Changeset 64398 in webkit

Timestamp:

Jul 30, 2010 7:22:16 PM (14 years ago)

Author:

Joseph Pecoraro

Message:

2010-07-30 Joseph Pecoraro <Joseph Pecoraro>

Reviewed by David Kilzer.

Limit ApplicationCache Total and Per-Origin Storage Capacity (Quotas)
​https://bugs.webkit.org/show_bug.cgi?id=40627

Part 2 - Update Schema and enforce Per-Origin Quotas

Added an "Origins" table to the application cache databases.
This, like the Database's Origins table, is a list of origin
and quota pairs. Origins records are added as soon as they are
needed, and deleted only when the ApplicationCacheStorage is
emptied. This means Origins records persist even after all
caches for that origin may be deleted. The "CacheGroups" table
now has a foreign key column "origin" which relates to the
"Origins" table.

To enforce the quotas, remaining quota space is checked at
the start of update as an estimate and at the end before
inserting. Currently, reaching the quota limit will simply
cause an update error. A later part will provide a
notification to the client to allow an action, and refactor
the final quota limit check into a transaction.

Respect the quota during the update process. And cause
the update process to fail when the quota is reached.

• loader/appcache/ApplicationCacheGroup.cpp: added loading counter, counts bytes as they load (WebCore::ApplicationCacheGroup::ApplicationCacheGroup): (WebCore::ApplicationCacheGroup::didReceiveData): (WebCore::ApplicationCacheGroup::didFinishLoading): (WebCore::ApplicationCacheGroup::checkIfLoadIsComplete):
• loader/appcache/ApplicationCacheGroup.h: added security origin, based on the manifest URL (WebCore::ApplicationCacheGroup::origin): accessor

Updates the schema of the database tables as described
above. Handle other SQL operations such as checking the
remaining space and inserting and deleting Origins records.

• loader/appcache/ApplicationCacheStorage.cpp: (WebCore::ApplicationCacheStorage::quotaForOrigin): query for the quota of an origin, may return the default origin quota if it didn't exist. (WebCore::ApplicationCacheStorage::remainingSizeForOriginExcludingCache): calculate the remaining size in a quota for an origin, possibly excluding a cache. (WebCore::ApplicationCacheStorage::storeUpdatedQuotaForOrigin): persistent update. (WebCore::ApplicationCacheStorage::openDatabase): updated schema for CachesGroups, added new table Origins. (WebCore::ApplicationCacheStorage::empty): wipe Origins table as well. (WebCore::ApplicationCacheStorage::unknownQuota): constant to mean unknown quota

Location:

trunk/WebCore

Files:

• ChangeLog (modified) (1 diff)
• loader/appcache/ApplicationCacheGroup.cpp (modified) (7 diffs)
• loader/appcache/ApplicationCacheGroup.h (modified) (7 diffs)
• loader/appcache/ApplicationCacheStorage.cpp (modified) (9 diffs)
• loader/appcache/ApplicationCacheStorage.h (modified) (4 diffs)

