Bug 154837 - Modern IDB: WebKit 2 IPC layer easily confused about multiple web processes being connected
Summary: Modern IDB: WebKit 2 IPC layer easily confused about multiple web processes b...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: Safari 9
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brady Eidson
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2016-02-29 14:23 PST by Brady Eidson
Modified: 2016-02-29 15:13 PST (History)
1 user (show)

See Also:


Attachments
Patch v1 (22.86 KB, patch)
2016-02-29 14:26 PST, Brady Eidson
achristensen: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Brady Eidson 2016-02-29 14:23:49 PST
Modern IDB: WebKit 2 IPC layer easily confused about multiple web processes being connected

Can result in weird behavior, including (most obviously) ASSERTs in debug builds.

<rdar://problem/24857351>
Comment 1 Brady Eidson 2016-02-29 14:26:40 PST
Created attachment 272518 [details]
Patch v1
Comment 2 Alex Christensen 2016-02-29 14:50:55 PST
Comment on attachment 272518 [details]
Patch v1

View in context: https://bugs.webkit.org/attachment.cgi?id=272518&action=review

> Source/WebKit2/DatabaseProcess/DatabaseToWebProcessConnection.cpp:99
> +static uint64_t generateConnectionToServerIdentifier()

It makes sense to have this in the DatabaseProcess.  Do we have any protection against invalid identifiers being used if the DatabaseProcess crashes?

> Source/WebKit2/WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:62
> +    m_isOpenInServer = sendSync(Messages::DatabaseToWebProcessConnection::EstablishIDBConnectionToServer(), m_identifier);

Why can't we send asynchronously?
Comment 3 Brady Eidson 2016-02-29 15:00:19 PST
(In reply to comment #2)
> Comment on attachment 272518 [details]
> Patch v1
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=272518&action=review
> 
> > Source/WebKit2/DatabaseProcess/DatabaseToWebProcessConnection.cpp:99
> > +static uint64_t generateConnectionToServerIdentifier()
> 
> It makes sense to have this in the DatabaseProcess.  Do we have any
> protection against invalid identifiers being used if the DatabaseProcess
> crashes?

DatabaseProcess goes away, all related objects in the web process are invalidated.

> > Source/WebKit2/WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:62
> > +    m_isOpenInServer = sendSync(Messages::DatabaseToWebProcessConnection::EstablishIDBConnectionToServer(), m_identifier);
> 
> Why can't we send asynchronously?

New connections can start queuing up operations in the WebProcess via javascript immediately.

This is at most one sync message per tab without any complicated/long-running work behind it. NBD.
Comment 4 Alex Christensen 2016-02-29 15:08:05 PST
Comment on attachment 272518 [details]
Patch v1

View in context: https://bugs.webkit.org/attachment.cgi?id=272518&action=review

>>> Source/WebKit2/DatabaseProcess/DatabaseToWebProcessConnection.cpp:99
>>> +static uint64_t generateConnectionToServerIdentifier()
>> 
>> It makes sense to have this in the DatabaseProcess.  Do we have any protection against invalid identifiers being used if the DatabaseProcess crashes?
> 
> DatabaseProcess goes away, all related objects in the web process are invalidated.

It makes sense to have this in the DatabaseProcess.  Do we have any protection against invalid identifiers being used if the DatabaseProcess crashes?

>>> Source/WebKit2/WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:62
>>> +    m_isOpenInServer = sendSync(Messages::DatabaseToWebProcessConnection::EstablishIDBConnectionToServer(), m_identifier);
>> 
>> Why can't we send asynchronously?
> 
> New connections can start queuing up operations in the WebProcess via javascript immediately.
> 
> This is at most one sync message per tab without any complicated/long-running work behind it. NBD.

Why can't we send asynchronously?
Comment 5 Brady Eidson 2016-02-29 15:13:48 PST
http://trac.webkit.org/changeset/197372