Bug 184216 - Make SecurityOrigin safe to create and use from any thread
Summary: Make SecurityOrigin safe to create and use from any thread
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
Keywords: InRadar
Depends on:
Reported: 2018-03-31 19:09 PDT by Chris Dumez
Modified: 2018-04-03 09:31 PDT (History)
7 users (show)

See Also:

Patch (25.42 KB, patch)
2018-03-31 20:32 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff
Patch (25.96 KB, patch)
2018-03-31 21:37 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2018-03-31 19:09:53 PDT
It turns out that we have code constructing and using SecurityOrigin objects from non-main threads. This is currently unsafe, mostly because of SecurityOrigin's reliance on the SchemeRegistry.

Note that it will be safe to:
- Construct a SecurityOrigin from any thread A and use that origin later on same thread A

It will not be safe to:
- Pass a SecurityOrigin to another thread without calling isolatedCopy().
Comment 1 Chris Dumez 2018-03-31 20:32:27 PDT
Created attachment 336950 [details]
Comment 2 Chris Dumez 2018-03-31 21:37:24 PDT
Created attachment 336951 [details]
Comment 3 youenn fablet 2018-04-02 20:21:15 PDT
Comment on attachment 336951 [details]

I wonder whether we should not be making more SchemeRegistry thread safe.
All the methods only used by Document/DocumentLoader seem fine to me.
I am less sure of the Database one but probably it is and will remain safe?

Out of pure curiosity, it seems that we are really locking for write but maybe we could allow multiple read in parallel?
Especially since we barely touch Schemes.

View in context: https://bugs.webkit.org/attachment.cgi?id=336951&action=review

> Source/WebCore/platform/SchemeRegistry.cpp:497
>  {

Ideally these registerXX should take a String&& since most of the time, they are called from IPC that can provide String&&
Comment 4 WebKit Commit Bot 2018-04-03 09:26:52 PDT
Comment on attachment 336951 [details]

Clearing flags on attachment: 336951

Committed r230205: <https://trac.webkit.org/changeset/230205>
Comment 5 WebKit Commit Bot 2018-04-03 09:26:54 PDT
All reviewed patches have been landed.  Closing bug.
Comment 6 Radar WebKit Bug Importer 2018-04-03 09:31:27 PDT