Bug 189851 - Extending the lifetime of a NetworkProcessProxy / StorageProcessProxy may cause it to have a stale WebProcessPool pointer
Summary: Extending the lifetime of a NetworkProcessProxy / StorageProcessProxy may cau...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on: 189926
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-21 12:46 PDT by Chris Dumez
Modified: 2018-09-25 11:58 PDT (History)
6 users (show)

See Also:

Attachments
Patch (12.63 KB, patch)
2018-09-21 12:54 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (13.12 KB, patch)
2018-09-21 14:14 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (11.90 KB, patch)
2018-09-24 15:15 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2018-09-21 12:46:29 PDT 
Extending the lifetime of a NetworkProcessProxy / StorageProcessProxy may cause it to have a stale WebProcessPool pointer, which is error-prone. We got got by this recently for the NetworkProcess.
Comment 1 Chris Dumez 2018-09-21 12:54:16 PDT 
Created attachment 350408 [details]
Patch
Comment 2 Chris Dumez 2018-09-21 14:14:21 PDT 
Created attachment 350426 [details]
Patch
Comment 3 WebKit Commit Bot 2018-09-21 16:18:21 PDT 
Comment on attachment 350426 [details]
Patch

Clearing flags on attachment: 350426

Committed r236368: <https://trac.webkit.org/changeset/236368>
Comment 4 WebKit Commit Bot 2018-09-21 16:18:22 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 5 Radar WebKit Bug Importer 2018-09-21 16:19:35 PDT 
<rdar://problem/44696263>
Comment 6 Chris Dumez 2018-09-24 13:31:37 PDT 
Reverted r236368 for reason:

Caused WebKit.NetworkProcessCrashWithPendingConnection API test to crash (Bug 189926)

Committed r236425: <https://trac.webkit.org/changeset/236425>
Comment 7 Chris Dumez 2018-09-24 15:15:43 PDT 
Created attachment 350698 [details]
Patch
Comment 8 Chris Dumez 2018-09-25 10:39:12 PDT 
ping review?
Comment 9 Geoffrey Garen 2018-09-25 11:21:15 PDT 
Comment on attachment 350698 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=350698&action=review

> Source/WebKit/UIProcess/Plugins/PluginProcessProxy.h:69
> +class PluginProcessProxy final : public ChildProcessProxy, public ThreadSafeRefCounted<PluginProcessProxy> {

Is PluginProcessProxy somehow immune to "process pool deallocated" issues?
Comment 10 Geoffrey Garen 2018-09-25 11:22:03 PDT 
Shouldn't there be some code in this patch that removes some temporary RefPtr<StorageProcessProxy> or RefPtr<NetworkProcessProxy> objects?
Comment 11 WebKit Commit Bot 2018-09-25 11:31:29 PDT 
Comment on attachment 350698 [details]
Patch

Clearing flags on attachment: 350698

Committed r236464: <https://trac.webkit.org/changeset/236464>
Comment 12 WebKit Commit Bot 2018-09-25 11:31:32 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 13 Chris Dumez 2018-09-25 11:57:56 PDT 
(In reply to Geoffrey Garen from comment #9)
> Comment on attachment 350698 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=350698&action=review
> 
> > Source/WebKit/UIProcess/Plugins/PluginProcessProxy.h:69
> > +class PluginProcessProxy final : public ChildProcessProxy, public ThreadSafeRefCounted<PluginProcessProxy> {
> 
> Is PluginProcessProxy somehow immune to "process pool deallocated" issues?

PluginProcessProxy does not have any reference to its WebProcessPool.
Comment 14 Chris Dumez 2018-09-25 11:58:19 PDT 
(In reply to Geoffrey Garen from comment #10)
> Shouldn't there be some code in this patch that removes some temporary
> RefPtr<StorageProcessProxy> or RefPtr<NetworkProcessProxy> objects?

There are none left or my patch would not build.