Changeset 275540 in webkit


Ignore:
Timestamp:
Apr 6, 2021 12:42:13 PM (3 years ago)
Author:
commit-queue@webkit.org
Message:

Hold strong reference to xpc_connection_t in XPCServiceEventHandler
https://bugs.webkit.org/show_bug.cgi?id=224242
<rdar://74308418>

Patch by Alex Christensen <achristensen@webkit.org> on 2021-04-06
Reviewed by David Kilzer.

There is a reasonable chance that by the time we get to the block of xpc_connection_set_event_handler
and back through WorkQueue::main().dispatchSync the xpc_connection_t has been freed.

Also, the adoption in each entry points was incorrect, causing a late overrelease when tearing down the process.
It was incorrect because we did not just create the connection or get it from any NS_RETURNS_RETAINED-like function.
It was causing rare crashes once everything else had released their hold on the connection.

  • GPUProcess/EntryPoint/Cocoa/XPCService/GPUServiceEntryPoint.mm:

(GPU_SERVICE_INITIALIZER):

  • NetworkProcess/EntryPoint/Cocoa/XPCService/NetworkServiceEntryPoint.mm:

(NETWORK_SERVICE_INITIALIZER):

  • PluginProcess/EntryPoint/Cocoa/XPCService/PluginServiceEntryPoint.mm:

(PLUGIN_SERVICE_INITIALIZER):

  • Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:

(WebKit::XPCServiceEventHandler):

  • WebAuthnProcess/EntryPoint/Cocoa/XPCService/WebAuthnServiceEntryPoint.mm:

(WEBAUTHN_SERVICE_INITIALIZER):

  • WebProcess/EntryPoint/Cocoa/XPCService/WebContentServiceEntryPoint.mm:

(WEBCONTENT_SERVICE_INITIALIZER):

Location:
trunk/Source/WebKit
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r275539 r275540  
     12021-04-06  Alex Christensen  <achristensen@webkit.org>
     2
     3        Hold strong reference to xpc_connection_t in XPCServiceEventHandler
     4        https://bugs.webkit.org/show_bug.cgi?id=224242
     5        <rdar://74308418>
     6
     7        Reviewed by David Kilzer.
     8
     9        There is a reasonable chance that by the time we get to the block of xpc_connection_set_event_handler
     10        and back through WorkQueue::main().dispatchSync the xpc_connection_t has been freed.
     11
     12        Also, the adoption in each entry points was incorrect, causing a late overrelease when tearing down the process.
     13        It was incorrect because we did not just create the connection or get it from any NS_RETURNS_RETAINED-like function.
     14        It was causing rare crashes once everything else had released their hold on the connection.
     15
     16        * GPUProcess/EntryPoint/Cocoa/XPCService/GPUServiceEntryPoint.mm:
     17        (GPU_SERVICE_INITIALIZER):
     18        * NetworkProcess/EntryPoint/Cocoa/XPCService/NetworkServiceEntryPoint.mm:
     19        (NETWORK_SERVICE_INITIALIZER):
     20        * PluginProcess/EntryPoint/Cocoa/XPCService/PluginServiceEntryPoint.mm:
     21        (PLUGIN_SERVICE_INITIALIZER):
     22        * Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:
     23        (WebKit::XPCServiceEventHandler):
     24        * WebAuthnProcess/EntryPoint/Cocoa/XPCService/WebAuthnServiceEntryPoint.mm:
     25        (WEBAUTHN_SERVICE_INITIALIZER):
     26        * WebProcess/EntryPoint/Cocoa/XPCService/WebContentServiceEntryPoint.mm:
     27        (WEBCONTENT_SERVICE_INITIALIZER):
     28
    1292021-04-06  Brent Fulgham  <bfulgham@apple.com>
    230

  • trunk/Source/WebKit/GPUProcess/EntryPoint/Cocoa/XPCService/GPUServiceEntryPoint.mm

    r253098 r275540  
    6060
    6161#if ENABLE(GPU_PROCESS)
    62     WebKit::XPCServiceInitializer<WebKit::GPUProcess, WebKit::GPUServiceInitializerDelegate>(adoptOSObject(connection), initializerMessage, priorityBoostMessage);
     62    WebKit::XPCServiceInitializer<WebKit::GPUProcess, WebKit::GPUServiceInitializerDelegate>(connection, initializerMessage, priorityBoostMessage);
    6363#endif // ENABLE(GPU_PROCESS)
    6464}

