // If a sync call to the renderer results in a modal dialog, we need to have a
42 // way to know so that we can run a nested message loop to simulate what would
43 // happen in a single process browser and avoid deadlock.
44 class PluginChannel::MessageFilter : public IPC::MessageFilter {
45 public:
MessageFilter()46 MessageFilter() : sender_(NULL) { }
47
GetModalDialogEvent(int render_view_id)48 base::WaitableEvent* GetModalDialogEvent(int render_view_id) {
49 base::AutoLock auto_lock(modal_dialog_event_map_lock_);
50 if (!modal_dialog_event_map_.count(render_view_id)) {
51 NOTREACHED();
52 return NULL;
53 }
54
55 return modal_dialog_event_map_[render_view_id].event;
56 }
57
58 // Decrement the ref count associated with the modal dialog event for the
59 // given tab.
ReleaseModalDialogEvent(int render_view_id)60 void ReleaseModalDialogEvent(int render_view_id) {
61 base::AutoLock auto_lock(modal_dialog_event_map_lock_);
62 if (!modal_dialog_event_map_.count(render_view_id)) {
63 NOTREACHED();
64 return;
65 }
66
67 if (--(modal_dialog_event_map_[render_view_id].refcount))
68 return;
69
70 // Delete the event when the stack unwinds as it could be in use now.
71 base::MessageLoop::current()->DeleteSoon(
72 FROM_HERE, modal_dialog_event_map_[render_view_id].event);
73 modal_dialog_event_map_.erase(render_view_id);
74 }
75
Send(IPC::Message * message)76 bool Send(IPC::Message* message) {
77 // Need this function for the IPC_MESSAGE_HANDLER_DELAY_REPLY macro.
78 return sender_->Send(message);
79 }
80
81 // IPC::MessageFilter:
OnFilterAdded(IPC::Sender * sender)82 virtual void OnFilterAdded(IPC::Sender* sender) OVERRIDE {
83 sender_ = sender;
84 }
85
OnMessageReceived(const IPC::Message & message)86 virtual bool OnMessageReceived(const IPC::Message& message) OVERRIDE {
87 IPC_BEGIN_MESSAGE_MAP(PluginChannel::MessageFilter, message)
88 IPC_MESSAGE_HANDLER_DELAY_REPLY(PluginMsg_Init, OnInit)
89 IPC_MESSAGE_HANDLER(PluginMsg_SignalModalDialogEvent,
90 OnSignalModalDialogEvent)
91 IPC_MESSAGE_HANDLER(PluginMsg_ResetModalDialogEvent,
92 OnResetModalDialogEvent)
93 IPC_END_MESSAGE_MAP()
94 return message.type() == PluginMsg_SignalModalDialogEvent::ID ||
95 message.type() == PluginMsg_ResetModalDialogEvent::ID;
96 }
97
98 protected:
~MessageFilter()99 virtual ~MessageFilter() {
100 // Clean up in case of renderer crash.
101 for (ModalDialogEventMap::iterator i = modal_dialog_event_map_.begin();
102 i != modal_dialog_event_map_.end(); ++i) {
103 delete i->second.event;
104 }
105 }
106
107 private:
OnInit(const PluginMsg_Init_Params & params,IPC::Message * reply_msg)108 void OnInit(const PluginMsg_Init_Params& params, IPC::Message* reply_msg) {
109 base::AutoLock auto_lock(modal_dialog_event_map_lock_);
110 if (modal_dialog_event_map_.count(params.host_render_view_routing_id)) {
111 modal_dialog_event_map_[params.host_render_view_routing_id].refcount++;
112 return;
113 }
114
115 WaitableEventWrapper wrapper;
116 wrapper.event = new base::WaitableEvent(true, false);
117 wrapper.refcount = 1;
118 modal_dialog_event_map_[params.host_render_view_routing_id] = wrapper;
119 }
120
OnSignalModalDialogEvent(int render_view_id)121 void OnSignalModalDialogEvent(int render_view_id) {
122 base::AutoLock auto_lock(modal_dialog_event_map_lock_);
123 if (modal_dialog_event_map_.count(render_view_id))
124 modal_dialog_event_map_[render_view_id].event->Signal();
125 }
126
OnResetModalDialogEvent(int render_view_id)127 void OnResetModalDialogEvent(int render_view_id) {
128 base::AutoLock auto_lock(modal_dialog_event_map_lock_);
129 if (modal_dialog_event_map_.count(render_view_id))
130 modal_dialog_event_map_[render_view_id].event->Reset();
131 }
132
133 struct WaitableEventWrapper {
134 base::WaitableEvent* event;
135 int refcount; // There could be multiple plugin instances per tab.
136 };
137 typedef std::map<int, WaitableEventWrapper> ModalDialogEventMap;
138 ModalDialogEventMap modal_dialog_event_map_;
139 base::Lock modal_dialog_event_map_lock_;
140
141 IPC::Sender* sender_;
142 };
143
GetPluginChannel(int renderer_id,base::MessageLoopProxy * ipc_message_loop)144 PluginChannel* PluginChannel::GetPluginChannel(
145 int renderer_id, base::MessageLoopProxy* ipc_message_loop) {
146 // Map renderer ID to a (single) channel to that process.
147 std::string channel_key = base::StringPrintf(
148 "%d.r%d", base::GetCurrentProcId(), renderer_id);
149
150 PluginChannel* channel =
151 static_cast<PluginChannel*>(NPChannelBase::GetChannel(
152 channel_key,
153 IPC::Channel::MODE_SERVER,
154 ClassFactory,
155 ipc_message_loop,
156 false,
157 ChildProcess::current()->GetShutDownEvent()));
158
159 if (channel)
160 channel->renderer_id_ = renderer_id;
161
162 return channel;
163 }
164
165 // static
NotifyRenderersOfPendingShutdown()166 void PluginChannel::NotifyRenderersOfPendingShutdown() {
167 Broadcast(new PluginHostMsg_PluginShuttingDown());
168 }
169
Send(IPC::Message * msg)170 bool PluginChannel::Send(IPC::Message* msg) {
171 in_send_++;
172 if (log_messages_) {
173 VLOG(1) << "sending message @" << msg << " on channel @" << this
174 << " with type " << msg->type();
175 }
176 bool result = NPChannelBase::Send(msg);
177 in_send_--;
178 return result;
179 }
180
OnMessageReceived(const IPC::Message & msg)181 bool PluginChannel::OnMessageReceived(const IPC::Message& msg) {
182 if (log_messages_) {
183 VLOG(1) << "received message @" << &msg << " on channel @" << this
184 << " with type " << msg.type();
185 }
186 return NPChannelBase::OnMessageReceived(msg);
187 }
188
OnChannelError()189 void PluginChannel::OnChannelError() {
190 NPChannelBase::OnChannelError();
191 CleanUp();
192 }
193
GenerateRouteID()194 int PluginChannel::GenerateRouteID() {
195 static int last_id = 0;
196 return ++last_id;
197 }
198
GetModalDialogEvent(int render_view_id)199 base::WaitableEvent* PluginChannel::GetModalDialogEvent(int render_view_id) {
200 return filter_->GetModalDialogEvent(render_view_id);
201 }
202
~PluginChannel()203 PluginChannel::~PluginChannel() {
204 PluginThread::current()->Send(new PluginProcessHostMsg_ChannelDestroyed(
205 renderer_id_));
206 process_ref_.ReleaseWithDelay(
207 base::TimeDelta::FromMinutes(kPluginReleaseTimeMinutes));
208 }
209
CleanUp()210 void PluginChannel::CleanUp() {
211 // We need to clean up the stubs so that they call NPPDestroy. This will
212 // also lead to them releasing their reference on this object so that it can
213 // be deleted.
214 for (size_t i = 0; i < plugin_stubs_.size(); ++i)
215 RemoveRoute(plugin_stubs_[i]->instance_id());
216
217 // Need to addref this object temporarily because otherwise removing the last
218 // stub will cause the destructor of this object to be called, however at
219 // that point plugin_stubs_ will have one element and its destructor will be
220 // called twice.
221 scoped_refptr<PluginChannel> me(this);
222
223 while (!plugin_stubs_.empty()) {
224 // Separate vector::erase and ~WebPluginDelegateStub.
225 // See https://code.google.com/p/chromium/issues/detail?id=314088
226 scoped_refptr<WebPluginDelegateStub> stub = plugin_stubs_[0];
227 plugin_stubs_.erase(plugin_stubs_.begin());
228 }
229 }
230
Init(base::MessageLoopProxy * ipc_message_loop,bool create_pipe_now,base::WaitableEvent * shutdown_event)231 bool PluginChannel::Init(base::MessageLoopProxy* ipc_message_loop,
232 bool create_pipe_now,
233 base::WaitableEvent* shutdown_event) {
234 if (!NPChannelBase::Init(ipc_message_loop, create_pipe_now, shutdown_event))
235 return false;
236
237 channel_->AddFilter(filter_.get());
238 return true;
239 }
240
PluginChannel()241 PluginChannel::PluginChannel()
242 : renderer_id_(-1),
243 in_send_(0),
244 incognito_(false),
245 filter_(new MessageFilter()),
246 npp_(new struct _NPP) {
247 set_send_unblocking_only_during_unblock_dispatch();
248 const CommandLine* command_line = CommandLine::ForCurrentProcess();
249 log_messages_ = command_line->HasSwitch(switches::kLogPluginMessages);
250
251 // Register |npp_| as the default owner for any object we receive via IPC,
252 // and register it with WebBindings as a valid owner.
