Changeset 247250 in webkit


Ignore:
Timestamp:
Jul 8, 2019 8:06:12 PM (5 years ago)
Author:
Chris Dumez
Message:

Speculative fix for crashes under LocalStorageDatabaseTracker::databasePath()
https://bugs.webkit.org/show_bug.cgi?id=199599
<rdar://problem/31169686>

Reviewed by Ryosuke Niwa.

Speculative fix for crashes under LocalStorageDatabaseTracker::databasePath():

  • Add new localStorageDirectory() getter to LocalStorageDatabaseTracker which calls isolatedCopy() on m_localStorageDirectory before returning it. Use it everywhere instead of m_localStorageDirectory since it is not safe to use the same String from various threads like it was done.
  • Move localStorageDirectory when constructing the LocalStorageDatabaseTracker instead of copying it.
  • Make sure that LocalStorageDatabaseTracker and StorageManager are both constructed and destroyed on the main thread.
  • NetworkProcess/NetworkSession.cpp:

(WebKit::NetworkSession::NetworkSession):

  • NetworkProcess/NetworkSession.h:
  • NetworkProcess/WebStorage/LocalStorageDatabaseTracker.cpp:

(WebKit::LocalStorageDatabaseTracker::create):
(WebKit::LocalStorageDatabaseTracker::LocalStorageDatabaseTracker):
(WebKit::LocalStorageDatabaseTracker::localStorageDirectory const):
(WebKit::LocalStorageDatabaseTracker::~LocalStorageDatabaseTracker):
(WebKit::LocalStorageDatabaseTracker::deleteAllDatabases):
(WebKit::LocalStorageDatabaseTracker::origins const):
(WebKit::LocalStorageDatabaseTracker::databasePath const):

  • NetworkProcess/WebStorage/LocalStorageDatabaseTracker.h:
  • NetworkProcess/WebStorage/StorageManager.cpp:

(WebKit::StorageManager::create):
(WebKit::StorageManager::StorageManager):
(WebKit::StorageManager::~StorageManager):

  • NetworkProcess/WebStorage/StorageManager.h:
  • NetworkProcess/WebStorage/ios/LocalStorageDatabaseTrackerIOS.mm:

(WebKit::LocalStorageDatabaseTracker::platformMaybeExcludeFromBackup const):

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::NetworkSessionCocoa::NetworkSessionCocoa):

  • NetworkProcess/curl/NetworkSessionCurl.cpp:

(WebKit::NetworkSessionCurl::NetworkSessionCurl):

  • NetworkProcess/soup/NetworkSessionSoup.cpp:

(WebKit::NetworkSessionSoup::NetworkSessionSoup):

Location:
trunk/Source/WebKit
Files:
11 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r247243 r247250  
     12019-07-08  Chris Dumez  <cdumez@apple.com>
     2
     3        Speculative fix for crashes under LocalStorageDatabaseTracker::databasePath()
     4        https://bugs.webkit.org/show_bug.cgi?id=199599
     5        <rdar://problem/31169686>
     6
     7        Reviewed by Ryosuke Niwa.
     8
     9        Speculative fix for crashes under LocalStorageDatabaseTracker::databasePath():
     10        - Add new localStorageDirectory() getter to LocalStorageDatabaseTracker which
     11          calls isolatedCopy() on m_localStorageDirectory before returning it.
     12          Use it everywhere instead of m_localStorageDirectory since it is not safe
     13          to use the same String from various threads like it was done.
     14        - Move localStorageDirectory when constructing the LocalStorageDatabaseTracker
     15          instead of copying it.
     16        - Make sure that LocalStorageDatabaseTracker and StorageManager are both
     17          constructed and destroyed on the main thread.
     18
     19        * NetworkProcess/NetworkSession.cpp:
     20        (WebKit::NetworkSession::NetworkSession):
     21        * NetworkProcess/NetworkSession.h:
     22        * NetworkProcess/WebStorage/LocalStorageDatabaseTracker.cpp:
     23        (WebKit::LocalStorageDatabaseTracker::create):
     24        (WebKit::LocalStorageDatabaseTracker::LocalStorageDatabaseTracker):
     25        (WebKit::LocalStorageDatabaseTracker::localStorageDirectory const):
     26        (WebKit::LocalStorageDatabaseTracker::~LocalStorageDatabaseTracker):
     27        (WebKit::LocalStorageDatabaseTracker::deleteAllDatabases):
     28        (WebKit::LocalStorageDatabaseTracker::origins const):
     29        (WebKit::LocalStorageDatabaseTracker::databasePath const):
     30        * NetworkProcess/WebStorage/LocalStorageDatabaseTracker.h:
     31        * NetworkProcess/WebStorage/StorageManager.cpp:
     32        (WebKit::StorageManager::create):
     33        (WebKit::StorageManager::StorageManager):
     34        (WebKit::StorageManager::~StorageManager):
     35        * NetworkProcess/WebStorage/StorageManager.h:
     36        * NetworkProcess/WebStorage/ios/LocalStorageDatabaseTrackerIOS.mm:
     37        (WebKit::LocalStorageDatabaseTracker::platformMaybeExcludeFromBackup const):
     38        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
     39        (WebKit::NetworkSessionCocoa::NetworkSessionCocoa):
     40        * NetworkProcess/curl/NetworkSessionCurl.cpp:
     41        (WebKit::NetworkSessionCurl::NetworkSessionCurl):
     42        * NetworkProcess/soup/NetworkSessionSoup.cpp:
     43        (WebKit::NetworkSessionSoup::NetworkSessionSoup):
     44
    1452019-07-08  Chris Dumez  <cdumez@apple.com>
    246