  • trunk/Source/WebKit/NetworkProcess/EntryPoint/Cocoa/XPCService/NetworkServiceEntryPoint.mm

    r269788 r275540  
    5656{
    5757    WTF::initializeMainThread();
    58     XPCServiceInitializer<NetworkProcess, NetworkServiceInitializerDelegate>(adoptOSObject(connection), initializerMessage, priorityBoostMessage);
     58    XPCServiceInitializer<NetworkProcess, NetworkServiceInitializerDelegate>(connection, initializerMessage, priorityBoostMessage);
    5959}

  • trunk/Source/WebKit/PluginProcess/EntryPoint/Cocoa/XPCService/PluginServiceEntryPoint.mm

    r252083 r275540  
    8282    // spawned by the PluginProcess don't try to insert the shim and crash.
    8383    EnvironmentUtilities::removeValuesEndingWith("DYLD_INSERT_LIBRARIES", "/PluginProcessShim.dylib");
    84     XPCServiceInitializer<PluginProcess, PluginServiceInitializerDelegate>(adoptOSObject(connection), initializerMessage, priorityBoostMessage);
     84    XPCServiceInitializer<PluginProcess, PluginServiceInitializerDelegate>(connection, initializerMessage, priorityBoostMessage);
    8585#endif // ENABLE(NETSCAPE_PLUGIN_API)
    8686}

  • trunk/Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm

    r275367 r275540  
    6565    static NeverDestroyed<OSObjectPtr<xpc_object_t>> priorityBoostMessage;
    6666
     67    OSObjectPtr<xpc_connection_t> retainedPeerConnection(peer);
     68
    6769    xpc_connection_set_target_queue(peer, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0));
    6870    xpc_connection_set_event_handler(peer, ^(xpc_object_t event) {
     
    118120                    dup2(fd, STDERR_FILENO);
    119121
    120                 WorkQueue::main().dispatchSync([&] {
    121                     initializerFunctionPtr(peer, event, priorityBoostMessage.get().get());
     122                WorkQueue::main().dispatchSync([initializerFunctionPtr, event = OSObjectPtr<xpc_object_t>(event), retainedPeerConnection] {
     123                    initializerFunctionPtr(retainedPeerConnection.get(), event.get(), priorityBoostMessage.get().get());
    122124
    123125                    setAppleLanguagesPreference();

  • trunk/Source/WebKit/WebAuthnProcess/EntryPoint/Cocoa/XPCService/WebAuthnServiceEntryPoint.mm

    r268605 r275540  
    6060
    6161#if ENABLE(WEB_AUTHN)
    62     WebKit::XPCServiceInitializer<WebKit::WebAuthnProcess, WebKit::WebAuthnServiceInitializerDelegate>(adoptOSObject(connection), initializerMessage, priorityBoostMessage);
     62    WebKit::XPCServiceInitializer<WebKit::WebAuthnProcess, WebKit::WebAuthnServiceInitializerDelegate>(connection, initializerMessage, priorityBoostMessage);
    6363#endif // ENABLE(WEB_AUTHN)
    6464}

  • trunk/Source/WebKit/WebProcess/EntryPoint/Cocoa/XPCService/WebContentServiceEntryPoint.mm

    r252083 r275540  
    5151#endif // PLATFORM(IOS_FAMILY)
    5252
    53     WebKit::XPCServiceInitializer<WebKit::WebProcess, WebKit::XPCServiceInitializerDelegate>(adoptOSObject(connection), initializerMessage, priorityBoostMessage);
     53    WebKit::XPCServiceInitializer<WebKit::WebProcess, WebKit::XPCServiceInitializerDelegate>(connection, initializerMessage, priorityBoostMessage);
    5454}
Note: See TracChangeset for help on using the changeset viewer.