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-07-30  Joseph Pecoraro  <joepeck@webkit.org>
+
+        Reviewed by David Kilzer.
+
+        Limit ApplicationCache Total and Per-Origin Storage Capacity (Quotas)
+        https://bugs.webkit.org/show_bug.cgi?id=40627
+
+        Part 2 - Update Schema and enforce Per-Origin Quotas
+
+        Added an "Origins" table to the application cache databases.
+        This, like the Database's Origins table, is a list of origin
+        and quota pairs. Origins records are added as soon as they are
+        needed, and deleted only when the ApplicationCacheStorage is
+        emptied. This means Origins records persist even after all
+        caches for that origin may be deleted. The "CacheGroups" table
+        now has a foreign key column "origin" which relates to the
+        "Origins" table.
+
+        To enforce the quotas, remaining quota space is checked at
+        the start of update as an estimate and at the end before
+        inserting. Currently, reaching the quota limit will simply
+        cause an update error. A later part will provide a
+        notification to the client to allow an action, and refactor
+        the final quota limit check into a transaction.
+
+          Respect the quota during the update process. And cause
+          the update process to fail when the quota is reached.
+
+        * loader/appcache/ApplicationCacheGroup.cpp: added loading counter, counts bytes as they load
+        (WebCore::ApplicationCacheGroup::ApplicationCacheGroup):
+        (WebCore::ApplicationCacheGroup::didReceiveData):
+        (WebCore::ApplicationCacheGroup::didFinishLoading):
+        (WebCore::ApplicationCacheGroup::checkIfLoadIsComplete):
+        * loader/appcache/ApplicationCacheGroup.h: added security origin, based on the manifest URL
+        (WebCore::ApplicationCacheGroup::origin): accessor
+
+          Updates the schema of the database tables as described
+          above. Handle other SQL operations such as checking the
+          remaining space and inserting and deleting Origins records.
+
+        * loader/appcache/ApplicationCacheStorage.cpp:
+        (WebCore::ApplicationCacheStorage::quotaForOrigin): query for the quota of an origin, may return the default origin quota if it didn't exist.
+        (WebCore::ApplicationCacheStorage::remainingSizeForOriginExcludingCache): calculate the remaining size in a quota for an origin, possibly excluding a cache.
+        (WebCore::ApplicationCacheStorage::storeUpdatedQuotaForOrigin): persistent update.
+        (WebCore::ApplicationCacheStorage::openDatabase): updated schema for CachesGroups, added new table Origins.
+        (WebCore::ApplicationCacheStorage::empty): wipe Origins table as well.
+        (WebCore::ApplicationCacheStorage::unknownQuota): constant to mean unknown quota
+
 2010-07-30  Joseph Pecoraro  <joepeck@webkit.org>
 

trunk/WebCore/loader/appcache/ApplicationCacheGroup.cpp

@@ -43 +43 @@
 #include "ManifestParser.h"
 #include "Page.h"
+#include "SecurityOrigin.h"
 #include "Settings.h"
 #include <wtf/HashMap.h>
@@ -58 +59 @@
 ApplicationCacheGroup::ApplicationCacheGroup(const KURL& manifestURL, bool isCopy)
     : m_manifestURL(manifestURL)
+    , m_origin(SecurityOrigin::create(manifestURL))
     , m_updateStatus(Idle)
     , m_downloadingPendingMasterResourceLoadersCount(0)
@@ -68 +70 @@
     , m_isCopy(isCopy)
     , m_calledReachedMaxAppCacheSize(false)
+    , m_loadedSize(0)
+    , m_availableSpaceInQuota(ApplicationCacheStorage::unknownQuota())
 {
 }
@@ -593 +597 @@
     ASSERT(m_currentResource);
     m_currentResource->data()->append(data, length);
+
+    m_loadedSize += length;
 }
 
@@ -606 +612 @@
         return;
     }
- 
+
+    // After finishing the loading of any resource, we check if it will
+    // fit in our last known quota limit.
+    if (m_availableSpaceInQuota == ApplicationCacheStorage::unknownQuota()) {
+        // Failed to determine what is left in the quota. Fallback to allowing anything.
+        if (!cacheStorage().remainingSizeForOriginExcludingCache(m_origin.get(), m_newestCache.get(), m_availableSpaceInQuota))
+            m_availableSpaceInQuota = ApplicationCacheStorage::noQuota();
+    }
+
+    // Check each resource, as it loads, to see if it would fit in our
+    // idea of the available quota space.
+    if (m_availableSpaceInQuota < m_loadedSize) {
+        m_currentResource = 0;
+        cacheUpdateFailed();
+        return;
+    }
+
     ASSERT(m_currentHandle == handle);
     ASSERT(m_pendingEntries.contains(handle->firstRequest().url()));
@@ -860 +882 @@
 