  • trunk/Source/WebKit/NetworkProcess/NetworkSession.cpp

    r246569 r247250  
    7878}
    7979
    80 NetworkSession::NetworkSession(NetworkProcess& networkProcess, PAL::SessionID sessionID, const String& localStorageDirectory, SandboxExtension::Handle& handle)
     80NetworkSession::NetworkSession(NetworkProcess& networkProcess, PAL::SessionID sessionID, String&& localStorageDirectory, SandboxExtension::Handle& handle)
    8181    : m_sessionID(sessionID)
    8282    , m_networkProcess(networkProcess)
    8383    , m_adClickAttribution(makeUniqueRef<AdClickAttributionManager>(sessionID))
    84     , m_storageManager(StorageManager::create(localStorageDirectory))
     84    , m_storageManager(StorageManager::create(WTFMove(localStorageDirectory)))
    8585{
    8686    SandboxExtension::consumePermanently(handle);

  • trunk/Source/WebKit/NetworkProcess/NetworkSession.h

    r246569 r247250  
    109109
    110110protected:
    111     NetworkSession(NetworkProcess&, PAL::SessionID, const String& localStorageDirectory, SandboxExtension::Handle&);
     111    NetworkSession(NetworkProcess&, PAL::SessionID, String&& localStorageDirectory, SandboxExtension::Handle&);
    112112
    113113    PAL::SessionID m_sessionID;

  • trunk/Source/WebKit/NetworkProcess/WebStorage/LocalStorageDatabaseTracker.cpp

    r245569 r247250  
    4040using namespace WebCore;
    4141
    42 Ref<LocalStorageDatabaseTracker> LocalStorageDatabaseTracker::create(Ref<WorkQueue>&& queue, const String& localStorageDirectory)
     42Ref<LocalStorageDatabaseTracker> LocalStorageDatabaseTracker::create(Ref<WorkQueue>&& queue, String&& localStorageDirectory)
    4343{
    44     return adoptRef(*new LocalStorageDatabaseTracker(WTFMove(queue), localStorageDirectory));
     44    return adoptRef(*new LocalStorageDatabaseTracker(WTFMove(queue), WTFMove(localStorageDirectory)));
    4545}
    4646
    47 LocalStorageDatabaseTracker::LocalStorageDatabaseTracker(Ref<WorkQueue>&& queue, const String& localStorageDirectory)
     47LocalStorageDatabaseTracker::LocalStorageDatabaseTracker(Ref<WorkQueue>&& queue, String&& localStorageDirectory)
    4848    : m_queue(WTFMove(queue))
    49     , m_localStorageDirectory(localStorageDirectory.isolatedCopy())
     49    , m_localStorageDirectory(WTFMove(localStorageDirectory))
    5050{
     51    ASSERT(RunLoop::isMain());
     52
    5153    // Make sure the encoding is initialized before we start dispatching things to the queue.
    5254    UTF8Encoding();
     
