Source code

Revision control

Copy as Markdown

Other Tools

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mozilla/DebugOnly.h"
#include "WindowsMessageLoop.h"
#include "Neutering.h"
#include "MessageChannel.h"
#include "nsServiceManagerUtils.h"
#include "nsString.h"
#include "WinUtils.h"
#include "mozilla/ArrayUtils.h"
#include "mozilla/dom/JSExecutionManager.h"
#include "mozilla/gfx/Logging.h"
#include "mozilla/ipc/ProtocolUtils.h"
#include "mozilla/mscom/Utils.h"
#include "mozilla/StaticPtr.h"
#include "mozilla/UniquePtr.h"
#include "mozilla/WindowsProcessMitigations.h"
using namespace mozilla;
using namespace mozilla::ipc;
using namespace mozilla::ipc::windows;
/**
* The Windows-only code below exists to solve a general problem with deadlocks
* that we experience when sending synchronous IPC messages to processes that
* contain native windows (i.e. HWNDs). Windows (the OS) sends synchronous
* messages between parent and child HWNDs in multiple circumstances (e.g.
* WM_PARENTNOTIFY, WM_NCACTIVATE, etc.), even when those HWNDs are controlled
* by different threads or different processes. Thus we can very easily end up
* in a deadlock by a call stack like the following:
*
* Process A:
* - CreateWindow(...) creates a "parent" HWND.
* - SendCreateChildWidget(HWND) is a sync IPC message that sends the "parent"
* HWND over to Process B. Process A blocks until a response is received
* from Process B.
*
* Process B:
* - RecvCreateWidget(HWND) gets the "parent" HWND from Process A.
* - CreateWindow(..., HWND) creates a "child" HWND with the parent from
* process A.
* - Windows (the OS) generates a WM_PARENTNOTIFY message that is sent
* synchronously to Process A. Process B blocks until a response is
* received from Process A. Process A, however, is blocked and cannot
* process the message. Both processes are deadlocked.
*
* The example above has a few different workarounds (e.g. setting the
* WS_EX_NOPARENTNOTIFY style on the child window) but the general problem is
* persists. Once two HWNDs are parented we must not block their owning
* threads when manipulating either HWND.
*
* Windows requires any application that hosts native HWNDs to always process
* messages or risk deadlock. Given our architecture the only way to meet
* Windows' requirement and allow for synchronous IPC messages is to pump a
* miniature message loop during a sync IPC call. We avoid processing any
* queued messages during the loop (with one exception, see below), but
* "nonqueued" messages (see
* section "Nonqueued messages") cannot be avoided. Those messages are trapped
* in a special window procedure where we can either ignore the message or
* process it in some fashion.
*
* Queued and "non-queued" messages will be processed during Interrupt calls if
* modal UI related api calls block an Interrupt in-call in the child. To
* prevent windows from freezing, and to allow concurrent processing of critical
* events (such as painting), we spin a native event dispatch loop while
* these in-calls are blocked.
*/
#if defined(ACCESSIBILITY)
// pulled from accessibility's win utils
extern const wchar_t* kPropNameTabContent;
#endif
// widget related message id constants we need to defer, see nsAppShell.
extern UINT sAppShellGeckoMsgId;
namespace {
const wchar_t kOldWndProcProp[] = L"MozillaIPCOldWndProc";
// This isn't defined before Windows XP.
enum { WM_XP_THEMECHANGED = 0x031A };
static StaticAutoPtr<AutoTArray<HWND, 20>> gNeuteredWindows;
typedef nsTArray<UniquePtr<DeferredMessage>> DeferredMessageArray;
DeferredMessageArray* gDeferredMessages = nullptr;
HHOOK gDeferredGetMsgHook = nullptr;
HHOOK gDeferredCallWndProcHook = nullptr;
DWORD gUIThreadId = 0;
HWND gCOMWindow = 0;
// Once initialized, gWinEventHook is never unhooked. We save the handle so
// that we can check whether or not the hook is initialized.
HWINEVENTHOOK gWinEventHook = nullptr;
const wchar_t kCOMWindowClassName[] = L"OleMainThreadWndClass";
// WM_GETOBJECT id pulled from uia headers
#define MOZOBJID_UIAROOT -25
HWND FindCOMWindow() {
MOZ_ASSERT(gUIThreadId);
HWND last = 0;
while (
(last = FindWindowExW(HWND_MESSAGE, last, kCOMWindowClassName, NULL))) {
if (GetWindowThreadProcessId(last, NULL) == gUIThreadId) {
return last;
}
}
return (HWND)0;
}
void CALLBACK WinEventHook(HWINEVENTHOOK aWinEventHook, DWORD aEvent,
HWND aHwnd, LONG aIdObject, LONG aIdChild,
DWORD aEventThread, DWORD aMsEventTime) {
MOZ_ASSERT(aWinEventHook == gWinEventHook);
MOZ_ASSERT(gUIThreadId == aEventThread);
switch (aEvent) {
case EVENT_OBJECT_CREATE: {
if (aIdObject != OBJID_WINDOW || aIdChild != CHILDID_SELF) {
// Not an event we're interested in
return;
}
wchar_t classBuf[256] = {0};
int result = ::GetClassNameW(aHwnd, classBuf, std::size(classBuf));
if (result != (std::size(kCOMWindowClassName) - 1) ||
wcsncmp(kCOMWindowClassName, classBuf, result)) {
// Not a class we're interested in
return;
}
MOZ_ASSERT(FindCOMWindow() == aHwnd);
gCOMWindow = aHwnd;
break;
}
case EVENT_OBJECT_DESTROY: {
if (aHwnd == gCOMWindow && aIdObject == OBJID_WINDOW) {
MOZ_ASSERT(aIdChild == CHILDID_SELF);
gCOMWindow = 0;
}
break;
}
default: {
return;
}
}
}
LRESULT CALLBACK DeferredMessageHook(int nCode, WPARAM wParam, LPARAM lParam) {
// XXX This function is called for *both* the WH_CALLWNDPROC hook and the
// WH_GETMESSAGE hook, but they have different parameters. We don't
// use any of them except nCode which has the same meaning.
