gpu/command_buffer/service/safe_shared_memory_pool.h - platform/external/chromium_org - Git at Google

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef GPU_COMMAND_BUFFER_SERVICE_SAFE_SHARED_MEMORY_POOL_H_
 #define GPU_COMMAND_BUFFER_SERVICE_SAFE_SHARED_MEMORY_POOL_H_

 #include <map>

 #include "base/basictypes.h"
 #include "base/memory/shared_memory.h"
 #include "base/synchronization/lock.h"
 #include "build/build_config.h"

 namespace gpu {
 class SafeSharedMemoryPool;

 // These classes exist to help protect against deletion of shared
 // memory that is being used on a worker thread. It's mainly a
 // security measure to prevent use-after-free in the browser, due
 // to a misbehaving client. That said, this should be removed
 // in favor of higher-level reference counting of an appropriate
 // opaque 'memory blob' data-structure.

 class ScopedSafeSharedMemory {
  public:
   base::SharedMemory* shared_memory();
   ScopedSafeSharedMemory(SafeSharedMemoryPool* pool,
                          base::SharedMemory* memory,
                          size_t shm_size);
   ~ScopedSafeSharedMemory();
  private:
   base::SharedMemory* safe_shared_memory_;
   base::SharedMemoryHandle original_handle_;
   SafeSharedMemoryPool* pool_;

   DISALLOW_COPY_AND_ASSIGN(ScopedSafeSharedMemory);
 };

 class SafeSharedMemoryPool {
  public:
   SafeSharedMemoryPool();
   virtual ~SafeSharedMemoryPool();

  private:
   friend class ScopedSafeSharedMemory;

   // Acquires and release shared memory. The acquired shared memory
   // is guaranteed to live until it is released.
   base::SharedMemory* AcquireSafeSharedMemory(base::SharedMemory*, size_t size);
   void ReleaseSafeSharedMemory(const base::SharedMemoryHandle&);

   // Utility function to duplicate shared memory.
   base::SharedMemory* DuplicateSharedMemory(base::SharedMemory*, size_t size);

   // Track all SharedMemory's that we have already duplicated.
   struct TrackedMemory {
     base::SharedMemory* safe_shared_memory;
     size_t shm_size;
     int reference_count;
   };

   typedef std::map<base::SharedMemoryHandle, TrackedMemory> MemoryMap;
   MemoryMap memory_;

   // Track usage to diagnose crashes.
   int handles_acquired_;
   int handles_consumed_;
   size_t address_space_consumed_;
   int max_handles_acquired_;
   int max_handles_consumed_;
   size_t max_address_space_consumed_;

   base::Lock lock_;

   DISALLOW_COPY_AND_ASSIGN(SafeSharedMemoryPool);
 };

 }  // namespace gfx

 #endif  // GPU_COMMAND_BUFFER_SERVICE_SAFE_SHARED_MEMORY_POOL_H_
	// Copyright (c) 2011 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef GPU_COMMAND_BUFFER_SERVICE_SAFE_SHARED_MEMORY_POOL_H_
	#define GPU_COMMAND_BUFFER_SERVICE_SAFE_SHARED_MEMORY_POOL_H_

	#include <map>

	#include "base/basictypes.h"
	#include "base/memory/shared_memory.h"
	#include "base/synchronization/lock.h"
	#include "build/build_config.h"

	namespace gpu {
	class SafeSharedMemoryPool;

	// These classes exist to help protect against deletion of shared
	// memory that is being used on a worker thread. It's mainly a
	// security measure to prevent use-after-free in the browser, due
	// to a misbehaving client. That said, this should be removed
	// in favor of higher-level reference counting of an appropriate
	// opaque 'memory blob' data-structure.

	class ScopedSafeSharedMemory {
	public:
	base::SharedMemory* shared_memory();
	ScopedSafeSharedMemory(SafeSharedMemoryPool* pool,
	base::SharedMemory* memory,
	size_t shm_size);
	~ScopedSafeSharedMemory();
	private:
	base::SharedMemory* safe_shared_memory_;
	base::SharedMemoryHandle original_handle_;
	SafeSharedMemoryPool* pool_;

	DISALLOW_COPY_AND_ASSIGN(ScopedSafeSharedMemory);
	};

	class SafeSharedMemoryPool {
	public:
	SafeSharedMemoryPool();
	virtual ~SafeSharedMemoryPool();

	private:
	friend class ScopedSafeSharedMemory;

	// Acquires and release shared memory. The acquired shared memory
	// is guaranteed to live until it is released.
	base::SharedMemory* AcquireSafeSharedMemory(base::SharedMemory*, size_t size);
	void ReleaseSafeSharedMemory(const base::SharedMemoryHandle&);

	// Utility function to duplicate shared memory.
	base::SharedMemory* DuplicateSharedMemory(base::SharedMemory*, size_t size);

	// Track all SharedMemory's that we have already duplicated.
	struct TrackedMemory {
	base::SharedMemory* safe_shared_memory;
	size_t shm_size;
	int reference_count;
	};

	typedef std::map<base::SharedMemoryHandle, TrackedMemory> MemoryMap;
	MemoryMap memory_;

	// Track usage to diagnose crashes.
	int handles_acquired_;
	int handles_consumed_;
	size_t address_space_consumed_;
	int max_handles_acquired_;
	int max_handles_consumed_;
	size_t max_address_space_consumed_;

	base::Lock lock_;

	DISALLOW_COPY_AND_ASSIGN(SafeSharedMemoryPool);
	};

	} // namespace gfx

	#endif // GPU_COMMAND_BUFFER_SERVICE_SAFE_SHARED_MEMORY_POOL_H_