Google Git
Sign in
chromium / chromium / src.git / 0100b7a2759c96bfa3813c0eb5f92e9683edff2e^! / . / chrome / gpu / gpu_command_buffer_stub.cc
commit0100b7a2759c96bfa3813c0eb5f92e9683edff2e[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Thu Feb 24 22:54:50 2011
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Thu Feb 24 22:54:50 2011
tree516c5b77a95bacf27a4414e75e7d8e29aaba3f3d
parentf7c6df64064e4298e45635903264fe6b2971b229 [diff] [blame]
Moved creation of GPU transfer buffers into the browser process.

Transfer buffer creation was previously done in the GPU process. This is one step required to sandbox the GPU process.

Rather than the GPU process opening a renderer process's handle by PID, which can't been done when sandboxed on Windows, the browser process passes the handle to the GPU process via the renderer process.

TEST=try
BUG=none

Review URL: http://codereview.chromium.org/6557006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75980 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/chrome/gpu/gpu_command_buffer_stub.cc b/chrome/gpu/gpu_command_buffer_stub.cc
index 7808d3b..5c369eb4 100644
--- a/chrome/gpu/gpu_command_buffer_stub.cc
+++ b/chrome/gpu/gpu_command_buffer_stub.cc

@@ -170,6 +170,8 @@
     IPC_MESSAGE_HANDLER(GpuCommandBufferMsg_AsyncFlush, OnAsyncFlush);
     IPC_MESSAGE_HANDLER(GpuCommandBufferMsg_CreateTransferBuffer,
                         OnCreateTransferBuffer);
+    IPC_MESSAGE_HANDLER(GpuCommandBufferMsg_RegisterTransferBuffer,
+                        OnRegisterTransferBuffer);
     IPC_MESSAGE_HANDLER(GpuCommandBufferMsg_DestroyTransferBuffer,
                         OnDestroyTransferBuffer);
     IPC_MESSAGE_HANDLER(GpuCommandBufferMsg_GetTransferBuffer,
@@ -235,7 +237,7 @@
 
         // Assume service is responsible for duplicating the handle from the
         // calling process.
-        buffer.shared_memory->ShareToProcess(channel_->renderer_handle(),
+        buffer.shared_memory->ShareToProcess(channel_->renderer_process(),
                                              ring_buffer);
 #if defined(OS_MACOSX)
         if (handle_) {
@@ -289,6 +291,20 @@
   *id = command_buffer_->CreateTransferBuffer(size);
 }
 
+void GpuCommandBufferStub::OnRegisterTransferBuffer(
+    base::SharedMemoryHandle transfer_buffer,
+    size_t size,
+    int32* id) {
+#if defined(OS_WIN)
+  base::SharedMemory shared_memory(transfer_buffer,
+                                   false,
+                                   channel_->renderer_process());
+#else
+  base::SharedMemory shared_memory(transfer_buffer, false);
+#endif
+  *id = command_buffer_->RegisterTransferBuffer(&shared_memory, size);
+}
+
 void GpuCommandBufferStub::OnDestroyTransferBuffer(int32 id) {
   command_buffer_->DestroyTransferBuffer(id);
 }
@@ -300,13 +316,17 @@
   *transfer_buffer = base::SharedMemoryHandle();
   *size = 0;
 
+  // Fail if the renderer process has not provided its process handle.
+  if (!channel_->renderer_process())
+    return;
+
   Buffer buffer = command_buffer_->GetTransferBuffer(id);
   if (buffer.shared_memory) {
     // Assume service is responsible for duplicating the handle to the calling
     // process.
-    buffer.shared_memory->ShareToProcess(channel_->renderer_handle(),
+    buffer.shared_memory->ShareToProcess(channel_->renderer_process(),
                                          transfer_buffer);
-    *size = buffer.shared_memory->created_size();
+    *size = buffer.size;
   }
 }