// Only run deferred messages if all of these conditions are met:
// 1. The |nCode| indicates that this hook should do something.
// 2. We have deferred messages to run.
// 3. We're not being called from the PeekMessage within the WaitFor*Notify
// function (indicated with MessageChannel::IsPumpingMessages). We really
// only want to run after returning to the main event loop.
if (nCode >= 0 && gDeferredMessages && !MessageChannel::IsPumpingMessages()) {
NS_ASSERTION(gDeferredGetMsgHook && gDeferredCallWndProcHook,
"These hooks must be set if we're being called!");
NS_ASSERTION(gDeferredMessages->Length(), "No deferred messages?!");
// Unset hooks first, in case we reenter below.
UnhookWindowsHookEx(gDeferredGetMsgHook);
UnhookWindowsHookEx(gDeferredCallWndProcHook);
gDeferredGetMsgHook = 0;
gDeferredCallWndProcHook = 0;
// Unset the global and make sure we delete it when we're done here.
auto messages = WrapUnique(gDeferredMessages);
gDeferredMessages = nullptr;
// Run all the deferred messages in order.
uint32_t count = messages->Length();
for (uint32_t index = 0; index < count; index++) {
messages->ElementAt(index)->Run();
}
}
// Always call the next hook.
return CallNextHookEx(nullptr, nCode, wParam, lParam);
}
void ScheduleDeferredMessageRun() {
if (gDeferredMessages && !(gDeferredGetMsgHook && gDeferredCallWndProcHook)) {
NS_ASSERTION(gDeferredMessages->Length(), "No deferred messages?!");
gDeferredGetMsgHook = ::SetWindowsHookEx(WH_GETMESSAGE, DeferredMessageHook,
nullptr, gUIThreadId);
gDeferredCallWndProcHook = ::SetWindowsHookEx(
WH_CALLWNDPROC, DeferredMessageHook, nullptr, gUIThreadId);
NS_ASSERTION(gDeferredGetMsgHook && gDeferredCallWndProcHook,
"Failed to set hooks!");
}
}
static void DumpNeuteredMessage(HWND hwnd, UINT uMsg) {
#ifdef DEBUG
nsAutoCString log("Received \"nonqueued\" ");
// classify messages
if (uMsg < WM_USER) {
const char* msgText = mozilla::widget::WinUtils::WinEventToEventName(uMsg);
if (msgText) {
log.AppendPrintf("ui message \"%s\"", msgText);
} else {
log.AppendPrintf("ui message (0x%X)", uMsg);
}
} else if (uMsg >= WM_USER && uMsg < WM_APP) {
log.AppendPrintf("WM_USER message (0x%X)", uMsg);
} else if (uMsg >= WM_APP && uMsg < 0xC000) {
log.AppendPrintf("WM_APP message (0x%X)", uMsg);
} else if (uMsg >= 0xC000 && uMsg < 0x10000) {
log.AppendPrintf("registered windows message (0x%X)", uMsg);
} else {
log.AppendPrintf("system message (0x%X)", uMsg);
}
log.AppendLiteral(" during a synchronous IPC message for window ");
log.AppendPrintf("0x%p", hwnd);
wchar_t className[256] = {0};
if (GetClassNameW(hwnd, className, sizeof(className) - 1) > 0) {
log.AppendLiteral(" (\"");
log.Append(NS_ConvertUTF16toUTF8((char16_t*)className));
log.AppendLiteral("\")");
}
log.AppendLiteral(
", sending it to DefWindowProc instead of the normal "
"window procedure.");
NS_ERROR(log.get());
#endif
}
LRESULT
ProcessOrDeferMessage(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {
UniquePtr<DeferredMessage> deferred;
// Most messages ask for 0 to be returned if the message is processed.
