1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/posix/unix_domain_socket_linux.h"
6
7 #include <errno.h>
8 #include <sys/socket.h>
9 #include <unistd.h>
10
11 #include <vector>
12
13 #include "base/files/scoped_file.h"
14 #include "base/logging.h"
15 #include "base/pickle.h"
16 #include "base/posix/eintr_wrapper.h"
17 #include "base/stl_util.h"
18 #include "build/build_config.h"
19
20 #if !defined(OS_NACL_NONSFI)
21 #include <sys/uio.h>
22 #endif
23
24 namespace base {
25
26 const size_t UnixDomainSocket::kMaxFileDescriptors = 16;
27
28 #if !defined(OS_NACL_NONSFI)
29 // Creates a connected pair of UNIX-domain SOCK_SEQPACKET sockets, and passes
30 // ownership of the newly allocated file descriptors to |one| and |two|.
31 // Returns true on success.
CreateSocketPair(ScopedFD * one,ScopedFD * two)32 static bool CreateSocketPair(ScopedFD* one, ScopedFD* two) {
33 int raw_socks[2];
34 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, raw_socks) == -1)
35 return false;
36 one->reset(raw_socks[0]);
37 two->reset(raw_socks[1]);
38 return true;
39 }
40
41 // static
EnableReceiveProcessId(int fd)42 bool UnixDomainSocket::EnableReceiveProcessId(int fd) {
43 const int enable = 1;
44 return setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable)) == 0;
45 }
46 #endif // !defined(OS_NACL_NONSFI)
47
48 // static
SendMsg(int fd,const void * buf,size_t length,const std::vector<int> & fds)49 bool UnixDomainSocket::SendMsg(int fd,
50 const void* buf,
51 size_t length,
52 const std::vector<int>& fds) {
53 struct msghdr msg = {};
54 struct iovec iov = { const_cast<void*>(buf), length };
55 msg.msg_iov = &iov;
56 msg.msg_iovlen = 1;
57
58 char* control_buffer = NULL;
59 if (fds.size()) {
60 const unsigned control_len = CMSG_SPACE(sizeof(int) * fds.size());
61 control_buffer = new char[control_len];
62
63 struct cmsghdr* cmsg;
64 msg.msg_control = control_buffer;
65 msg.msg_controllen = control_len;
66 cmsg = CMSG_FIRSTHDR(&msg);
67 cmsg->cmsg_level = SOL_SOCKET;
68 cmsg->cmsg_type = SCM_RIGHTS;
69 cmsg->cmsg_len = CMSG_LEN(sizeof(int) * fds.size());
70 memcpy(CMSG_DATA(cmsg), &fds[0], sizeof(int) * fds.size());
71 msg.msg_controllen = cmsg->cmsg_len;
72 }
73
74 // Avoid a SIGPIPE if the other end breaks the connection.
75 // Due to a bug in the Linux kernel (net/unix/af_unix.c) MSG_NOSIGNAL isn't
76 // regarded for SOCK_SEQPACKET in the AF_UNIX domain, but it is mandated by
77 // POSIX.
78 const int flags = MSG_NOSIGNAL;
79 const ssize_t r = HANDLE_EINTR(sendmsg(fd, &msg, flags));
80 const bool ret = static_cast<ssize_t>(length) == r;
81 delete[] control_buffer;
82 return ret;
83 }
84
85 // static
RecvMsg(int fd,void * buf,size_t length,std::vector<ScopedFD> * fds)86 ssize_t UnixDomainSocket::RecvMsg(int fd,
87 void* buf,
88 size_t length,
89 std::vector<ScopedFD>* fds) {
90 return UnixDomainSocket::RecvMsgWithPid(fd, buf, length, fds, NULL);
91 }
92
93 // static
RecvMsgWithPid(int fd,void * buf,size_t length,std::vector<ScopedFD> * fds,ProcessId * pid)94 ssize_t UnixDomainSocket::RecvMsgWithPid(int fd,
95 void* buf,
96 size_t length,
97 std::vector<ScopedFD>* fds,
98 ProcessId* pid) {
99 return UnixDomainSocket::RecvMsgWithFlags(fd, buf, length, 0, fds, pid);
100 }
101
102 // static
RecvMsgWithFlags(int fd,void * buf,size_t length,int flags,std::vector<ScopedFD> * fds,ProcessId * out_pid)103 ssize_t UnixDomainSocket::RecvMsgWithFlags(int fd,
104 void* buf,
105 size_t length,
106 int flags,
107 std::vector<ScopedFD>* fds,
108 ProcessId* out_pid) {
109 fds->clear();
110
111 struct msghdr msg = {};
112 struct iovec iov = { buf, length };
113 msg.msg_iov = &iov;
114 msg.msg_iovlen = 1;
115
116 const size_t kControlBufferSize =
117 CMSG_SPACE(sizeof(int) * kMaxFileDescriptors)
118 #if !defined(OS_NACL_NONSFI)
119 // The PNaCl toolchain for Non-SFI binary build does not support ucred.
