Context Navigation

← Previous Changeset
Next Changeset →

Changeset 244921 in webkit

Timestamp:

May 3, 2019 2:24:06 PM (5 years ago)

Author:

sihui_liu@apple.com

Message:

Add assertion to check whether shm files have maximum FileProtection of CompleteUnlessOpen
https://bugs.webkit.org/show_bug.cgi?id=197390
<rdar://problem/42685773>

Reviewed by Geoffrey Garen.

Source/WebCore:

We have seen crashes about accessing database files after device is locked. We are suspecting this is because
shm files have wrong data protection class, but shm files should not have Complete class protection when it
is created. It is likely the protection class is changed later. Add an assertion to verify our guess. If the
crash signature changes after this patch, we probably need to change database implementation. If it is not, we
have other problem than data protection.

platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::open):

Source/WebKit:

Move data protection check to WebCore so it can be applied to database files.

NetworkProcess/cache/NetworkCacheBlobStorage.cpp:

(WebKit::NetworkCache::BlobStorage::add):

NetworkProcess/cache/NetworkCacheFileSystem.cpp:

(WebKit::NetworkCache::makeSafeToUseMemoryMapForPath): Deleted.

NetworkProcess/cache/NetworkCacheFileSystem.h:
NetworkProcess/cache/NetworkCacheFileSystemCocoa.mm: Removed.
SourcesCocoa.txt:
UIProcess/API/APIContentRuleListStore.cpp:

(API::openAndMapOrCopyContentRuleList):
(API::compiledToFile):

Source/WTF:

wtf/FileSystem.cpp:

(WTF::FileSystemImpl::isSafeToUseMemoryMapForPath):
(WTF::FileSystemImpl::makeSafeToUseMemoryMapForPath):

wtf/FileSystem.h:
wtf/cocoa/FileSystemCocoa.mm:

(WTF::FileSystemImpl::isSafeToUseMemoryMapForPath):
(WTF::FileSystemImpl::makeSafeToUseMemoryMapForPath):

Location:

trunk/Source

Files:

: 1 deleted
: 12 edited

WTF/ChangeLog (modified) (1 diff)
WTF/wtf/FileSystem.cpp (modified) (1 diff)
WTF/wtf/FileSystem.h (modified) (1 diff)
WTF/wtf/cocoa/FileSystemCocoa.mm (modified) (1 diff)
WebCore/ChangeLog (modified) (1 diff)
WebCore/platform/sql/SQLiteDatabase.cpp (modified) (1 diff)
WebKit/ChangeLog (modified) (1 diff)
WebKit/NetworkProcess/cache/NetworkCacheBlobStorage.cpp (modified) (1 diff)
WebKit/NetworkProcess/cache/NetworkCacheFileSystem.cpp (modified) (1 diff)
WebKit/NetworkProcess/cache/NetworkCacheFileSystem.h (modified) (1 diff)
WebKit/NetworkProcess/cache/NetworkCacheFileSystemCocoa.mm (deleted)
WebKit/SourcesCocoa.txt (modified) (1 diff)
WebKit/UIProcess/API/APIContentRuleListStore.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/WTF/ChangeLog

-                      r244907
+                      r244921
+-05-03  Sihui Liu  <sihui_liu@apple.com>
+        Add assertion to check whether shm files have maximum FileProtection of CompleteUnlessOpen
+        https://bugs.webkit.org/show_bug.cgi?id=197390
+        <rdar://problem/42685773>
+        Reviewed by Geoffrey Garen.
+        * wtf/FileSystem.cpp:
+        (WTF::FileSystemImpl::isSafeToUseMemoryMapForPath):
+        (WTF::FileSystemImpl::makeSafeToUseMemoryMapForPath):
+        * wtf/FileSystem.h:
+        * wtf/cocoa/FileSystemCocoa.mm:
+        (WTF::FileSystemImpl::isSafeToUseMemoryMapForPath):
+        (WTF::FileSystemImpl::makeSafeToUseMemoryMapForPath):
 -05-03  Commit Queue  <commit-queue@webkit.org>

trunk/Source/WTF/wtf/FileSystem.cpp

-                      r240437
+                      r244921
+}
+#if !PLATFORM(IOS_FAMILY)
+bool isSafeToUseMemoryMapForPath(const String&)
+{
+    return true;
+}
+void makeSafeToUseMemoryMapForPath(const String&)
+{
+}
+#endif
 } // namespace FileSystemImpl
 } // namespace WTF

trunk/Source/WTF/wtf/FileSystem.h

-                      r240600
+                      r244921
 WTF_EXPORT_PRIVATE String realPath(const String&);
+WTF_EXPORT_PRIVATE bool isSafeToUseMemoryMapForPath(const String&);
+WTF_EXPORT_PRIVATE void makeSafeToUseMemoryMapForPath(const String&);
 class MappedFileData {
 public:

trunk/Source/WTF/wtf/cocoa/FileSystemCocoa.mm

-                      r240437
+                      r244921
+}
+#if PLATFORM(IOS_FAMILY)
+bool isSafeToUseMemoryMapForPath(const String& path)
+{
+    NSError *error = nil;
+    NSDictionary<NSFileAttributeKey, id> *attributes = [[NSFileManager defaultManager] attributesOfItemAtPath:path error:&error];
+    if (error) {
+        LOG_ERROR("Unable to get path protection class");
+        return false;
+    }
+    if ([[attributes objectForKey:NSFileProtectionKey] isEqualToString:NSFileProtectionComplete]) {
+        LOG_ERROR("Path protection class is NSFileProtectionComplete, so it is not safe to use memory map");
+        return false;
+    }
+    return true;
+}
+void makeSafeToUseMemoryMapForPath(const String& path)
+{
+    if (isSafeToUseMemoryMapForPath(path))
+        return;
+    NSError *error = nil;
+    BOOL success = [[NSFileManager defaultManager] setAttributes:@{ NSFileProtectionKey: NSFileProtectionCompleteUnlessOpen } ofItemAtPath:path error:&error];
+    ASSERT(!error);
+    ASSERT_UNUSED(success, success);
+}
+#endif
 } // namespace FileSystemImpl
 } // namespace WTF