253 SetDefaultNPObjectOwner(npp_.get());
254 WebBindings::registerObjectOwner(npp_.get());
255 }
256
OnControlMessageReceived(const IPC::Message & msg)257 bool PluginChannel::OnControlMessageReceived(const IPC::Message& msg) {
258 bool handled = true;
259 IPC_BEGIN_MESSAGE_MAP(PluginChannel, msg)
260 IPC_MESSAGE_HANDLER(PluginMsg_CreateInstance, OnCreateInstance)
261 IPC_MESSAGE_HANDLER_DELAY_REPLY(PluginMsg_DestroyInstance,
262 OnDestroyInstance)
263 IPC_MESSAGE_HANDLER(PluginMsg_GenerateRouteID, OnGenerateRouteID)
264 IPC_MESSAGE_HANDLER(PluginProcessMsg_ClearSiteData, OnClearSiteData)
265 IPC_MESSAGE_HANDLER(PluginHostMsg_DidAbortLoading, OnDidAbortLoading)
266 IPC_MESSAGE_UNHANDLED(handled = false)
267 IPC_END_MESSAGE_MAP()
268 DCHECK(handled);
269 return handled;
270 }
271
OnCreateInstance(const std::string & mime_type,int * instance_id)272 void PluginChannel::OnCreateInstance(const std::string& mime_type,
273 int* instance_id) {
274 *instance_id = GenerateRouteID();
275 scoped_refptr<WebPluginDelegateStub> stub(new WebPluginDelegateStub(
276 mime_type, *instance_id, this));
277 AddRoute(*instance_id, stub.get(), NULL);
278 plugin_stubs_.push_back(stub);
279 }
280
OnDestroyInstance(int instance_id,IPC::Message * reply_msg)281 void PluginChannel::OnDestroyInstance(int instance_id,
282 IPC::Message* reply_msg) {
283 for (size_t i = 0; i < plugin_stubs_.size(); ++i) {
284 if (plugin_stubs_[i]->instance_id() == instance_id) {
285 scoped_refptr<MessageFilter> filter(filter_);
286 int render_view_id =
287 plugin_stubs_[i]->webplugin()->host_render_view_routing_id();
288 // Separate vector::erase and ~WebPluginDelegateStub.
289 // See https://code.google.com/p/chromium/issues/detail?id=314088
290 scoped_refptr<WebPluginDelegateStub> stub = plugin_stubs_[i];
291 plugin_stubs_.erase(plugin_stubs_.begin() + i);
292 stub = NULL;
293
294 Send(reply_msg);
295 RemoveRoute(instance_id);
296 // NOTE: *this* might be deleted as a result of calling RemoveRoute.
297 // Don't release the modal dialog event right away, but do it after the
298 // stack unwinds since the plugin can be destroyed later if it's in use
299 // right now.
300 base::MessageLoop::current()->PostNonNestableTask(
301 FROM_HERE,
302 base::Bind(&MessageFilter::ReleaseModalDialogEvent,
303 filter.get(),
304 render_view_id));
305 return;
306 }
307 }
308
309 NOTREACHED() << "Couldn't find WebPluginDelegateStub to destroy";
310 }
311
OnGenerateRouteID(int * route_id)312 void PluginChannel::OnGenerateRouteID(int* route_id) {
313 *route_id = GenerateRouteID();
314 }
315
OnClearSiteData(const std::string & site,uint64 flags,uint64 max_age)316 void PluginChannel::OnClearSiteData(const std::string& site,
317 uint64 flags,
318 uint64 max_age) {
319 bool success = false;
320 CommandLine* command_line = CommandLine::ForCurrentProcess();
321 base::FilePath path = command_line->GetSwitchValuePath(switches::kPluginPath);
322 scoped_refptr<PluginLib> plugin_lib(PluginLib::CreatePluginLib(path));
323 if (plugin_lib.get()) {
324 NPError err = plugin_lib->NP_Initialize();
325 if (err == NPERR_NO_ERROR) {
326 const char* site_str = site.empty() ? NULL : site.c_str();
327 err = plugin_lib->NP_ClearSiteData(site_str, flags, max_age);
328 std::string site_name =
329 site.empty() ? "NULL"
330 : base::StringPrintf("\"%s\"", site_str);
331 VLOG(1) << "NPP_ClearSiteData(" << site_name << ", " << flags << ", "
332 << max_age << ") returned " << err;
333 success = (err == NPERR_NO_ERROR);
334 }
335 }
336 Send(new PluginProcessHostMsg_ClearSiteDataResult(success));
337 }
338
OnDidAbortLoading(int render_view_id)339 void PluginChannel::OnDidAbortLoading(int render_view_id) {
340 for (size_t i = 0; i < plugin_stubs_.size(); ++i) {
341 if (plugin_stubs_[i]->webplugin()->host_render_view_routing_id() ==
342 render_view_id) {
343 plugin_stubs_[i]->delegate()->instance()->CloseStreams();
344 }
345 }
346 }
347
348 } // namespace content
349