LRESULT res = 0;
switch (uMsg) {
// Messages that can be deferred as-is. These must not contain pointers in
// their wParam or lParam arguments!
case WM_ACTIVATE:
case WM_ACTIVATEAPP:
case WM_CANCELMODE:
case WM_CAPTURECHANGED:
case WM_CHILDACTIVATE:
case WM_DESTROY:
case WM_ENABLE:
case WM_IME_NOTIFY:
case WM_IME_SETCONTEXT:
case WM_KILLFOCUS:
case WM_MOUSEWHEEL:
case WM_NCDESTROY:
case WM_PARENTNOTIFY:
case WM_SETFOCUS:
case WM_SYSCOMMAND:
case WM_DISPLAYCHANGE:
case WM_SHOWWINDOW: // Intentional fall-through.
case WM_XP_THEMECHANGED: {
deferred = MakeUnique<DeferredSendMessage>(hwnd, uMsg, wParam, lParam);
break;
}
case WM_DEVICECHANGE:
case WM_POWERBROADCAST:
case WM_NCACTIVATE: // Intentional fall-through.
case WM_SETCURSOR: {
// Friggin unconventional return value...
res = TRUE;
deferred = MakeUnique<DeferredSendMessage>(hwnd, uMsg, wParam, lParam);
break;
}
case WM_MOUSEACTIVATE: {
res = MA_NOACTIVATE;
deferred = MakeUnique<DeferredSendMessage>(hwnd, uMsg, wParam, lParam);
break;
}
// These messages need to use the RedrawWindow function to generate the
// right kind of message. We can't simply fake them as the MSDN docs say
// explicitly that paint messages should not be sent by an application.
case WM_ERASEBKGND: {
UINT flags = RDW_INVALIDATE | RDW_ERASE | RDW_NOINTERNALPAINT |
RDW_NOFRAME | RDW_NOCHILDREN | RDW_ERASENOW;
deferred = MakeUnique<DeferredRedrawMessage>(hwnd, flags);
break;
}
// This message will generate a WM_PAINT message if there are invalid
// areas.
case WM_PAINT: {
deferred = MakeUnique<DeferredUpdateMessage>(hwnd);
break;
}
// This message holds a string in its lParam that we must copy.
case WM_SETTINGCHANGE: {
deferred =
MakeUnique<DeferredSettingChangeMessage>(hwnd, uMsg, wParam, lParam);
break;
}
// These messages are faked via a call to SetWindowPos.
case WM_WINDOWPOSCHANGED: {
deferred = MakeUnique<DeferredWindowPosMessage>(hwnd, lParam);
break;
}
case WM_NCCALCSIZE: {
deferred =
MakeUnique<DeferredWindowPosMessage>(hwnd, lParam, true, wParam);
break;
}
case WM_COPYDATA: {
deferred =
MakeUnique<DeferredCopyDataMessage>(hwnd, uMsg, wParam, lParam);
res = TRUE;
break;
}
case WM_STYLECHANGED: {
deferred = MakeUnique<DeferredStyleChangeMessage>(hwnd, wParam, lParam);
break;
}
case WM_SETICON: {
deferred = MakeUnique<DeferredSetIconMessage>(hwnd, uMsg, wParam, lParam);
break;
}
// Messages that are safe to pass to DefWindowProc go here.
case WM_ENTERIDLE:
case WM_GETICON:
case WM_NCPAINT: // (never trap nc paint events)
case WM_GETMINMAXINFO:
case WM_GETTEXT:
case WM_NCHITTEST:
case WM_STYLECHANGING: // Intentional fall-through.
case WM_WINDOWPOSCHANGING:
case WM_GETTEXTLENGTH: {
return DefWindowProc(hwnd, uMsg, wParam, lParam);
}
// Just return, prevents DefWindowProc from messaging the window
// syncronously with other events, which may be deferred. Prevents
// random shutdown of aero composition on the window.
case WM_SYNCPAINT:
return 0;
// This message causes QuickTime to make re-entrant calls.
// Simply discarding it doesn't seem to hurt anything.
case WM_APP - 1:
return 0;
// We only support a query for our IAccessible or UIA pointers.
// This should be safe, and needs to be sync.
#if defined(ACCESSIBILITY)
case WM_GETOBJECT: {
LONG objId = static_cast<LONG>(lParam);
if (objId == OBJID_CLIENT || objId == MOZOBJID_UIAROOT) {
WNDPROC oldWndProc = (WNDPROC)GetProp(hwnd, kOldWndProcProp);
if (oldWndProc) {
return CallWindowProcW(oldWndProc, hwnd, uMsg, wParam, lParam);
}
}
return DefWindowProc(hwnd, uMsg, wParam, lParam);
}
#endif // ACCESSIBILITY
default: {
// Unknown messages only are logged in debug builds and sent to
// DefWindowProc.
if (uMsg && uMsg == sAppShellGeckoMsgId) {
// Widget's registered native event callback
deferred = MakeUnique<DeferredSendMessage>(hwnd, uMsg, wParam, lParam);
}
}
}
// No deferred message was created and we land here, this is an
// unhandled message.
if (!deferred) {
DumpNeuteredMessage(hwnd, uMsg);
return DefWindowProc(hwnd, uMsg, wParam, lParam);
}
// Create the deferred message array if it doesn't exist already.
if (!gDeferredMessages) {
gDeferredMessages = new DeferredMessageArray(20);
}
// Save for later. The array takes ownership of |deferred|.
gDeferredMessages->AppendElement(std::move(deferred));
return res;
}
} // namespace
LRESULT CALLBACK NeuteredWindowProc(HWND hwnd, UINT uMsg, WPARAM wParam,
LPARAM lParam) {
WNDPROC oldWndProc = (WNDPROC)GetProp(hwnd, kOldWndProcProp);
if (!oldWndProc) {
// We should really never ever get here.