    5860}
    5961
     62String LocalStorageDatabaseTracker::localStorageDirectory() const
     63{
     64    return m_localStorageDirectory.isolatedCopy();
     65}
     66
    6067LocalStorageDatabaseTracker::~LocalStorageDatabaseTracker()
    6168{
     69    ASSERT(RunLoop::isMain());
    6270}
    6371
     
    8391void LocalStorageDatabaseTracker::deleteAllDatabases()
    8492{
    85     auto paths = FileSystem::listDirectory(m_localStorageDirectory, "*.localstorage");
     93    auto localStorageDirectory = this->localStorageDirectory();
     94    auto paths = FileSystem::listDirectory(localStorageDirectory, "*.localstorage");
    8695    for (const auto& path : paths) {
    8796        SQLiteFileSystem::deleteDatabaseFile(path);
     
    9099    }
    91100
    92     SQLiteFileSystem::deleteEmptyDatabaseDirectory(m_localStorageDirectory);
     101    SQLiteFileSystem::deleteEmptyDatabaseDirectory(localStorageDirectory);
    93102}
    94103
     
    115124{
    116125    Vector<SecurityOriginData> databaseOrigins;
    117     auto paths = FileSystem::listDirectory(m_localStorageDirectory, "*.localstorage");
     126    auto paths = FileSystem::listDirectory(localStorageDirectory(), "*.localstorage");
    118127   
    119128    for (const auto& path : paths) {
     
    151160String LocalStorageDatabaseTracker::databasePath(const String& filename) const
    152161{
    153     if (!SQLiteFileSystem::ensureDatabaseDirectoryExists(m_localStorageDirectory)) {
     162    auto localStorageDirectory = this->localStorageDirectory();
     163    if (!SQLiteFileSystem::ensureDatabaseDirectoryExists(localStorageDirectory)) {
    154164        if (!m_localStorageDirectory.isNull())
    155165            LOG_ERROR("Unable to create LocalStorage database path %s", m_localStorageDirectory.utf8().data());
     
    163173#endif
    164174
    165     return SQLiteFileSystem::appendDatabaseFileNameToPath(m_localStorageDirectory, filename);
     175    return SQLiteFileSystem::appendDatabaseFileNameToPath(localStorageDirectory, filename);
    166176}
    167177

  • trunk/Source/WebKit/NetworkProcess/WebStorage/LocalStorageDatabaseTracker.h

    r247092 r247250  
    3636namespace WebKit {
    3737
    38 class LocalStorageDatabaseTracker : public ThreadSafeRefCounted<LocalStorageDatabaseTracker> {
     38class LocalStorageDatabaseTracker : public ThreadSafeRefCounted<LocalStorageDatabaseTracker, WTF::DestructionThread::MainRunLoop> {
    3939public:
    40     static Ref<LocalStorageDatabaseTracker> create(Ref<WorkQueue>&&, const String& localStorageDirectory);
     40    static Ref<LocalStorageDatabaseTracker> create(Ref<WorkQueue>&&, String&& localStorageDirectory);
    4141    ~LocalStorageDatabaseTracker();
    4242
     
    6565
    6666private:
    67     LocalStorageDatabaseTracker(Ref<WorkQueue>&&, const String& localStorageDirectory);
     67    LocalStorageDatabaseTracker(Ref<WorkQueue>&&, String&& localStorageDirectory);
    6868
    6969    String databasePath(const String& filename) const;
     70    String localStorageDirectory() const;
    7071
    7172    enum DatabaseOpeningStrategy {
     
    7576
    7677    Ref<WorkQueue> m_queue;
    77     String m_localStorageDirectory;
     78   
     79    // It is not safe to use this member from a background thread, call localStorageDirectory() instead.
     80    const String m_localStorageDirectory;
    7881
    7982#if PLATFORM(IOS_FAMILY)

