Changeset 211535 in webkit

Timestamp:

Feb 1, 2017 2:52:02 PM (7 years ago)

Author:

andersca@apple.com

Message:

IPC::Connection receive ports should be guarded
​https://bugs.webkit.org/show_bug.cgi?id=167704

Reviewed by Tim Horton.

Guarding receive rights will make sure that they won't be closed accidentally. They are created
with a context pointer and can only be unguarded or destructed with the same context pointer.

• Platform/IPC/mac/ConnectionMac.mm:

(IPC::Connection::platformInvalidate):
Use mach_port_destruct and pass the connection pointer as the context.

(IPC::Connection::platformInitialize):
Guard the server port with the connection pointer as the context.

(IPC::Connection::open):
Use mach_port_construct to create the port which lets us avoid a call to mach_port_set_attributes and setMachPortQueueLength.
Make the port guarded and use the connection pointer as the context.

(IPC::createReceiveSource):
Get rid of this and just duplicate the five lines of code in two places. For the receive port we want to use mach_port_destruct
in our cancel handler.

Location:

trunk/Source/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• Platform/IPC/mac/ConnectionMac.mm (modified) (5 diffs)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2017-02-01  Anders Carlsson  <andersca@apple.com>
+
+        IPC::Connection receive ports should be guarded
+        https://bugs.webkit.org/show_bug.cgi?id=167704
+
+        Reviewed by Tim Horton.
+
+        Guarding receive rights will make sure that they won't be closed accidentally. They are created
+        with a context pointer and can only be unguarded or destructed with the same context pointer.
+
+        * Platform/IPC/mac/ConnectionMac.mm:
+        (IPC::Connection::platformInvalidate):
+        Use mach_port_destruct and pass the connection pointer as the context.
+
+        (IPC::Connection::platformInitialize):
+        Guard the server port with the connection pointer as the context.
+
+        (IPC::Connection::open):
+        Use mach_port_construct to create the port which lets us avoid a call to mach_port_set_attributes and setMachPortQueueLength.
+        Make the port guarded and use the connection pointer as the context.
+
+        (IPC::createReceiveSource):
+        Get rid of this and just duplicate the five lines of code in two places. For the receive port we want to use mach_port_destruct
+        in our cancel handler.
+
 2017-02-01  Andreas Kling  <akling@apple.com>
 

trunk/Source/WebKit2/Platform/IPC/mac/ConnectionMac.mm

@@ -121 +121 @@
 
         if (m_receivePort) {
-            mach_port_mod_refs(mach_task_self(), m_receivePort, MACH_PORT_RIGHT_RECEIVE, -1);
+            mach_port_destruct(mach_task_self(), m_receivePort, 0, reinterpret_cast<mach_port_context_t>(this));
             m_receivePort = MACH_PORT_NULL;
         }
@@ -171 +171 @@
         m_receivePort = identifier.port;
         m_sendPort = MACH_PORT_NULL;
+
+        mach_port_guard(mach_task_self(), m_receivePort, reinterpret_cast<mach_port_context_t>(this), true);
     } else {
         m_receivePort = MACH_PORT_NULL;
@@ -180 +182 @@
 
     m_xpcConnection = identifier.xpcConnection;
-}
-
-template<typename Function>
-static dispatch_source_t createReceiveSource(mach_port_t receivePort, WorkQueue& workQueue, Function&& function)
-{
-    dispatch_source_t source = dispatch_source_create(DISPATCH_SOURCE_TYPE_MACH_RECV, receivePort, 0, workQueue.dispatchQueue());
-    dispatch_source_set_event_handler(source, function);
-
-    dispatch_source_set_cancel_handler(source, ^{
-        mach_port_mod_refs(mach_task_self(), receivePort, MACH_PORT_RIGHT_RECEIVE, -1);
-    });
-
-    return source;
 }
 
@@ -206 +195 @@
 
         // Create the receive port.
-        mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &m_receivePort);
+        uint32_t flags = MPO_CONTEXT_AS_GUARD | MPO_QLIMIT |  MPO_STRICT | MPO_INSERT_SEND_RIGHT;
 
 #if PLATFORM(MAC)
-        mach_port_set_attributes(mach_task_self(), m_receivePort, MACH_PORT_DENAP_RECEIVER, (mach_port_info_t)0, 0);
-#endif
+        flags |= MPO_DENAP_RECEIVER;
+#endif
+
+        mach_port_options_t portOptions;
+        portOptions.flags = flags;
+        portOptions.mpl.mpl_qlimit = MACH_PORT_QLIMIT_LARGE;
+        mach_port_construct(mach_task_self(), &portOptions, reinterpret_cast<mach_port_context_t>(this), &m_receivePort);
 
         m_isConnected = true;
         
-        // Send the initialize message, which contains a send right for the server to use.
         auto encoder = std::make_unique<Encoder>("IPC", "InitializeConnection", 0);
-        encoder->encode(MachPort(m_receivePort, MACH_MSG_TYPE_MAKE_SEND));
+        encoder->encode(MachPort(m_receivePort, MACH_MSG_TYPE_MOVE_SEND));
 
         initializeSendSource();
@@ -223 +216 @@
     }
 
-    // Change the message queue length for the receive port.
-    setMachPortQueueLength(m_receivePort, MACH_PORT_QLIMIT_LARGE);
-
-    // Register the data available handler.
     RefPtr<Connection> connection(this);
-    m_receiveSource = createReceiveSource(m_receivePort, m_connectionQueue, [connection] {
+    m_receiveSource = dispatch_source_create(DISPATCH_SOURCE_TYPE_MACH_RECV, m_receivePort, 0, m_connectionQueue->dispatchQueue());
+    dispatch_source_set_event_handler(m_receiveSource, [connection] {
         connection->receiveSourceEventHandler();
     });
+    dispatch_source_set_cancel_handler(m_receiveSource, [connection, receivePort = m_receivePort] {
+        mach_port_destruct(mach_task_self(), receivePort, 0, reinterpret_cast<mach_port_context_t>(connection.get()));
+    });
 
 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED <= 101000
     if (m_exceptionPort) {
-        m_exceptionPortDataAvailableSource = createReceiveSource(m_exceptionPort, m_connectionQueue, [connection] {
+        m_exceptionPortDataAvailableSource = dispatch_source_create(DISPATCH_SOURCE_TYPE_MACH_RECV, m_exceptionPort, 0, m_connectionQueue.dispatchQueue());
+        dispatch_source_set_event_handler(source, [connection] {
             connection->exceptionSourceEventHandler();
+        });
+        dispatch_source_set_cancel_handler(source, [connection, exceptionPort = connection->m_exceptionPort] {
+            mach_port_mod_refs(mach_task_self(), exceptionPort, MACH_PORT_RIGHT_RECEIVE, -1);
         });