NS_ERROR("No old wndproc!");
return DefWindowProc(hwnd, uMsg, wParam, lParam);
}
// See if we care about this message. We may either ignore it, send it to
// DefWindowProc, or defer it for later.
return ProcessOrDeferMessage(hwnd, uMsg, wParam, lParam);
}
namespace {
static bool WindowIsDeferredWindow(HWND hWnd) {
if (!IsWindow(hWnd)) {
NS_WARNING("Window has died!");
return false;
}
char16_t buffer[256] = {0};
int length = GetClassNameW(hWnd, (wchar_t*)buffer, sizeof(buffer) - 1);
if (length <= 0) {
NS_WARNING("Failed to get class name!");
return false;
}
#if defined(ACCESSIBILITY)
// Tab content creates a window that responds to accessible WM_GETOBJECT
// calls. This window can safely be ignored.
if (::GetPropW(hWnd, kPropNameTabContent)) {
return false;
}
#endif
// Common mozilla windows we must defer messages to.
nsDependentString className(buffer, length);
if (StringBeginsWith(className, u"Mozilla"_ns) ||
StringBeginsWith(className, u"Gecko"_ns) ||
className.EqualsLiteral("nsToolkitClass") ||
className.EqualsLiteral("nsAppShell:EventWindowClass")) {
return true;
}
return false;
}
bool NeuterWindowProcedure(HWND hWnd) {
if (!WindowIsDeferredWindow(hWnd)) {
// Some other kind of window, skip.
return false;
}
NS_ASSERTION(!GetProp(hWnd, kOldWndProcProp), "This should always be null!");
// It's possible to get nullptr out of SetWindowLongPtr, and the only way to
// know if that's a valid old value is to use GetLastError. Clear the error
// here so we can tell.
SetLastError(ERROR_SUCCESS);
LONG_PTR currentWndProc =
SetWindowLongPtr(hWnd, GWLP_WNDPROC, (LONG_PTR)NeuteredWindowProc);
if (!currentWndProc) {
if (ERROR_SUCCESS == GetLastError()) {
// No error, so we set something and must therefore reset it.
SetWindowLongPtr(hWnd, GWLP_WNDPROC, currentWndProc);
}
return false;
}
NS_ASSERTION(currentWndProc != (LONG_PTR)NeuteredWindowProc,
"This shouldn't be possible!");
if (!SetProp(hWnd, kOldWndProcProp, (HANDLE)currentWndProc)) {
// Cleanup
NS_WARNING("SetProp failed!");
SetWindowLongPtr(hWnd, GWLP_WNDPROC, currentWndProc);
RemovePropW(hWnd, kOldWndProcProp);
return false;
}
return true;
}
void RestoreWindowProcedure(HWND hWnd) {
NS_ASSERTION(WindowIsDeferredWindow(hWnd),
"Not a deferred window, this shouldn't be in our list!");
LONG_PTR oldWndProc = (LONG_PTR)GetProp(hWnd, kOldWndProcProp);
if (oldWndProc) {
NS_ASSERTION(oldWndProc != (LONG_PTR)NeuteredWindowProc,
"This shouldn't be possible!");
DebugOnly<LONG_PTR> currentWndProc =
SetWindowLongPtr(hWnd, GWLP_WNDPROC, oldWndProc);
NS_ASSERTION(currentWndProc == (LONG_PTR)NeuteredWindowProc,
"This should never be switched out from under us!");
}
RemovePropW(hWnd, kOldWndProcProp);
}
LRESULT CALLBACK CallWindowProcedureHook(int nCode, WPARAM wParam,
LPARAM lParam) {
if (nCode >= 0) {
NS_ASSERTION(gNeuteredWindows, "This should never be null!");
HWND hWnd = reinterpret_cast<CWPSTRUCT*>(lParam)->hwnd;
if (!gNeuteredWindows->Contains(hWnd) &&
!SuppressedNeuteringRegion::IsNeuteringSuppressed() &&
NeuterWindowProcedure(hWnd)) {
// XXX(Bug 1631371) Check if this should use a fallible operation as it
// pretended earlier.
gNeuteredWindows->AppendElement(hWnd);
}
}
return CallNextHookEx(nullptr, nCode, wParam, lParam);
}
inline void AssertWindowIsNotNeutered(HWND hWnd) {
#ifdef DEBUG
// Make sure our neutered window hook isn't still in place.
