Use RecvMsgWithPid to find real PID for zygote children

components/nacl/loader/nacl_helper_linux.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // A mini-zygote specifically for Native Client.
 
 #include "components/nacl/loader/nacl_helper_linux.h"
 
 #include <errno.h>
 #include <fcntl.h>
@@ skipping 96 matching lines @@
   listener.Listen();
   _exit(0);
 }
 
 // Start the NaCl loader in a child created by the NaCl loader Zygote.
 void ChildNaClLoaderInit(ScopedVector<base::ScopedFD> child_fds,
                          const NaClLoaderSystemInfo& system_info,
                          bool uses_nonsfi_mode,
                          nacl::NaClSandbox* nacl_sandbox,
                          const std::string& channel_id) {
-  bool validack = false;
-  base::ProcessId real_pid;
-  // Wait until the parent process has discovered our PID.  We
-  // should not fork any child processes (which the seccomp
-  // sandbox does) until then, because that can interfere with the
-  // parent's discovery of our PID.
-  const ssize_t nread = HANDLE_EINTR(
-      read(child_fds[content::ZygoteForkDelegate::kParentFDIndex]->get(),
-           &real_pid,
-           sizeof(real_pid)));
-  if (static_cast<size_t>(nread) == sizeof(real_pid)) {
-    // Make sure the parent didn't accidentally send us our real PID.
-    // We don't want it to be discoverable anywhere in our address space
-    // when we start running untrusted code.
-    CHECK(real_pid == 0);
+  // Ping the PID oracle socket.
+  CHECK(UnixDomainSocket::SendMsg(
+      child_fds[content::ZygoteForkDelegate::kPIDOracleFDIndex]->get(),
+      "x",

[jln (very slow on Chromium), 2014/05/02 18:25:00]

Let's make this a defined constant and check for it.

[mdempsky, 2014/05/02 20:23:09]

Yep, I just used a dummy string constant for proof-of-concept/simplicity.  I'll
fix that properly now.

[mdempsky, 2014/05/02 23:36:01]

Done.

+      1,
+      std::vector<int>()));
 
-    CommandLine::ForCurrentProcess()->AppendSwitchASCII(
-        switches::kProcessChannelID, channel_id);
-    validack = true;
-  } else {
-    if (nread < 0)
-      perror("read");
-    LOG(ERROR) << "read returned " << nread;
-  }
+  CommandLine::ForCurrentProcess()->AppendSwitchASCII(
+      switches::kProcessChannelID, channel_id);
 
+  // Save the browser socket and close the rest.
   base::ScopedFD browser_fd(
       child_fds[content::ZygoteForkDelegate::kBrowserFDIndex]->Pass());
   child_fds.clear();
 
-  if (validack) {
-    BecomeNaClLoader(
-        browser_fd.Pass(), system_info, uses_nonsfi_mode, nacl_sandbox);
-  } else {
-    LOG(ERROR) << "Failed to synch with zygote";
-  }
+  BecomeNaClLoader(
+      browser_fd.Pass(), system_info, uses_nonsfi_mode, nacl_sandbox);
   _exit(1);
 }
 
 // Handle a fork request from the Zygote.
 // Some of this code was lifted from
 // content/browser/zygote_main_linux.cc:ForkWithRealPid()
 bool HandleForkRequest(ScopedVector<base::ScopedFD> child_fds,
                        const NaClLoaderSystemInfo& system_info,
                        nacl::NaClSandbox* nacl_sandbox,
                        PickleIterator* input_iter,
@@ skipping 287 matching lines @@
   // Now handle requests from the Zygote.
   while (true) {
     bool request_handled = HandleZygoteRequest(
         kNaClZygoteDescriptor, system_info, nacl_sandbox.get());
     // Do not turn this into a CHECK() without thinking about robustness
     // against malicious IPC requests.
     DCHECK(request_handled);
   }
   NOTREACHED();
 }