Bug 204460

Summary:

Null check callback in NetworkConnectionToWebProcess::didDeliverMessagePortMessages

Product:

WebKit

Reporter:

Alex Christensen <achristensen>

Component:

New Bugs

Assignee:

Alex Christensen <achristensen>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

cdumez, mjs, webkit-bug-importer, youennf

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	cdumez: review+

Alex Christensen

Reported 2019-11-21 10:55:55 PST

Null check callback in NetworkConnectionToWebProcess::didDeliverMessagePortMessages

Attachments
Patch (1.54 KB, patch) 2019-11-21 10:56 PST, Alex Christensen	no flags	Details Formatted Diff Diff
Patch (2.08 KB, patch) 2019-11-22 12:46 PST, Alex Christensen	no flags	Details Formatted Diff Diff
Patch (2.00 KB, patch) 2019-11-22 14:54 PST, Alex Christensen	cdumez: review+	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Alex Christensen

Comment 1 2019-11-21 10:56:38 PST

Created attachment 384072 [details] Patch

Maciej Stachowiak

Comment 2 2019-11-21 12:17:04 PST

Comment on attachment 384072 [details] Patch Do we understand why the callback can be null here?

Chris Dumez

Comment 3 2019-11-21 12:18:28 PST

Comment on attachment 384072 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=384072&action=review > Source/WebKit/ChangeLog:5 > + <rdar://57448618> This does not look like a valid radar number?

Chris Dumez

Comment 4 2019-11-21 12:21:06 PST

Comment on attachment 384072 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=384072&action=review > Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:992 > + if (auto callback = m_messageBatchDeliveryCompletionHandlers.take(messageBatchIdentifier)) This should not be possible in theory, I think we need to find the root cause. m_messageBatchDeliveryCompletionHandlers is only modified here and in takeAllMessagesForPort(). So either we're getting an unexpected didDeliverMessagePortMessages or the NetworkConnectionToWebProcess is stale.

Chris Dumez

Comment 5 2019-11-21 12:23:59 PST

Comment on attachment 384072 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=384072&action=review >> Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:992 >> + if (auto callback = m_messageBatchDeliveryCompletionHandlers.take(messageBatchIdentifier)) > > This should not be possible in theory, I think we need to find the root cause. > > m_messageBatchDeliveryCompletionHandlers is only modified here and in takeAllMessagesForPort(). So either we're getting an unexpected didDeliverMessagePortMessages or the NetworkConnectionToWebProcess is stale. Maybe if the network process crashes in between the takeAllMessagesForPort() call and the didDeliverMessagePortMessages() one? Then it'd be a new NetworkConnectionToWebProcess. The WebProcess would send the DidDeliverMessagePortMessages IPC to the new network process, which does not know about the takeAllMessagesForPort request.

Chris Dumez

Comment 6 2019-11-21 12:24:41 PST

(In reply to Chris Dumez from comment #5) > Comment on attachment 384072 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=384072&action=review > > >> Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:992 > >> + if (auto callback = m_messageBatchDeliveryCompletionHandlers.take(messageBatchIdentifier)) > > > > This should not be possible in theory, I think we need to find the root cause. > > > > m_messageBatchDeliveryCompletionHandlers is only modified here and in takeAllMessagesForPort(). So either we're getting an unexpected didDeliverMessagePortMessages or the NetworkConnectionToWebProcess is stale. > > Maybe if the network process crashes in between the takeAllMessagesForPort() > call and the didDeliverMessagePortMessages() one? Then it'd be a new > NetworkConnectionToWebProcess. The WebProcess would send the > DidDeliverMessagePortMessages IPC to the new network process, which does not > know about the takeAllMessagesForPort request. If that's what's doing on, it may be possible to write a test for this.

Alex Christensen

Comment 7 2019-11-22 11:35:15 PST

Comment on attachment 384072 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=384072&action=review >> Source/WebKit/ChangeLog:5 >> + <rdar://57448618> > > This does not look like a valid radar number? I have no idea where that came from. Should be rdar://problem/57348618 and will update. >>>> Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:992 >>>> + if (auto callback = m_messageBatchDeliveryCompletionHandlers.take(messageBatchIdentifier)) >>> >>> This should not be possible in theory, I think we need to find the root cause. >>> >>> m_messageBatchDeliveryCompletionHandlers is only modified here and in takeAllMessagesForPort(). So either we're getting an unexpected didDeliverMessagePortMessages or the NetworkConnectionToWebProcess is stale. >> >> Maybe if the network process crashes in between the takeAllMessagesForPort() call and the didDeliverMessagePortMessages() one? Then it'd be a new NetworkConnectionToWebProcess. The WebProcess would send the DidDeliverMessagePortMessages IPC to the new network process, which does not know about the takeAllMessagesForPort request. > > If that's what's doing on, it may be possible to write a test for this. I think that's what's going on and that was mentioned in https://bugs.webkit.org/show_bug.cgi?id=201299#c4 , but there doesn't seem to be a good way to call _terminateNetworkProcess exactly between these two calls.

Chris Dumez

Comment 8 2019-11-22 11:59:33 PST

Comment on attachment 384072 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=384072&action=review >>>>> Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:992 >>>>> + if (auto callback = m_messageBatchDeliveryCompletionHandlers.take(messageBatchIdentifier)) >>>> >>>> This should not be possible in theory, I think we need to find the root cause. >>>> >>>> m_messageBatchDeliveryCompletionHandlers is only modified here and in takeAllMessagesForPort(). So either we're getting an unexpected didDeliverMessagePortMessages or the NetworkConnectionToWebProcess is stale. >>> >>> Maybe if the network process crashes in between the takeAllMessagesForPort() call and the didDeliverMessagePortMessages() one? Then it'd be a new NetworkConnectionToWebProcess. The WebProcess would send the DidDeliverMessagePortMessages IPC to the new network process, which does not know about the takeAllMessagesForPort request. >> >> If that's what's doing on, it may be possible to write a test for this. > > I think that's what's going on and that was mentioned in https://bugs.webkit.org/show_bug.cgi?id=201299#c4 , but there doesn't seem to be a good way to call _terminateNetworkProcess exactly between these two calls. Then the ChangeLog should state so. Also maybe a comment in the code indicating why this can happen.

Alex Christensen

Comment 9 2019-11-22 12:46:15 PST

Created attachment 384185 [details] Patch

Chris Dumez

Comment 10 2019-11-22 14:53:13 PST

Comment on attachment 384185 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=384185&action=review > Source/WebKit/ChangeLog:10 > + a web process may have an identifier that becomes stale. In this case, we should not crsah again. Typo: crash > Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:1001 > + ASSERT_NOT_REACHED(); Since we know this can happen in practice and we have a valid explanation for it, I do not think we should ASSERT.

Alex Christensen

Comment 11 2019-11-22 14:54:58 PST

Created attachment 384201 [details] Patch

Alex Christensen

Comment 12 2019-11-22 15:14:26 PST

http://trac.webkit.org/r252809

Radar WebKit Bug Importer

Comment 13 2019-11-22 15:15:22 PST

<rdar://problem/57442544>

Note You need to log in before you can comment on or make changes to this bug.