LONG_PTR wndproc = GetWindowLongPtr(hWnd, GWLP_WNDPROC);
NS_ASSERTION(wndproc != (LONG_PTR)NeuteredWindowProc, "Window is neutered!");
#endif
}
void UnhookNeuteredWindows() {
if (!gNeuteredWindows) return;
uint32_t count = gNeuteredWindows->Length();
for (uint32_t index = 0; index < count; index++) {
RestoreWindowProcedure(gNeuteredWindows->ElementAt(index));
}
gNeuteredWindows->Clear();
}
// This timeout stuff assumes a sane value of mTimeoutMs (less than the overflow
// value for GetTickCount(), which is something like 50 days). It uses the
// cheapest (and least accurate) method supported by Windows 2000.
struct TimeoutData {
DWORD startTicks;
DWORD targetTicks;
};
void InitTimeoutData(TimeoutData* aData, int32_t aTimeoutMs) {
aData->startTicks = GetTickCount();
if (!aData->startTicks) {
// How unlikely is this!
aData->startTicks++;
}
aData->targetTicks = aData->startTicks + aTimeoutMs;
}
bool TimeoutHasExpired(const TimeoutData& aData) {
if (!aData.startTicks) {
return false;
}
DWORD now = GetTickCount();
if (aData.targetTicks < aData.startTicks) {
// Overflow
return now < aData.startTicks && now >= aData.targetTicks;
}
return now >= aData.targetTicks;
}
} // namespace
namespace mozilla {
namespace ipc {
namespace windows {
void InitUIThread() {
if (!XRE_UseNativeEventProcessing()) {
return;
}
// If we aren't setup before a call to NotifyWorkerThread, we'll hang
// on startup.
if (!gUIThreadId) {
gUIThreadId = GetCurrentThreadId();
}
MOZ_ASSERT(gUIThreadId);
MOZ_ASSERT(gUIThreadId == GetCurrentThreadId(),
"Called InitUIThread multiple times on different threads!");
if (!gWinEventHook && !mscom::IsCurrentThreadMTA()) {
gWinEventHook = SetWinEventHook(EVENT_OBJECT_CREATE, EVENT_OBJECT_DESTROY,
NULL, &WinEventHook, GetCurrentProcessId(),
gUIThreadId, WINEVENT_OUTOFCONTEXT);
MOZ_ASSERT(gWinEventHook);
// We need to execute this after setting the hook in case the OLE window
// already existed.
gCOMWindow = FindCOMWindow();
}
}
} // namespace windows
} // namespace ipc
} // namespace mozilla
MessageChannel::SyncStackFrame::SyncStackFrame(MessageChannel* channel)
: mSpinNestedEvents(false),
mListenerNotified(false),
mChannel(channel),
mPrev(mChannel->mTopFrame),
mStaticPrev(sStaticTopFrame) {
// Only track stack frames when Windows message deferral behavior
// is request for the channel.
if (!(mChannel->GetChannelFlags() & REQUIRE_DEFERRED_MESSAGE_PROTECTION)) {
return;
}
mChannel->mTopFrame = this;
sStaticTopFrame = this;
if (!mStaticPrev) {
NS_ASSERTION(!gNeuteredWindows, "Should only set this once!");
gNeuteredWindows = new AutoTArray<HWND, 20>();
}
}
MessageChannel::SyncStackFrame::~SyncStackFrame() {
if (!(mChannel->GetChannelFlags() & REQUIRE_DEFERRED_MESSAGE_PROTECTION)) {
return;
}
NS_ASSERTION(this == mChannel->mTopFrame,
"Mismatched interrupt stack frames");
NS_ASSERTION(this == sStaticTopFrame,
"Mismatched static Interrupt stack frames");
mChannel->mTopFrame = mPrev;
sStaticTopFrame = mStaticPrev;
if (!mStaticPrev) {
NS_ASSERTION(gNeuteredWindows, "Bad pointer!");
gNeuteredWindows = nullptr;
}
}
MessageChannel::SyncStackFrame* MessageChannel::sStaticTopFrame;
// nsAppShell's notification that gecko events are being processed.
// If we are here and there is an Interrupt Incall active, we are spinning
// a nested gecko event loop. In which case the remote process needs
// to know about it.
void /* static */
MessageChannel::NotifyGeckoEventDispatch() {
// sStaticTopFrame is only valid for Interrupt channels
if (!sStaticTopFrame || sStaticTopFrame->mListenerNotified) return;
sStaticTopFrame->mListenerNotified = true;
MessageChannel* channel =
static_cast<MessageChannel*>(sStaticTopFrame->mChannel);
channel->Listener()->ProcessRemoteNativeEventsInInterruptCall();
}
// invoked by the module that receives the spin event loop
// message.
void MessageChannel::ProcessNativeEventsInInterruptCall() {
NS_ASSERTION(GetCurrentThreadId() == gUIThreadId,
"Shouldn't be on a non-main thread in here!");
if (!mTopFrame) {
NS_ERROR("Spin logic error: no Interrupt frame");
return;
}
mTopFrame->mSpinNestedEvents = true;
}
static HHOOK gWindowHook;
static inline void StartNeutering() {
if (!gUIThreadId) {
mozilla::ipc::windows::InitUIThread();
}
MOZ_ASSERT(gUIThreadId);
MOZ_ASSERT(!gWindowHook);
NS_ASSERTION(!MessageChannel::IsPumpingMessages(),
"Shouldn't be pumping already!");
MessageChannel::SetIsPumpingMessages(true);
gWindowHook = ::SetWindowsHookEx(WH_CALLWNDPROC, CallWindowProcedureHook,
nullptr, gUIThreadId);
NS_ASSERTION(gWindowHook, "Failed to set hook!");
}
static void StopNeutering() {
MOZ_ASSERT(MessageChannel::IsPumpingMessages());
::UnhookWindowsHookEx(gWindowHook);
gWindowHook = NULL;
::UnhookNeuteredWindows();
// Before returning we need to set a hook to run any deferred messages that
// we received during the IPC call. The hook will unset itself as soon as
// someone else calls GetMessage, PeekMessage, or runs code that generates
// a "nonqueued" message.