         RefPtr<ApplicationCache> oldNewestCache = (m_newestCache == m_cacheBeingUpdated) ? 0 : m_newestCache;
+
+        // Check one more time, before committing to the new cache, if the cache will fit in the quota.
+        int64_t remainingSpaceInOrigin;
+        if (cacheStorage().remainingSizeForOriginExcludingCache(m_origin.get(), oldNewestCache.get(), remainingSpaceInOrigin)) {
+            if (m_cacheBeingUpdated->estimatedSizeInStorage() > remainingSpaceInOrigin) {
+                cacheUpdateFailed();
+                break;
+            }
+        }
 
         setNewestCache(m_cacheBeingUpdated.release());
@@ -923 +954 @@
     setUpdateStatus(Idle);
     m_frame = 0;
+    m_loadedSize = 0;
+    m_availableSpaceInQuota = ApplicationCacheStorage::unknownQuota();
     m_calledReachedMaxAppCacheSize = false;
 }

trunk/WebCore/loader/appcache/ApplicationCacheGroup.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2009, 2010 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -29 +29 @@
 #if ENABLE(OFFLINE_WEB_APPLICATIONS)
 
-#include <wtf/Noncopyable.h>
-#include <wtf/HashMap.h>
-#include <wtf/HashSet.h>
-
 #include "DOMApplicationCache.h"
 #include "KURL.h"
@@ -40 +36 @@
 #include "SharedBuffer.h"
 
+#include <wtf/Noncopyable.h>
+#include <wtf/HashMap.h>
+#include <wtf/HashSet.h>
+
 namespace WebCore {
 
@@ -47 +47 @@
 class DocumentLoader;
 class Frame;
+class SecurityOrigin;
 
 enum ApplicationCacheUpdateOption {
@@ -67 +68 @@
     
     const KURL& manifestURL() const { return m_manifestURL; }
+    const SecurityOrigin* origin() const { return m_origin.get(); }
     UpdateStatus updateStatus() const { return m_updateStatus; }
     void setUpdateStatus(UpdateStatus status);
@@ -132 +134 @@
     
     KURL m_manifestURL;
+    RefPtr<SecurityOrigin> m_origin;
     UpdateStatus m_updateStatus;
     
@@ -195 +198 @@
     RefPtr<ResourceHandle> m_manifestHandle;
 
+    int64_t m_loadedSize;
+    int64_t m_availableSpaceInQuota;
+
     friend class ChromeClientCallbackTimer;
 };

trunk/WebCore/loader/appcache/ApplicationCacheStorage.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2009, 2010 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30 +30 @@
 
 #include "ApplicationCache.h"
+#include "ApplicationCacheGroup.h"
 #include "ApplicationCacheHost.h"
-#include "ApplicationCacheGroup.h"
 #include "ApplicationCacheResource.h"
 #include "FileSystem.h"
@@ -37 +37 @@
 #include "SQLiteStatement.h"
 #include "SQLiteTransaction.h"
+#include "SecurityOrigin.h"
 #include <wtf/text/CString.h>
 #include <wtf/StdLibExtras.h>
@@ -420 +421 @@
 }
 
