[Fuchsia] Provide helpers for safely transferring feature-specific startup handles to child processes |
||
Issue descriptionWe currently pass startup-handles for Chromium features (e.g. Mojo, FieldTrials, etc) by adding them under the ProcessArgs PA_USER0 "type", with manually-allocated integer identifiers. We have two main use-cases for passing handles at process startup: - Well-known: Features like //base FieldTrialList could be configured via a well-known identifier (e.g under POSIX we use an embedder-defined GlobalDescriptors::Key and under MacOS we request the shared-memory handle from a Mach service in the parent process). - Dynamic: Features like Mojo need to allow an arbitrary number of channels to be passed to the child, and already implement a mechanism for identifying those handles in command-line parameters; we just need a way to generate a guaranteed-unique Id for Mojo to serialize into the command-line. In practice the FieldTrialList can use the same dynamic-Id mechanism as Mojo, to avoid clashes, but other features may still benefit from being able to pass handles via a well-known path in the child namespace instead. Work items: 1. Update base::LaunchProcess() to explicitly carve-out PA_USER0 for use by the embedding application. 2. Provide a LaunchOptions helper that adds a handle under the next available PA_USER1 identifier, and returns it for the caller to serialize to the child somehow. 3. [When arbitrary handles can be bound into the FDIO namespace] Provide a helper to manage a well-known handle namespace.
,
Dec 1
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/35e50b5d8e2306fd1f2da6e80bcc4b0f60fa5ed4 commit 35e50b5d8e2306fd1f2da6e80bcc4b0f60fa5ed4 Author: Wez <wez@chromium.org> Date: Sat Dec 01 01:52:44 2018 [Fuchsia] Move allocation of PA_HND identifiers into LaunchOptions. Mojo's PlatformChannel implemented its own mechanism to allocate PA_HND identifiers, and used the PA_USER0 namespace. Separately we had some callers expecting to use statically-defined PA_USER0 identifiers to pass application-specific handles, creating potential for clashes. For features like base::FieldTrialList we also need a mechanism to pass a handle to a child process at startup, for which we'd ideally have a well-known path location in the FDIO namespace supplied to the child. Since FDIO namespaces do not yet support non-file/directory handles, we need a safe way to allocate an id that the FieldTrial implementation can pass via the command-line, similarly to Mojo. We add an AddHandleToTransfer() helper that appends a handle to a handles-to-transfer vector with a unique id, and returns the id, and add comments to clarify that PA_USER1 is used for these ids, leaving PA_USER0 (and others) free for application use. Bug: 909851 Change-Id: If9b8ffaf98155f72cc7a52e5ef0c51ef19048d66 Reviewed-on: https://chromium-review.googlesource.com/c/1354398 Reviewed-by: Kevin Marshall <kmarshall@chromium.org> Reviewed-by: Sergey Ulanov <sergeyu@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#612899} [modify] https://crrev.com/35e50b5d8e2306fd1f2da6e80bcc4b0f60fa5ed4/base/process/launch.h [modify] https://crrev.com/35e50b5d8e2306fd1f2da6e80bcc4b0f60fa5ed4/base/process/launch_fuchsia.cc [modify] https://crrev.com/35e50b5d8e2306fd1f2da6e80bcc4b0f60fa5ed4/mojo/public/cpp/platform/platform_channel.cc
,
Jan 9
Blocked on FDIO support for handles in the namespace. |
||
►
Sign in to add a comment |
||
Comment 1 by w...@chromium.org
, Nov 28