  • trunk/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp

    r247126 r247250  
    482482}
    483483
    484 Ref<StorageManager> StorageManager::create(const String& localStorageDirectory)
    485 {
    486     return adoptRef(*new StorageManager(localStorageDirectory));
    487 }
    488 
    489 StorageManager::StorageManager(const String& localStorageDirectory)
     484Ref<StorageManager> StorageManager::create(String&& localStorageDirectory)
     485{
     486    return adoptRef(*new StorageManager(WTFMove(localStorageDirectory)));
     487}
     488
     489StorageManager::StorageManager(String&& localStorageDirectory)
    490490    : m_queue(WorkQueue::create("com.apple.WebKit.StorageManager"))
    491491{
     492    ASSERT(RunLoop::isMain());
     493
    492494    // Make sure the encoding is initialized before we start dispatching things to the queue.
    493495    UTF8Encoding();
    494496    if (!localStorageDirectory.isNull())
    495         m_localStorageDatabaseTracker = LocalStorageDatabaseTracker::create(m_queue.copyRef(), localStorageDirectory);
     497        m_localStorageDatabaseTracker = LocalStorageDatabaseTracker::create(m_queue.copyRef(), WTFMove(localStorageDirectory));
    496498}
    497499
    498500StorageManager::~StorageManager()
    499501{
     502    ASSERT(RunLoop::isMain());
    500503}
    501504

  • trunk/Source/WebKit/NetworkProcess/WebStorage/StorageManager.h

    r247082 r247250  
    4646using GetValuesCallback = CompletionHandler<void(const HashMap<String, String>&)>;
    4747
    48 class StorageManager : public ThreadSafeRefCounted<StorageManager> {
     48class StorageManager : public ThreadSafeRefCounted<StorageManager, WTF::DestructionThread::MainRunLoop> {
    4949public:
    50     static Ref<StorageManager> create(const String& localStorageDirectory);
     50    static Ref<StorageManager> create(String&& localStorageDirectory);
    5151    ~StorageManager();
    5252
     
    7878
    7979private:
    80     explicit StorageManager(const String& localStorageDirectory);
     80    explicit StorageManager(String&& localStorageDirectory);
    8181
    8282    // Message handlers.

  • trunk/Source/WebKit/NetworkProcess/WebStorage/ios/LocalStorageDatabaseTrackerIOS.mm

    r245540 r247250  
    4141
    4242    if (linkedOnOrAfter(SDKVersion::FirstToExcludeLocalStorageFromBackup))
    43         [[NSURL fileURLWithPath:(NSString *)m_localStorageDirectory isDirectory:YES] setResourceValue:@YES forKey:NSURLIsExcludedFromBackupKey error:nil];
     43        [[NSURL fileURLWithPath:(NSString *)localStorageDirectory() isDirectory:YES] setResourceValue:@YES forKey:NSURLIsExcludedFromBackupKey error:nil];
    4444}
    4545

  • trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm

    r247095 r247250  
    925925
    926926NetworkSessionCocoa::NetworkSessionCocoa(NetworkProcess& networkProcess, NetworkSessionCreationParameters&& parameters)
    927     : NetworkSession(networkProcess, parameters.sessionID, parameters.localStorageDirectory, parameters.localStorageDirectoryExtensionHandle)
     927    : NetworkSession(networkProcess, parameters.sessionID, WTFMove(parameters.localStorageDirectory), parameters.localStorageDirectoryExtensionHandle)
    928928    , m_boundInterfaceIdentifier(parameters.boundInterfaceIdentifier)
    929929    , m_sourceApplicationBundleIdentifier(parameters.sourceApplicationBundleIdentifier)

  • trunk/Source/WebKit/NetworkProcess/curl/NetworkSessionCurl.cpp

    r246569 r247250  
    3939
    4040NetworkSessionCurl::NetworkSessionCurl(NetworkProcess& networkProcess, NetworkSessionCreationParameters&& parameters)
    41     : NetworkSession(networkProcess, parameters.sessionID, parameters.localStorageDirectory, parameters.localStorageDirectoryExtensionHandle)
     41    : NetworkSession(networkProcess, parameters.sessionID, WTFMove(parameters.localStorageDirectory), parameters.localStorageDirectoryExtensionHandle)
    4242{
    4343    if (!parameters.cookiePersistentStorageFile.isEmpty())

  • trunk/Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.cpp

    r246878 r247250  
    4141
    4242NetworkSessionSoup::NetworkSessionSoup(NetworkProcess& networkProcess, NetworkSessionCreationParameters&& parameters)
    43     : NetworkSession(networkProcess, parameters.sessionID, parameters.localStorageDirectory, parameters.localStorageDirectoryExtensionHandle)
     43    : NetworkSession(networkProcess, parameters.sessionID, WTFMove(parameters.localStorageDirectory), parameters.localStorageDirectoryExtensionHandle)
    4444{
    4545    networkStorageSession()->setCookieObserverHandler([this] {
Note: See TracChangeset for help on using the changeset viewer.