::ScheduleDeferredMessageRun();
MessageChannel::SetIsPumpingMessages(false);
}
NeuteredWindowRegion::NeuteredWindowRegion(bool aDoNeuter)
: mNeuteredByThis(!gWindowHook && aDoNeuter &&
XRE_UseNativeEventProcessing()) {
if (mNeuteredByThis) {
StartNeutering();
}
}
NeuteredWindowRegion::~NeuteredWindowRegion() {
if (gWindowHook && mNeuteredByThis) {
StopNeutering();
}
}
void NeuteredWindowRegion::PumpOnce() {
if (!gWindowHook) {
// This should be a no-op if nothing has been neutered.
return;
}
MSG msg = {0};
// Pump any COM messages so that we don't hang due to STA marshaling.
if (gCOMWindow && ::PeekMessageW(&msg, gCOMWindow, 0, 0, PM_REMOVE)) {
::TranslateMessage(&msg);
::DispatchMessageW(&msg);
}
// Expunge any nonqueued messages on the current thread.
::PeekMessageW(&msg, nullptr, 0, 0, PM_NOREMOVE);
}
DeneuteredWindowRegion::DeneuteredWindowRegion()
: mReneuter(gWindowHook != NULL) {
if (mReneuter) {
StopNeutering();
}
}
DeneuteredWindowRegion::~DeneuteredWindowRegion() {
if (mReneuter) {
StartNeutering();
}
}
SuppressedNeuteringRegion::SuppressedNeuteringRegion()
: mReenable(::gUIThreadId == ::GetCurrentThreadId() && ::gWindowHook) {
if (mReenable) {
MOZ_ASSERT(!sSuppressNeutering);
sSuppressNeutering = true;
}
}
SuppressedNeuteringRegion::~SuppressedNeuteringRegion() {
if (mReenable) {
MOZ_ASSERT(sSuppressNeutering);
sSuppressNeutering = false;
}
}
bool SuppressedNeuteringRegion::sSuppressNeutering = false;
bool MessageChannel::WaitForSyncNotify() {
mMonitor->AssertCurrentThreadOwns();
if (!gUIThreadId) {
mozilla::ipc::windows::InitUIThread();
}
// Use a blocking wait if this channel does not require
// Windows message deferral behavior.
if (!(mFlags & REQUIRE_DEFERRED_MESSAGE_PROTECTION)) {
TimeDuration timeout = (kNoTimeout == mTimeoutMs)
? TimeDuration::Forever()
: TimeDuration::FromMilliseconds(mTimeoutMs);
MOZ_ASSERT(!mIsSyncWaitingOnNonMainThread);
mIsSyncWaitingOnNonMainThread = true;
CVStatus status = mMonitor->Wait(timeout);
MOZ_ASSERT(mIsSyncWaitingOnNonMainThread);
mIsSyncWaitingOnNonMainThread = false;
// If the timeout didn't expire, we know we received an event. The
// converse is not true.
return WaitResponse(status == CVStatus::Timeout);
}
NS_ASSERTION(
mFlags & REQUIRE_DEFERRED_MESSAGE_PROTECTION,
"Shouldn't be here for channels that don't use message deferral!");
NS_ASSERTION(mTopFrame, "No top frame!");
MonitorAutoUnlock unlock(*mMonitor);
bool timedout = false;
UINT_PTR timerId = 0;
TimeoutData timeoutData = {0};
if (mTimeoutMs != kNoTimeout) {
InitTimeoutData(&timeoutData, mTimeoutMs);
// We only do this to ensure that we won't get stuck in
// MsgWaitForMultipleObjects below.
timerId = SetTimer(nullptr, 0, mTimeoutMs, nullptr);
NS_ASSERTION(timerId, "SetTimer failed!");
}
NeuteredWindowRegion neuteredRgn(true);
{
while (1) {
MSG msg = {0};
// Don't get wrapped up in here if the child connection dies.
{
MonitorAutoLock lock(*mMonitor);
if (!Connected()) {
break;
}
}
// Wait until we have a message in the queue. MSDN docs are a bit unclear
// but it seems that windows from two different threads (and it should be
// noted that a thread in another process counts as a "different thread")
// will implicitly have their message queues attached if they are parented
// to one another. This wait call, then, will return for a message
// delivered to *either* thread.
DWORD result =
MsgWaitForMultipleObjects(1, &mEvent, FALSE, INFINITE, QS_ALLINPUT);
if (result == WAIT_OBJECT_0) {
// Our NotifyWorkerThread event was signaled
BOOL success = ResetEvent(mEvent);
if (!success) {
gfxDevCrash(mozilla::gfx::LogReason::MessageChannelInvalidHandle)
<< "WindowsMessageChannel::WaitForSyncNotify failed to reset "
"event. GetLastError: "
<< GetLastError();
}
break;
} else if (result != (WAIT_OBJECT_0 + 1)) {
NS_ERROR("Wait failed!");
break;
}
if (TimeoutHasExpired(timeoutData)) {
// A timeout was specified and we've passed it. Break out.
timedout = true;
break;
}
// The only way to know on which thread the message was delivered is to
// use some logic on the return values of GetQueueStatus and PeekMessage.
