Closed Bug 1052096 Opened 10 years ago Closed 10 years ago

Hoist CPOWs into the junk scopes of each process

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla35

People

(Reporter: billm, Assigned: bholley)

References

Details

Attachments

(4 files, 1 obsolete file)

Part 1 - Move CPOWs into the privileged junk scope. v1
2.57 KB, patch
billm
: review+
Details | Diff | Splinter Review
Part 2 - Move CPOW targets into the privileged/unprivileged junk scope of the child/parent. v1
5.81 KB, patch
billm
: review+
Details | Diff | Splinter Review
Part 3 - Add an API to access the 'Location' string (used by memory reporters) of a compartment. v1
3.25 KB, patch
billm
: review+
Details | Diff | Splinter Review
Part 4 - Tests. v1
6.91 KB, patch
billm
: review+
Details | Diff | Splinter Review
Right now, if a CPOW is created in a given compartment, it lives there forever. Whoever else wants it gets a wrapper around it. Bobby pointed out that this is a problem for cross-domain content compartments, where the second compartment won't be able to use the CPOW at all. We really need to have a separate CPOW in each compartment. This is how other kinds of wrappers work.
Attached patch per-comp-cpows (obsolete) — Splinter Review
I wrote a patch for this and then tried to test it. However, I can't figure out how to get the test to fail without the patch, so I'm not sure how necessary this is. Basically, we always receive the "initial" CPOW in some chrome compartment. And, whenever we operate on that CPOW, we'll always enter that chrome compartment to do it. Consequently, any new CPOWs derived from the original one will also be created in the same chrome compartment. So I think the "visibility" problem we were worried about, where a CPOW is created in a content compartment and then unusable by other content compartments, can't happen. Maybe I'm missing something though. Despite all that, it seems better to have this than not to have it, so we might as well do it.
Attachment #8475566 - Flags: review?(bobbyholley)
Oh, one thing this patch doesn't do is to have the PrepareForWrapping hook just make a new CPOW in the new compartment. Let me know if you want that Bobby.
Comment on attachment 8475566 [details] [diff] [review] per-comp-cpows Bill and I decided that we should just require and assert that all CPOWs and all CPOW targets live in the junk scopes (privileged in the child, unprivileged in the parent).
Attachment #8475566 - Flags: review?(bobbyholley) → review-
More specifically: * Parent->Child CPOWs and their targets should live in the privileged junk scope. * Child->Parent CPOWs should live in the privileged junk scope, and their target should live in the unprivileged junk scope.
Summary: Different compartments should get different CPOWs → Hoist CPOWs into the junk scopes of each process
Taking this, per IRC discussion with billm.
Assignee: wmccloskey → bobbyholley
Blocks: 1065811
Attachment #8488446 - Flags: review?(wmccloskey)
Attachment #8475566 - Attachment is obsolete: true
Attachment #8488443 - Flags: review?(wmccloskey) → review+
Attachment #8488444 - Flags: review?(wmccloskey) → review+
Attachment #8488445 - Flags: review?(wmccloskey) → review+
Comment on attachment 8488446 [details] [diff] [review] Part 4 - Tests. v1 Review of attachment 8488446 [details] [diff] [review]: ----------------------------------------------------------------- Looks great! Thanks again.
Attachment #8488446 - Flags: review?(wmccloskey) → review+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: