Bug 197390

Summary: Add assertion to check whether shm files have maximum FileProtection of CompleteUnlessOpen
Product: WebKit Reporter: Sihui Liu <sihui_liu>
Component: New BugsAssignee: Sihui Liu <sihui_liu>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, benjamin, cdumez, cgarcia, cmarcelo, commit-queue, dbates, ews-watchlist, ggaren, koivisto, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=222054
Attachments:
Description Flags
Patch none

Sihui Liu
Reported 2019-04-29 15:11:27 PDT
We have seen crashes where process gets killed because it tries accessing shm file after device is locked. We are suspecting this is because database protection class of shm file is set to be Complete by apps after it's created with lower protection level.
Attachments
Patch (13.18 KB, patch)
2019-04-29 15:29 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Sihui Liu
Comment 1 2019-04-29 15:15:08 PDT
<rdar://problem/42685773>
Sihui Liu
Comment 2 2019-04-29 15:29:23 PDT
Created attachment 368502 [details] Patch
Alex Christensen
Comment 3 2019-04-29 16:16:51 PDT
Comment on attachment 368502 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368502&action=review > Source/WebCore/platform/sql/SQLiteDatabase.cpp:154 > + RELEASE_ASSERT(FileSystem::isSafeToUseMemoryMapForPath(shmFileName)); Why not just call makeSafeToUseMemoryMapForPath?
Sihui Liu
Comment 4 2019-04-29 17:48:55 PDT
(In reply to Alex Christensen from comment #3) > Comment on attachment 368502 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=368502&action=review > > > Source/WebCore/platform/sql/SQLiteDatabase.cpp:154 > > + RELEASE_ASSERT(FileSystem::isSafeToUseMemoryMapForPath(shmFileName)); > > Why not just call makeSafeToUseMemoryMapForPath? If the crash is caused by the shm file being unsafe for mmap, we probably need change in sqlite instead of WebKit to ensure shm file is in correct protection class when the file is being used.
Geoffrey Garen
Comment 5 2019-05-02 13:23:43 PDT
Comment on attachment 368502 [details] Patch r=me
WebKit Commit Bot
Comment 6 2019-05-03 14:24:11 PDT
Comment on attachment 368502 [details] Patch Clearing flags on attachment: 368502 Committed r244921: <https://trac.webkit.org/changeset/244921>
WebKit Commit Bot
Comment 7 2019-05-03 14:24:13 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.