+bool ApplicationCacheStorage::quotaForOrigin(const SecurityOrigin* origin, int64_t& quota)
+{
+    // If an Origin record doesn't exist, then the COUNT will be 0 and quota will be 0.
+    // Using the count to determine if a record existed or not is a safe way to determine
+    // if a quota of 0 is real, from the record, or from null.
+    SQLiteStatement statement(m_database, "SELECT COUNT(quota), quota FROM Origins WHERE origin=?");
+    if (statement.prepare() != SQLResultOk)
+        return false;
+
+    statement.bindText(1, origin->databaseIdentifier());
+    int result = statement.step();
+
+    // Return the quota, or if it was null the default.
+    if (result == SQLResultRow) {
+        bool wasNoRecord = statement.getColumnInt64(0) == 0;
+        quota = wasNoRecord ? m_defaultOriginQuota : statement.getColumnInt64(1);
+        return true;
+    }
+
+    LOG_ERROR("Could not get the quota of an origin, error \"%s\"", m_database.lastErrorMsg());
+    return false;
+}
+
+bool ApplicationCacheStorage::remainingSizeForOriginExcludingCache(const SecurityOrigin* origin, ApplicationCache* cache, int64_t& remainingSize)
+{
+    openDatabase(false);
+    if (!m_database.isOpen())
+        return false;
+
+    // Remaining size = total origin quota - size of all caches with origin excluding the provided cache.
+    // Keep track of the number of caches so we can tell if the result was a calculation or not.
+    const char* query;
+    int64_t excludingCacheIdentifier = cache ? cache->storageID() : 0;
+    if (excludingCacheIdentifier != 0) {
+        query = "SELECT COUNT(Caches.size), Origins.quota - SUM(Caches.size)"
+                "  FROM CacheGroups"
+                " INNER JOIN Origins ON CacheGroups.origin = Origins.origin"
+                " INNER JOIN Caches ON CacheGroups.id = Caches.cacheGroup"
+                " WHERE Origins.origin=?"
+                "   AND Caches.id!=?";
+    } else {
+        query = "SELECT COUNT(Caches.size), Origins.quota - SUM(Caches.size)"
+                "  FROM CacheGroups"
+                " INNER JOIN Origins ON CacheGroups.origin = Origins.origin"
+                " INNER JOIN Caches ON CacheGroups.id = Caches.cacheGroup"
+                " WHERE Origins.origin=?";
+    }
+
+    SQLiteStatement statement(m_database, query);
+    if (statement.prepare() != SQLResultOk)
+        return false;
+
+    statement.bindText(1, origin->databaseIdentifier());
+    if (excludingCacheIdentifier != 0)
+        statement.bindInt64(2, excludingCacheIdentifier);
+    int result = statement.step();
+
+    // If the count was 0 that then we have to query the origin table directly
+    // for its quota. Otherwise we can use the calculated value.
+    if (result == SQLResultRow) {
+        int64_t numberOfCaches = statement.getColumnInt64(0);
+        if (numberOfCaches == 0)
+            quotaForOrigin(origin, remainingSize);
+        else
+            remainingSize = statement.getColumnInt64(1);
+        return true;
+    }
+
+    LOG_ERROR("Could not get the remaining size of an origin's quota, error \"%s\"", m_database.lastErrorMsg());
+    return false;
+}
+
+bool ApplicationCacheStorage::storeUpdatedQuotaForOrigin(const SecurityOrigin* origin, int64_t quota)
+{
+    openDatabase(false);
+    if (!m_database.isOpen())
+        return false;
+
+    SQLiteStatement updateStatement(m_database, "UPDATE Origins SET quota=? WHERE origin=?");
+    if (updateStatement.prepare() != SQLResultOk)
+        return false;
+
+    updateStatement.bindInt64(1, quota);
+    updateStatement.bindText(2, origin->databaseIdentifier());
+
+    return executeStatement(updateStatement);
+}
+
 bool ApplicationCacheStorage::executeSQLCommand(const String& sql)
 {
@@ -432 +521 @@
 }
 
-static const int schemaVersion = 5;
+// Update the schemaVersion when the schema of any the Application Cache
+// SQLite tables changes. This allows the database to be rebuilt when
+// a new, incompatible change has been introduced to the database schema.
+static const int schemaVersion = 6;
     
 void ApplicationCacheStorage::verifySchemaVersion()
@@ -481 +573 @@
     // Create tables
     executeSQLCommand("CREATE TABLE IF NOT EXISTS CacheGroups (id INTEGER PRIMARY KEY AUTOINCREMENT, "
-                      "manifestHostHash INTEGER NOT NULL ON CONFLICT FAIL, manifestURL TEXT UNIQUE ON CONFLICT FAIL, newestCache INTEGER)");
+                      "manifestHostHash INTEGER NOT NULL ON CONFLICT FAIL, manifestURL TEXT UNIQUE ON CONFLICT FAIL, newestCache INTEGER, origin TEXT)");
     executeSQLCommand("CREATE TABLE IF NOT EXISTS Caches (id INTEGER PRIMARY KEY AUTOINCREMENT, cacheGroup INTEGER, size INTEGER)");
     executeSQLCommand("CREATE TABLE IF NOT EXISTS CacheWhitelistURLs (url TEXT NOT NULL ON CONFLICT FAIL, cache INTEGER NOT NULL ON CONFLICT FAIL)");
@@ -491 +583 @@
                       "statusCode INTEGER NOT NULL, responseURL TEXT NOT NULL, mimeType TEXT, textEncodingName TEXT, headers TEXT, data INTEGER NOT NULL ON CONFLICT FAIL)");
     executeSQLCommand("CREATE TABLE IF NOT EXISTS CacheResourceData (id INTEGER PRIMARY KEY AUTOINCREMENT, data BLOB)");
+    executeSQLCommand("CREATE TABLE IF NOT EXISTS Origins (origin TEXT UNIQUE ON CONFLICT IGNORE, quota INTEGER NOT NULL ON CONFLICT FAIL)");
 
     // When a cache is deleted, all its entries and its whitelist should be deleted.
@@ -529 +622 @@
     ASSERT(journal);
 
-    SQLiteStatement statement(m_database, "INSERT INTO CacheGroups (manifestHostHash, manifestURL) VALUES (?, ?)");
+    SQLiteStatement statement(m_database, "INSERT INTO CacheGroups (manifestHostHash, manifestURL, origin) VALUES (?, ?, ?)");
     if (statement.prepare() != SQLResultOk)
         return false;
+
+    String originIdentifier = group->origin()->databaseIdentifier();
 
     statement.bindInt64(1, urlHostHash(group->manifestURL()));
     statement.bindText(2, group->manifestURL());
+    statement.bindText(3, originIdentifier);
 
     if (!executeStatement(statement))
         return false;
+
+    // Create Origin if needed.
+    {
+        SQLiteStatement insertOriginStatement(m_database, "INSERT INTO Origins (origin, quota) VALUES (?, ?)");
+        if (insertOriginStatement.prepare() != SQLResultOk)
+            return false;
+
+        insertOriginStatement.bindText(1, originIdentifier);
+        insertOriginStatement.bindInt64(2, m_defaultOriginQuota);
+        if (!executeStatement(insertOriginStatement))
+            return false;
+    }
 
     group->setStorageID(static_cast<unsigned>(m_database.lastInsertRowID()));
@@ -970 +1078 @@
         return;
     
-    // Clear cache groups, caches and cache resources.
+    // Clear cache groups, caches, cache resources, and origins.
     executeSQLCommand("DELETE FROM CacheGroups");
     executeSQLCommand("DELETE FROM Caches");
+    executeSQLCommand("DELETE FROM Origins");
     
     // Clear the storage IDs for the caches in memory.

trunk/WebCore/loader/appcache/ApplicationCacheStorage.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2010 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -38 +38 @@
 
 class ApplicationCache;
+class ApplicationCacheGroup;
 class ApplicationCacheHost;
-class ApplicationCacheGroup;
 class ApplicationCacheResource;
 class KURL;
 template <class T>
 class StorageIDJournal;
+class SecurityOrigin;
 
 class ApplicationCacheStorage : public Noncopyable {
@@ -57 +58 @@
     int64_t defaultOriginQuota() const { return m_defaultOriginQuota; }
     void setDefaultOriginQuota(int64_t quota);
+    bool quotaForOrigin(const SecurityOrigin*, int64_t& quota);
+    bool remainingSizeForOriginExcludingCache(const SecurityOrigin*, ApplicationCache*, int64_t& remainingSize);
+    bool storeUpdatedQuotaForOrigin(const SecurityOrigin*, int64_t quota);
 
     ApplicationCacheGroup* cacheGroupForURL(const KURL&); // Cache to load a main resource from.
@@ -81 +85 @@
     void vacuumDatabaseFile();
 
+    static int64_t unknownQuota() { return -1; }
     static int64_t noQuota() { return std::numeric_limits<int64_t>::max(); }
 private: