184216 – Make SecurityOrigin safe to create and use from any thread

Bug 184216 - Make SecurityOrigin safe to create and use from any thread

Summary: Make SecurityOrigin safe to create and use from any thread

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-03-31 19:09 PDT by Chris Dumez
Modified:	2018-04-03 09:31 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Patch (25.42 KB, patch) 2018-03-31 20:32 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (25.96 KB, patch) 2018-03-31 21:37 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2018-03-31 19:09:53 PDT

It turns out that we have code constructing and using SecurityOrigin objects from non-main threads. This is currently unsafe, mostly because of SecurityOrigin's reliance on the SchemeRegistry.

Note that it will be safe to:
- Construct a SecurityOrigin from any thread A and use that origin later on same thread A

It will not be safe to:
- Pass a SecurityOrigin to another thread without calling isolatedCopy().

Comment 1 Chris Dumez 2018-03-31 20:32:27 PDT

Created attachment 336950 [details]
Patch

Comment 2 Chris Dumez 2018-03-31 21:37:24 PDT

Created attachment 336951 [details]
Patch

Comment 3 youenn fablet 2018-04-02 20:21:15 PDT

Comment on attachment 336951 [details]
Patch

I wonder whether we should not be making more SchemeRegistry thread safe.
All the methods only used by Document/DocumentLoader seem fine to me.
I am less sure of the Database one but probably it is and will remain safe?

Out of pure curiosity, it seems that we are really locking for write but maybe we could allow multiple read in parallel?
Especially since we barely touch Schemes.

View in context: https://bugs.webkit.org/attachment.cgi?id=336951&action=review

> Source/WebCore/platform/SchemeRegistry.cpp:497
>  {

Ideally these registerXX should take a String&& since most of the time, they are called from IPC that can provide String&&

Comment 4 WebKit Commit Bot 2018-04-03 09:26:52 PDT

Comment on attachment 336951 [details]
Patch

Clearing flags on attachment: 336951

Committed r230205: <https://trac.webkit.org/changeset/230205>

Comment 5 WebKit Commit Bot 2018-04-03 09:26:54 PDT

All reviewed patches have been landed.  Closing bug.

Comment 6 Radar WebKit Bug Importer 2018-04-03 09:31:27 PDT

<rdar://problem/39143063>