// PeekMessage will return false if there are no "queued" messages, but it
// will run all "nonqueued" messages before returning. So if PeekMessage
// returns false and there are no "nonqueued" messages that were run then
// we know that the message we woke for was intended for a window on
// another thread.
bool haveSentMessagesPending =
(HIWORD(GetQueueStatus(QS_SENDMESSAGE)) & QS_SENDMESSAGE) != 0;
// Either of the PeekMessage calls below will actually process all
// "nonqueued" messages that are pending before returning. If we have
// "nonqueued" messages pending then we should have switched out all the
// window procedures above. In that case this PeekMessage call won't
// actually cause any mozilla code (or plugin code) to run.
// We have to manually pump all COM messages *after* looking at the queue
// queue status but before yielding our thread below.
if (gCOMWindow) {
if (PeekMessageW(&msg, gCOMWindow, 0, 0, PM_REMOVE)) {
TranslateMessage(&msg);
::DispatchMessageW(&msg);
}
}
// If the following PeekMessage call fails to return a message for us (and
// returns false) and we didn't run any "nonqueued" messages then we must
// have woken up for a message designated for a window in another thread.
// If we loop immediately then we could enter a tight loop, so we'll give
// up our time slice here to let the child process its message.
if (!PeekMessageW(&msg, nullptr, 0, 0, PM_NOREMOVE) &&
!haveSentMessagesPending) {
// Message was for child, we should wait a bit.
SwitchToThread();
}
}
}
if (timerId) {
KillTimer(nullptr, timerId);
timerId = 0;
}
return WaitResponse(timedout);
}
void MessageChannel::NotifyWorkerThread() {
mMonitor->AssertCurrentThreadOwns();
if (mIsSyncWaitingOnNonMainThread) {
mMonitor->Notify();
return;
}
MOZ_RELEASE_ASSERT(mEvent, "No signal event to set, this is really bad!");
if (!SetEvent(mEvent)) {
NS_WARNING("Failed to set NotifyWorkerThread event!");
gfxDevCrash(mozilla::gfx::LogReason::MessageChannelInvalidHandle)
<< "WindowsMessageChannel failed to SetEvent. GetLastError: "
<< GetLastError();
}
}
void DeferredSendMessage::Run() {
AssertWindowIsNotNeutered(hWnd);
if (!IsWindow(hWnd)) {
NS_ERROR("Invalid window!");
return;
}
WNDPROC wndproc =
reinterpret_cast<WNDPROC>(GetWindowLongPtr(hWnd, GWLP_WNDPROC));
if (!wndproc) {
NS_ERROR("Invalid window procedure!");
return;
}
CallWindowProc(wndproc, hWnd, message, wParam, lParam);
}
void DeferredRedrawMessage::Run() {
AssertWindowIsNotNeutered(hWnd);
if (!IsWindow(hWnd)) {
NS_ERROR("Invalid window!");
return;
}
#ifdef DEBUG
BOOL ret =
#endif
RedrawWindow(hWnd, nullptr, nullptr, flags);
NS_ASSERTION(ret, "RedrawWindow failed!");
}
DeferredUpdateMessage::DeferredUpdateMessage(HWND aHWnd) {
mWnd = aHWnd;
if (!GetUpdateRect(mWnd, &mUpdateRect, FALSE)) {
memset(&mUpdateRect, 0, sizeof(RECT));
return;
}
ValidateRect(mWnd, &mUpdateRect);
}
void DeferredUpdateMessage::Run() {
AssertWindowIsNotNeutered(mWnd);
if (!IsWindow(mWnd)) {
NS_ERROR("Invalid window!");
return;
}
InvalidateRect(mWnd, &mUpdateRect, FALSE);
#ifdef DEBUG
BOOL ret =
#endif
UpdateWindow(mWnd);
NS_ASSERTION(ret, "UpdateWindow failed!");
}
DeferredSettingChangeMessage::DeferredSettingChangeMessage(HWND aHWnd,
UINT aMessage,
WPARAM aWParam,
LPARAM aLParam)
: DeferredSendMessage(aHWnd, aMessage, aWParam, aLParam) {
NS_ASSERTION(aMessage == WM_SETTINGCHANGE, "Wrong message type!");
if (aLParam) {
lParamString = _wcsdup(reinterpret_cast<const wchar_t*>(aLParam));
lParam = reinterpret_cast<LPARAM>(lParamString);
} else {
lParamString = nullptr;
lParam = 0;
}
}
DeferredSettingChangeMessage::~DeferredSettingChangeMessage() {
free(lParamString);
}
DeferredWindowPosMessage::DeferredWindowPosMessage(HWND aHWnd, LPARAM aLParam,
bool aForCalcSize,
WPARAM aWParam) {
if (aForCalcSize) {
if (aWParam) {
NCCALCSIZE_PARAMS* arg = reinterpret_cast<NCCALCSIZE_PARAMS*>(aLParam);
memcpy(&windowPos, arg->lppos, sizeof(windowPos));
NS_ASSERTION(aHWnd == windowPos.hwnd, "Mismatched hwnds!");
} else {
RECT* arg = reinterpret_cast<RECT*>(aLParam);
windowPos.hwnd = aHWnd;
windowPos.hwndInsertAfter = nullptr;
windowPos.x = arg->left;
windowPos.y = arg->top;
windowPos.cx = arg->right - arg->left;
windowPos.cy = arg->bottom - arg->top;
NS_ASSERTION(arg->right >= arg->left && arg->bottom >= arg->top,
"Negative width or height!");
}
windowPos.flags = SWP_FRAMECHANGED | SWP_NOACTIVATE | SWP_NOOWNERZORDER |
SWP_NOZORDER | SWP_DEFERERASE | SWP_NOSENDCHANGING;
} else {
// Not for WM_NCCALCSIZE
WINDOWPOS* arg = reinterpret_cast<WINDOWPOS*>(aLParam);
memcpy(&windowPos, arg, sizeof(windowPos));
NS_ASSERTION(aHWnd == windowPos.hwnd, "Mismatched hwnds!");
// Windows sends in some private flags sometimes that we can't simply copy.
