xref: /kernel/object/include/object/channel_dispatcher.h

// Copyright 2016 The Fuchsia Authors
//
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file or at
// https://opensource.org/licenses/MIT

#pragma once

#include <stdint.h>

#include <kernel/event.h>
#include <object/dispatcher.h>
#include <object/message_packet.h>

#include <zircon/rights.h>
#include <zircon/types.h>

#include <fbl/canary.h>
#include <fbl/intrusive_double_list.h>
#include <fbl/mutex.h>
#include <fbl/ref_counted.h>
#include <ktl/unique_ptr.h>

class ChannelDispatcher final :
    public PeeredDispatcher<ChannelDispatcher, ZX_DEFAULT_CHANNEL_RIGHTS> {
public:
    class MessageWaiter;

    static zx_status_t Create(fbl::RefPtr<Dispatcher>* dispatcher0,
                              fbl::RefPtr<Dispatcher>* dispatcher1, zx_rights_t* rights);

    ~ChannelDispatcher() final;
    zx_obj_type_t get_type() const final { return ZX_OBJ_TYPE_CHANNEL; }
    zx_status_t add_observer(StateObserver* observer) final;

    // Read from this endpoint's message queue.
    // |msg_size| and |msg_handle_count| are in-out parameters. As input, they specify the maximum
    // size and handle count, respectively. On ZX_OK or ZX_ERR_BUFFER_TOO_SMALL, they specify the
    // actual size and handle count of the next message. The next message is returned in |*msg| on
    // ZX_OK and also on ZX_ERR_BUFFER_TOO_SMALL when |may_discard| is set.
    zx_status_t Read(zx_koid_t owner,
                     uint32_t* msg_size,
                     uint32_t* msg_handle_count,
                     MessagePacketPtr* msg,
                     bool may_disard);

    // Write to the opposing endpoint's message queue. |owner| is the process attempting to
    // write to the channel, or ZX_KOID_INVALID if kernel is doing it. If |owner| does not
    // match what was last set by Dispatcher::set_owner() the call will fail.
    zx_status_t Write(zx_koid_t owner,
                      MessagePacketPtr msg) TA_NO_THREAD_SAFETY_ANALYSIS;

    // Perform a transacted Write + Read. |owner| is the process attempting to write
    // to the channel, or ZX_KOID_INVALID if kernel is doing it. If |owner| does not
    // match what was last set by Dispatcher::set_owner() the call will fail.
    zx_status_t Call(zx_koid_t owner,
                     MessagePacketPtr msg,
                     zx_time_t deadline,
                     MessagePacketPtr* reply) TA_NO_THREAD_SAFETY_ANALYSIS;

    // Performs the wait-then-read half of Call.  This is meant for retrying
    // after an interruption caused by suspending.
    zx_status_t ResumeInterruptedCall(MessageWaiter* waiter, zx_time_t deadline, TimerSlack slack,
                                      MessagePacketPtr* reply);

    // MessageWaiter's state is guarded by the lock of the
    // owning ChannelDispatcher, and Deliver(), Signal(), Cancel(),
    // and EndWait() methods must only be called under
    // that lock.
    //
    // MessageWaiters are embedded in ThreadDispatchers, and the channel_ pointer
    // can only be manipulated by their thread (via BeginWait() or EndWait()), and
    // only transitions to nullptr while holding the ChannelDispatcher's lock.
    //
    // See also: comments in ChannelDispatcher::Call()
    class MessageWaiter : public fbl::DoublyLinkedListable<MessageWaiter*> {
    public:
        MessageWaiter() : txid_(0), status_(ZX_ERR_BAD_STATE) {
        }

        ~MessageWaiter();

        zx_status_t BeginWait(fbl::RefPtr<ChannelDispatcher> channel);
        void Deliver(MessagePacketPtr msg);
        void Cancel(zx_status_t status);
        fbl::RefPtr<ChannelDispatcher> get_channel() { return channel_; }
        zx_txid_t get_txid() const { return txid_; }
        void set_txid(zx_txid_t txid) { txid_ = txid; };
        zx_status_t Wait(zx_time_t deadline, TimerSlack slack);
        // Returns any delivered message via out and the status.
        zx_status_t EndWait(MessagePacketPtr* out);

    private:
        fbl::RefPtr<ChannelDispatcher> channel_;
        MessagePacketPtr msg_;
        // TODO(teisenbe/swetland): Investigate hoisting this outside to reduce
        // userthread size
        Event event_;
        zx_txid_t txid_;
        zx_status_t status_;
    };

    // PeeredDispatcher implementation.
    void on_zero_handles_locked() TA_REQ(get_lock());
    void OnPeerZeroHandlesLocked() TA_REQ(get_lock());

    void set_owner(zx_koid_t new_owner) final;

private:
    using MessageList = fbl::DoublyLinkedList<MessagePacketPtr>;
    using WaiterList = fbl::DoublyLinkedList<MessageWaiter*>;

    void RemoveWaiter(MessageWaiter* waiter);

    explicit ChannelDispatcher(fbl::RefPtr<PeerHolder<ChannelDispatcher>> holder);
    void Init(fbl::RefPtr<ChannelDispatcher> other);
    void WriteSelf(MessagePacketPtr msg) TA_REQ(get_lock());
    zx_status_t UserSignalSelf(uint32_t clear_mask, uint32_t set_mask) TA_REQ(get_lock());

    fbl::Canary<fbl::magic("CHAN")> canary_;

    MessageList messages_ TA_GUARDED(get_lock());
    uint64_t message_count_ TA_GUARDED(get_lock()) = 0;
    uint64_t max_message_count_ TA_GUARDED(get_lock()) = 0;
    // Tracks the process that is allowed to issue calls, for example write
    // to the opposite end. Without it, one can see writes out of order with
    // respect of the previous and current owner. We avoid locking and updating
    // the |owner_| if the new owner is kernel, which happens when the endpoint
    // is written into a channel or during process destruction.
    zx_koid_t owner_ TA_GUARDED(get_lock()) = ZX_KOID_INVALID;

    uint32_t txid_ TA_GUARDED(get_lock()) = 0;
    WaiterList waiters_ TA_GUARDED(get_lock());
};