1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SRC_IPC_BUFFERED_FRAME_DESERIALIZER_H_
18 #define SRC_IPC_BUFFERED_FRAME_DESERIALIZER_H_
19 
20 #include <stddef.h>
21 
22 #include <list>
23 #include <memory>
24 
25 #include "perfetto/ext/base/paged_memory.h"
26 #include "perfetto/ext/base/utils.h"
27 #include "perfetto/ext/ipc/basic_types.h"
28 
29 namespace perfetto {
30 
31 namespace protos {
32 namespace gen {
33 class IPCFrame;
34 }  // namespace gen
35 }  // namespace protos
36 
37 namespace ipc {
38 
39 using Frame = ::perfetto::protos::gen::IPCFrame;
40 
41 // Deserializes incoming frames, taking care of buffering and tokenization.
42 // Used by both host and client to decode incoming frames.
43 //
44 // Which problem does it solve?
45 // ----------------------------
46 // The wire protocol is as follows:
47 // [32-bit frame size][proto-encoded Frame], e.g:
48 // [06 00 00 00][00 11 22 33 44 55 66]
49 // [02 00 00 00][AA BB]
50 // [04 00 00 00][CC DD EE FF]
51 // However, given that the socket works in SOCK_STREAM mode, the recv() calls
52 // might see the following:
53 // 06 00 00
54 // 00 00 11 22 33 44 55
55 // 66 02 00 00 00 ...
56 // This class takes care of buffering efficiently the data received, without
57 // making any assumption on how the incoming data will be chunked by the socket.
58 // For instance, it is possible that a recv() doesn't produce any frame (because
59 // it received only a part of the frame) or produces more than one frame.
60 //
61 // Usage
62 // -----
63 // Both host and client use this as follows:
64 //
65 // auto buf = rpc_frame_decoder.BeginReceive();
66 // size_t rsize = socket.recv(buf.first, buf.second);
67 // rpc_frame_decoder.EndReceive(rsize);
68 // while (Frame frame = rpc_frame_decoder.PopNextFrame()) {
69 //   ... process |frame|
70 // }
71 //
72 // Design goals:
73 // -------------
74 // - Optimize for the realistic case of each recv() receiving one or more
75 //   whole frames. In this case no memmove is performed.
76 // - Guarantee that frames lay in a virtually contiguous memory area.
77 //   This allows to use the protobuf-lite deserialization API (scattered
78 //   deserialization is supported only by libprotobuf-full).
79 // - Put a hard boundary to the size of the incoming buffer. This is to prevent
80 //   that a malicious sends an abnormally large frame and OOMs us.
81 // - Simplicity: just use a linear mmap region. No reallocations or scattering.
82 //   Takes care of madvise()-ing unused memory.
83 
84 class BufferedFrameDeserializer {
85  public:
86   struct ReceiveBuffer {
87     char* data;
88     size_t size;
89   };
90 
91   // |max_capacity| is overridable only for tests.
92   explicit BufferedFrameDeserializer(size_t max_capacity = kIPCBufferSize);
93   ~BufferedFrameDeserializer();
94 
95   // This function doesn't really belong here as it does Serialization, unlike
96   // the rest of this class. However it is so small and has so many dependencies
97   // in common that doesn't justify having its own class.
98   static std::string Serialize(const Frame&);
99 
100   // Returns a buffer that can be passed to recv(). The buffer is deliberately
101   // not initialized.
102   ReceiveBuffer BeginReceive();
103 
104   // Must be called soon after BeginReceive().
105   // |recv_size| is the number of valid bytes that have been written into the
106   // buffer previously returned by BeginReceive() (the return value of recv()).
107   // Returns false if a header > |max_capacity| is received, in which case the
108   // caller is expected to shutdown the socket and terminate the ipc.
109   bool EndReceive(size_t recv_size) PERFETTO_WARN_UNUSED_RESULT;
110 
111   // Decodes and returns the next decoded frame in the buffer if any, nullptr
112   // if no further frames have been decoded.
113   std::unique_ptr<Frame> PopNextFrame();
114 
capacity()115   size_t capacity() const { return capacity_; }
size()116   size_t size() const { return size_; }
117 
118  private:
119   BufferedFrameDeserializer(const BufferedFrameDeserializer&) = delete;
120   BufferedFrameDeserializer& operator=(const BufferedFrameDeserializer&) =
121       delete;
122 
123   // If a valid frame is decoded it is added to |decoded_frames_|.
124   void DecodeFrame(const char*, size_t);
125 
buf()126   char* buf() { return reinterpret_cast<char*>(buf_.Get()); }
127 
128   base::PagedMemory buf_;
129   const size_t capacity_ = 0;  // sizeof(|buf_|).
130 
131   // THe number of bytes in |buf_| that contain valid data (as a result of
132   // EndReceive()). This is always <= |capacity_|.
133   size_t size_ = 0;
134 
135   std::list<std::unique_ptr<Frame>> decoded_frames_;
136 };
137 
138 }  // namespace ipc
139 }  // namespace perfetto
140 
141 #endif  // SRC_IPC_BUFFERED_FRAME_DESERIALIZER_H_
142