trunk/Source/WebCore/ChangeLog

-                      r244918
+                      r244921
+-05-03  Sihui Liu  <sihui_liu@apple.com>
+        Add assertion to check whether shm files have maximum FileProtection of CompleteUnlessOpen
+        https://bugs.webkit.org/show_bug.cgi?id=197390
+        <rdar://problem/42685773>
+        Reviewed by Geoffrey Garen.
+        We have seen crashes about accessing database files after device is locked. We are suspecting this is because
+        shm files have wrong data protection class, but shm files should not have Complete class protection when it
+        is created. It is likely the protection class is changed later. Add an assertion to verify our guess. If the
+        crash signature changes after this patch, we probably need to change database implementation. If it is not, we
+        have other problem than data protection.
+        * platform/sql/SQLiteDatabase.cpp:
+        (WebCore::SQLiteDatabase::open):
 -05-03  Youenn Fablet  <youenn@apple.com>

trunk/Source/WebCore/platform/sql/SQLiteDatabase.cpp

-                      r243939
+                      r244921
     if (openMode != OpenMode::ReadOnly)
         useWALJournalMode();
+    String shmFileName = makeString(filename, "-shm"_s);
+    if (FileSystem::fileExists(shmFileName))
+        RELEASE_ASSERT(FileSystem::isSafeToUseMemoryMapForPath(shmFileName));
     return isOpen();

trunk/Source/WebKit/ChangeLog

-                      r244920
+                      r244921
+-05-03  Sihui Liu  <sihui_liu@apple.com>
+        Add assertion to check whether shm files have maximum FileProtection of CompleteUnlessOpen
+        https://bugs.webkit.org/show_bug.cgi?id=197390
+        <rdar://problem/42685773>
+        Reviewed by Geoffrey Garen.
+        Move data protection check to WebCore so it can be applied to database files.
+        * NetworkProcess/cache/NetworkCacheBlobStorage.cpp:
+        (WebKit::NetworkCache::BlobStorage::add):
+        * NetworkProcess/cache/NetworkCacheFileSystem.cpp:
+        (WebKit::NetworkCache::makeSafeToUseMemoryMapForPath): Deleted.
+        * NetworkProcess/cache/NetworkCacheFileSystem.h:
+        * NetworkProcess/cache/NetworkCacheFileSystemCocoa.mm: Removed.
+        * SourcesCocoa.txt:
+        * UIProcess/API/APIContentRuleListStore.cpp:
+        (API::openAndMapOrCopyContentRuleList):
+        (API::compiledToFile):
 -05-03  Chris Dumez  <cdumez@apple.com>

trunk/Source/WebKit/NetworkProcess/cache/NetworkCacheBlobStorage.cpp

r244678	r244921
95	95
96	96	String blobPathString = blobPathForHash(hash);
97		makeSafeToUseMemoryMapForPath(blobPathString);
	97	FileSystem::makeSafeToUseMemoryMapForPath(blobPathString);
98	98
99	99	auto blobPath = FileSystem::fileSystemRepresentation(blobPathString);

trunk/Source/WebKit/NetworkProcess/cache/NetworkCacheFileSystem.cpp

r244678	r244921
146	146	}
147	147
148		~~#if !PLATFORM(IOS_FAMILY)~~
149		~~void makeSafeToUseMemoryMapForPath(const String&)~~
150		{
151		}
152		~~#endif~~
153
154	148	}
155	149	}

trunk/Source/WebKit/NetworkProcess/cache/NetworkCacheFileSystem.h

r244678	r244921
43	43	void updateFileModificationTimeIfNeeded(const String& path);
44	44
45		~~void makeSafeToUseMemoryMapForPath(const String&);~~
46
47	45	}
48	46	}

trunk/Source/WebKit/SourcesCocoa.txt

r244747	r244921
23	23
24	24	NetworkProcess/cache/NetworkCacheDataCocoa.mm
25		~~NetworkProcess/cache/NetworkCacheFileSystemCocoa.mm~~
26	25	NetworkProcess/cache/NetworkCacheIOChannelCocoa.mm
27	26

trunk/Source/WebKit/UIProcess/API/APIContentRuleListStore.cpp

-                      r244597
+                      r244921
 static Optional<MappedData> openAndMapOrCopyContentRuleList(const WTF::String& path)
+{
     WebKit::NetworkCache::makeSafeToUseMemoryMapForPath(path);
+    FileSystem::makeSafeToUseMemoryMapForPath(path);
     WebKit::NetworkCache::Data fileData = mapFile(fileSystemRepresentation(path).data());
     if (fileData.isNull())
 …
+    }
     makeSafeToUseMemoryMapForPath(finalFilePath);
+    FileSystem::makeSafeToUseMemoryMapForPath(finalFilePath);
     return {{ WTFMove(metaData), WTFMove(mappedData) }};

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 244921 in webkit

Legend:

Download in other formats: