Bug 184216

Summary: Make SecurityOrigin safe to create and use from any thread
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebCore Misc.Assignee: Chris Dumez <cdumez>
Severity: Normal CC: commit-queue, darin, dbates, ews-watchlist, mkwst, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Description Flags
Patch none

Description Chris Dumez 2018-03-31 19:09:53 PDT
It turns out that we have code constructing and using SecurityOrigin objects from non-main threads. This is currently unsafe, mostly because of SecurityOrigin's reliance on the SchemeRegistry.

Note that it will be safe to:
- Construct a SecurityOrigin from any thread A and use that origin later on same thread A

It will not be safe to:
- Pass a SecurityOrigin to another thread without calling isolatedCopy().
Comment 1 Chris Dumez 2018-03-31 20:32:27 PDT
Created attachment 336950 [details]
Comment 2 Chris Dumez 2018-03-31 21:37:24 PDT
Created attachment 336951 [details]
Comment 3 youenn fablet 2018-04-02 20:21:15 PDT
Comment on attachment 336951 [details]

I wonder whether we should not be making more SchemeRegistry thread safe.
All the methods only used by Document/DocumentLoader seem fine to me.
I am less sure of the Database one but probably it is and will remain safe?

Out of pure curiosity, it seems that we are really locking for write but maybe we could allow multiple read in parallel?
Especially since we barely touch Schemes.

View in context: https://bugs.webkit.org/attachment.cgi?id=336951&action=review

> Source/WebCore/platform/SchemeRegistry.cpp:497
>  {

Ideally these registerXX should take a String&& since most of the time, they are called from IPC that can provide String&&
Comment 4 WebKit Commit Bot 2018-04-03 09:26:52 PDT
Comment on attachment 336951 [details]

Clearing flags on attachment: 336951

Committed r230205: <https://trac.webkit.org/changeset/230205>
Comment 5 WebKit Commit Bot 2018-04-03 09:26:54 PDT
All reviewed patches have been landed.  Closing bug.
Comment 6 Radar WebKit Bug Importer 2018-04-03 09:31:27 PDT