1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "base/posix/unix_domain_socket_linux.h"
6 
7 #include <errno.h>
8 #include <sys/socket.h>
9 #include <unistd.h>
10 
11 #include <vector>
12 
13 #include "base/files/scoped_file.h"
14 #include "base/logging.h"
15 #include "base/pickle.h"
16 #include "base/posix/eintr_wrapper.h"
17 #include "base/stl_util.h"
18 #include "build/build_config.h"
19 
20 #if !defined(OS_NACL_NONSFI)
21 #include <sys/uio.h>
22 #endif
23 
24 namespace base {
25 
26 const size_t UnixDomainSocket::kMaxFileDescriptors = 16;
27 
28 #if !defined(OS_NACL_NONSFI)
29 // Creates a connected pair of UNIX-domain SOCK_SEQPACKET sockets, and passes
30 // ownership of the newly allocated file descriptors to |one| and |two|.
31 // Returns true on success.
CreateSocketPair(ScopedFD * one,ScopedFD * two)32 static bool CreateSocketPair(ScopedFD* one, ScopedFD* two) {
33   int raw_socks[2];
34   if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, raw_socks) == -1)
35     return false;
36   one->reset(raw_socks[0]);
37   two->reset(raw_socks[1]);
38   return true;
39 }
40 
41 // static
EnableReceiveProcessId(int fd)42 bool UnixDomainSocket::EnableReceiveProcessId(int fd) {
43   const int enable = 1;
44   return setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable)) == 0;
45 }
46 #endif  // !defined(OS_NACL_NONSFI)
47 
48 // static
SendMsg(int fd,const void * buf,size_t length,const std::vector<int> & fds)49 bool UnixDomainSocket::SendMsg(int fd,
50                                const void* buf,
51                                size_t length,
52                                const std::vector<int>& fds) {
53   struct msghdr msg;
54   memset(&msg, 0, sizeof(msg));
55   struct iovec iov = { const_cast<void*>(buf), length };
56   msg.msg_iov = &iov;
57   msg.msg_iovlen = 1;
58 
59   char* control_buffer = NULL;
60   if (fds.size()) {
61     const unsigned control_len = CMSG_SPACE(sizeof(int) * fds.size());
62     control_buffer = new char[control_len];
63 
64     struct cmsghdr* cmsg;
65     msg.msg_control = control_buffer;
66     msg.msg_controllen = control_len;
67     cmsg = CMSG_FIRSTHDR(&msg);
68     cmsg->cmsg_level = SOL_SOCKET;
69     cmsg->cmsg_type = SCM_RIGHTS;
70     cmsg->cmsg_len = CMSG_LEN(sizeof(int) * fds.size());
71     memcpy(CMSG_DATA(cmsg), &fds[0], sizeof(int) * fds.size());
72     msg.msg_controllen = cmsg->cmsg_len;
73   }
74 
75   // Avoid a SIGPIPE if the other end breaks the connection.
76   // Due to a bug in the Linux kernel (net/unix/af_unix.c) MSG_NOSIGNAL isn't
77   // regarded for SOCK_SEQPACKET in the AF_UNIX domain, but it is mandated by
78   // POSIX.
79   const int flags = MSG_NOSIGNAL;
80   const ssize_t r = HANDLE_EINTR(sendmsg(fd, &msg, flags));
81   const bool ret = static_cast<ssize_t>(length) == r;
82   delete[] control_buffer;
83   return ret;
84 }
85 
86 // static
RecvMsg(int fd,void * buf,size_t length,std::vector<ScopedFD> * fds)87 ssize_t UnixDomainSocket::RecvMsg(int fd,
88                                   void* buf,
89                                   size_t length,
90                                   std::vector<ScopedFD>* fds) {
91   return UnixDomainSocket::RecvMsgWithPid(fd, buf, length, fds, NULL);
92 }
93 
94 // static
RecvMsgWithPid(int fd,void * buf,size_t length,std::vector<ScopedFD> * fds,ProcessId * pid)95 ssize_t UnixDomainSocket::RecvMsgWithPid(int fd,
96                                          void* buf,
97                                          size_t length,
98                                          std::vector<ScopedFD>* fds,
99                                          ProcessId* pid) {
100   return UnixDomainSocket::RecvMsgWithFlags(fd, buf, length, 0, fds, pid);
101 }
102 
103 // static
RecvMsgWithFlags(int fd,void * buf,size_t length,int flags,std::vector<ScopedFD> * fds,ProcessId * out_pid)104 ssize_t UnixDomainSocket::RecvMsgWithFlags(int fd,
105                                            void* buf,
106                                            size_t length,
107                                            int flags,
108                                            std::vector<ScopedFD>* fds,
109                                            ProcessId* out_pid) {
110   fds->clear();
111 
112   struct msghdr msg;
113   memset(&msg, 0, sizeof(msg));
114   struct iovec iov = { buf, length };
115   msg.msg_iov = &iov;
116   msg.msg_iovlen = 1;
117 
118   const size_t kControlBufferSize =
119       CMSG_SPACE(sizeof(int) * kMaxFileDescriptors)
120 #if !defined(OS_NACL_NONSFI)
121       // The PNaCl toolchain for Non-SFI binary build does not support ucred.
122       + CMSG_SPACE(sizeof(struct ucred))
123 #endif
124       ;
125   char control_buffer[kControlBufferSize];
126   msg.msg_control = control_buffer;
127   msg.msg_controllen = sizeof(control_buffer);
128 
129   const ssize_t r = HANDLE_EINTR(recvmsg(fd, &msg, flags));
130   if (r == -1)
131     return -1;
132 
133   int* wire_fds = NULL;
134   unsigned wire_fds_len = 0;
135   ProcessId pid = -1;
136 
137   if (msg.msg_controllen > 0) {
138     struct cmsghdr* cmsg;
139     for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
140       const unsigned payload_len = cmsg->cmsg_len - CMSG_LEN(0);
141       if (cmsg->cmsg_level == SOL_SOCKET &&
142           cmsg->cmsg_type == SCM_RIGHTS) {
143         DCHECK_EQ(payload_len % sizeof(int), 0u);
144         DCHECK_EQ(wire_fds, static_cast<void*>(nullptr));
145         wire_fds = reinterpret_cast<int*>(CMSG_DATA(cmsg));
146         wire_fds_len = payload_len / sizeof(int);
147       }
148 #if !defined(OS_NACL_NONSFI)
149       // The PNaCl toolchain for Non-SFI binary build does not support
150       // SCM_CREDENTIALS.
151       if (cmsg->cmsg_level == SOL_SOCKET &&
152           cmsg->cmsg_type == SCM_CREDENTIALS) {
153         DCHECK_EQ(payload_len, sizeof(struct ucred));
154         DCHECK_EQ(pid, -1);
155         pid = reinterpret_cast<struct ucred*>(CMSG_DATA(cmsg))->pid;
156       }
157 #endif
158     }
159   }
160 
161   if (msg.msg_flags & MSG_TRUNC || msg.msg_flags & MSG_CTRUNC) {
162     for (unsigned i = 0; i < wire_fds_len; ++i)
163       close(wire_fds[i]);
164     errno = EMSGSIZE;
165     return -1;
166   }
167 
168   if (wire_fds) {
169     for (unsigned i = 0; i < wire_fds_len; ++i)
170       fds->push_back(ScopedFD(wire_fds[i]));  // TODO(mdempsky): emplace_back
171   }
172 
173   if (out_pid) {
174     // |pid| will legitimately be -1 if we read EOF, so only DCHECK if we
175     // actually received a message.  Unfortunately, Linux allows sending zero
176     // length messages, which are indistinguishable from EOF, so this check
177     // has false negatives.
178     if (r > 0 || msg.msg_controllen > 0)
179       DCHECK_GE(pid, 0);
180 
181     *out_pid = pid;
182   }
183 
184   return r;
185 }
186 
187 #if !defined(OS_NACL_NONSFI)
188 // static
SendRecvMsg(int fd,uint8_t * reply,unsigned max_reply_len,int * result_fd,const Pickle & request)189 ssize_t UnixDomainSocket::SendRecvMsg(int fd,
190                                       uint8_t* reply,
191                                       unsigned max_reply_len,
192                                       int* result_fd,
193                                       const Pickle& request) {
194   return UnixDomainSocket::SendRecvMsgWithFlags(fd, reply, max_reply_len,
195                                                 0,  /* recvmsg_flags */
196                                                 result_fd, request);
197 }
198 
199 // static
SendRecvMsgWithFlags(int fd,uint8_t * reply,unsigned max_reply_len,int recvmsg_flags,int * result_fd,const Pickle & request)200 ssize_t UnixDomainSocket::SendRecvMsgWithFlags(int fd,
201                                                uint8_t* reply,
202                                                unsigned max_reply_len,
203                                                int recvmsg_flags,
204                                                int* result_fd,
205                                                const Pickle& request) {
206   // This socketpair is only used for the IPC and is cleaned up before
207   // returning.
208   ScopedFD recv_sock, send_sock;
209   if (!CreateSocketPair(&recv_sock, &send_sock))
210     return -1;
211 
212   {
213     std::vector<int> send_fds;
214     send_fds.push_back(send_sock.get());
215     if (!SendMsg(fd, request.data(), request.size(), send_fds))
216       return -1;
217   }
218 
219   // Close the sending end of the socket right away so that if our peer closes
220   // it before sending a response (e.g., from exiting), RecvMsgWithFlags() will
221   // return EOF instead of hanging.
222   send_sock.reset();
223 
224   std::vector<ScopedFD> recv_fds;
225   // When porting to OSX keep in mind it doesn't support MSG_NOSIGNAL, so the
226   // sender might get a SIGPIPE.
227   const ssize_t reply_len = RecvMsgWithFlags(
228       recv_sock.get(), reply, max_reply_len, recvmsg_flags, &recv_fds, NULL);
229   recv_sock.reset();
230   if (reply_len == -1)
231     return -1;
232 
233   // If we received more file descriptors than caller expected, then we treat
234   // that as an error.
235   if (recv_fds.size() > (result_fd != NULL ? 1 : 0)) {
236     NOTREACHED();
237     return -1;
238   }
239 
240   if (result_fd)
241     *result_fd = recv_fds.empty() ? -1 : recv_fds[0].release();
242 
243   return reply_len;
244 }
245 #endif  // !defined(OS_NACL_NONSFI)
246 
247 }  // namespace base
248