120 + CMSG_SPACE(sizeof(struct ucred))
121 #endif
122 ;
123 char control_buffer[kControlBufferSize];
124 msg.msg_control = control_buffer;
125 msg.msg_controllen = sizeof(control_buffer);
126
127 const ssize_t r = HANDLE_EINTR(recvmsg(fd, &msg, flags));
128 if (r == -1)
129 return -1;
130
131 int* wire_fds = NULL;
132 unsigned wire_fds_len = 0;
133 ProcessId pid = -1;
134
135 if (msg.msg_controllen > 0) {
136 struct cmsghdr* cmsg;
137 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
138 const unsigned payload_len = cmsg->cmsg_len - CMSG_LEN(0);
139 if (cmsg->cmsg_level == SOL_SOCKET &&
140 cmsg->cmsg_type == SCM_RIGHTS) {
141 DCHECK_EQ(payload_len % sizeof(int), 0u);
142 DCHECK_EQ(wire_fds, static_cast<void*>(nullptr));
143 wire_fds = reinterpret_cast<int*>(CMSG_DATA(cmsg));
144 wire_fds_len = payload_len / sizeof(int);
145 }
146 #if !defined(OS_NACL_NONSFI)
147 // The PNaCl toolchain for Non-SFI binary build does not support
148 // SCM_CREDENTIALS.
149 if (cmsg->cmsg_level == SOL_SOCKET &&
150 cmsg->cmsg_type == SCM_CREDENTIALS) {
151 DCHECK_EQ(payload_len, sizeof(struct ucred));
152 DCHECK_EQ(pid, -1);
153 pid = reinterpret_cast<struct ucred*>(CMSG_DATA(cmsg))->pid;
154 }
155 #endif
156 }
157 }
158
159 if (msg.msg_flags & MSG_TRUNC || msg.msg_flags & MSG_CTRUNC) {
160 for (unsigned i = 0; i < wire_fds_len; ++i)
161 close(wire_fds[i]);
162 errno = EMSGSIZE;
163 return -1;
164 }
165
166 if (wire_fds) {
167 for (unsigned i = 0; i < wire_fds_len; ++i)
168 fds->push_back(ScopedFD(wire_fds[i])); // TODO(mdempsky): emplace_back
169 }
170
171 if (out_pid) {
172 // |pid| will legitimately be -1 if we read EOF, so only DCHECK if we
173 // actually received a message. Unfortunately, Linux allows sending zero
174 // length messages, which are indistinguishable from EOF, so this check
175 // has false negatives.
176 if (r > 0 || msg.msg_controllen > 0)
177 DCHECK_GE(pid, 0);
178
179 *out_pid = pid;
180 }
181
182 return r;
183 }
184
185 #if !defined(OS_NACL_NONSFI)
186 // static
SendRecvMsg(int fd,uint8_t * reply,unsigned max_reply_len,int * result_fd,const Pickle & request)187 ssize_t UnixDomainSocket::SendRecvMsg(int fd,
188 uint8_t* reply,
189 unsigned max_reply_len,
190 int* result_fd,
191 const Pickle& request) {
192 return UnixDomainSocket::SendRecvMsgWithFlags(fd, reply, max_reply_len,
193 0, /* recvmsg_flags */
194 result_fd, request);
195 }
196
197 // static
SendRecvMsgWithFlags(int fd,uint8_t * reply,unsigned max_reply_len,int recvmsg_flags,int * result_fd,const Pickle & request)198 ssize_t UnixDomainSocket::SendRecvMsgWithFlags(int fd,
199 uint8_t* reply,
200 unsigned max_reply_len,
201 int recvmsg_flags,
202 int* result_fd,
203 const Pickle& request) {
204 // This socketpair is only used for the IPC and is cleaned up before
205 // returning.
206 ScopedFD recv_sock, send_sock;
207 if (!CreateSocketPair(&recv_sock, &send_sock))
208 return -1;
209
210 {
211 std::vector<int> send_fds;
212 send_fds.push_back(send_sock.get());
213 if (!SendMsg(fd, request.data(), request.size(), send_fds))
214 return -1;
215 }
216
217 // Close the sending end of the socket right away so that if our peer closes
218 // it before sending a response (e.g., from exiting), RecvMsgWithFlags() will
219 // return EOF instead of hanging.
220 send_sock.reset();
221
222 std::vector<ScopedFD> recv_fds;
223 // When porting to OSX keep in mind it doesn't support MSG_NOSIGNAL, so the
224 // sender might get a SIGPIPE.
225 const ssize_t reply_len = RecvMsgWithFlags(
226 recv_sock.get(), reply, max_reply_len, recvmsg_flags, &recv_fds, NULL);
227 recv_sock.reset();
228 if (reply_len == -1)
229 return -1;
230
231 // If we received more file descriptors than caller expected, then we treat
232 // that as an error.
233 if (recv_fds.size() > (result_fd != NULL ? 1 : 0)) {
234 NOTREACHED();
235 return -1;
236 }
237
238 if (result_fd)
239 *result_fd = recv_fds.empty() ? -1 : recv_fds[0].release();
240
241 return reply_len;
242 }
243 #endif // !defined(OS_NACL_NONSFI)
244
245 } // namespace base
246