// Filter here.
UINT mask = SWP_ASYNCWINDOWPOS | SWP_DEFERERASE | SWP_DRAWFRAME |
SWP_FRAMECHANGED | SWP_HIDEWINDOW | SWP_NOACTIVATE |
SWP_NOCOPYBITS | SWP_NOMOVE | SWP_NOOWNERZORDER | SWP_NOREDRAW |
SWP_NOREPOSITION | SWP_NOSENDCHANGING | SWP_NOSIZE |
SWP_NOZORDER | SWP_SHOWWINDOW;
windowPos.flags &= mask;
}
}
void DeferredWindowPosMessage::Run() {
AssertWindowIsNotNeutered(windowPos.hwnd);
if (!IsWindow(windowPos.hwnd)) {
NS_ERROR("Invalid window!");
return;
}
if (!IsWindow(windowPos.hwndInsertAfter)) {
NS_WARNING("ZOrder change cannot be honored");
windowPos.hwndInsertAfter = 0;
windowPos.flags |= SWP_NOZORDER;
}
#ifdef DEBUG
BOOL ret =
#endif
SetWindowPos(windowPos.hwnd, windowPos.hwndInsertAfter, windowPos.x,
windowPos.y, windowPos.cx, windowPos.cy, windowPos.flags);
NS_ASSERTION(ret, "SetWindowPos failed!");
}
DeferredCopyDataMessage::DeferredCopyDataMessage(HWND aHWnd, UINT aMessage,
WPARAM aWParam, LPARAM aLParam)
: DeferredSendMessage(aHWnd, aMessage, aWParam, aLParam) {
NS_ASSERTION(IsWindow(reinterpret_cast<HWND>(aWParam)), "Bad window!");
COPYDATASTRUCT* source = reinterpret_cast<COPYDATASTRUCT*>(aLParam);
NS_ASSERTION(source, "Should never be null!");
copyData.dwData = source->dwData;
copyData.cbData = source->cbData;
if (source->cbData) {
copyData.lpData = malloc(source->cbData);
if (copyData.lpData) {
memcpy(copyData.lpData, source->lpData, source->cbData);
} else {
NS_ERROR("Out of memory?!");
copyData.cbData = 0;
}
} else {
copyData.lpData = nullptr;
}
lParam = reinterpret_cast<LPARAM>(&copyData);
}
DeferredCopyDataMessage::~DeferredCopyDataMessage() { free(copyData.lpData); }
DeferredStyleChangeMessage::DeferredStyleChangeMessage(HWND aHWnd,
WPARAM aWParam,
LPARAM aLParam)
: hWnd(aHWnd) {
index = static_cast<int>(aWParam);
style = reinterpret_cast<STYLESTRUCT*>(aLParam)->styleNew;
}
void DeferredStyleChangeMessage::Run() { SetWindowLongPtr(hWnd, index, style); }
DeferredSetIconMessage::DeferredSetIconMessage(HWND aHWnd, UINT aMessage,
WPARAM aWParam, LPARAM aLParam)
: DeferredSendMessage(aHWnd, aMessage, aWParam, aLParam) {
NS_ASSERTION(aMessage == WM_SETICON, "Wrong message type!");
}
void DeferredSetIconMessage::Run() {
AssertWindowIsNotNeutered(hWnd);
if (!IsWindow(hWnd)) {
NS_ERROR("Invalid window!");
return;
}
WNDPROC wndproc =
reinterpret_cast<WNDPROC>(GetWindowLongPtr(hWnd, GWLP_WNDPROC));
if (!wndproc) {
NS_ERROR("Invalid window procedure!");
return;
}
HICON hOld = reinterpret_cast<HICON>(
CallWindowProc(wndproc, hWnd, message, wParam, lParam));
if (hOld) {
DestroyIcon(hOld);
}
}