Closed Bug 1498750 Opened Last year Closed Last year

[Mac] Cache content process sandbox params setup in ContentParent::AppendSandboxParams()

Categories

(Core :: Security: Process Sandboxing, enhancement, P1)

64 Branch
Unspecified
macOS
enhancement

Tracking

()

RESOLVED FIXED
mozilla65
Tracking Status
firefox64 --- wontfix
firefox65 --- fixed

People

(Reporter: haik, Assigned: haik)

Details

Attachments

(1 file)

Many of the sandbox parameters for the content sandbox setup in ContentParent::AppendSandboxParams() do not change for the life of the browser parent process. We should cache these values rather than recomputing them each time a content process is launched. For example, the app path obtained with nsMacUtilsImpl::GetAppPath() in AppendSandboxParams() touches the filesystem when it calls nsIFile::Noramlize() which calls realpath().
Assignee: nobody → haftandilian
Priority: -- → P1
Cache the sandboxing command line parameters used when starting a new content process, avoiding calls to realpath(3) on the main thread in the parent process for each content process that is started.
(Reposting with correct units.) Talos tests didn't reveal any significant perf changes as a result of the fix, but we should avoid doing I/O on the main thread. With added instrumentation using mach_absolute_time to time AppendSandboxParams(), on a recent MacBook Pro, without the fix, starting up the browser and cycling through ~10 tabs yields

  AppendSandboxParams delta: 133 microseconds (us)
  AppendSandboxParams delta: 74 us
  AppendSandboxParams delta: 117 us
  AppendSandboxParams delta: 101 us
  AppendSandboxParams delta: 130 us
  AppendSandboxParams delta: 121 us
  AppendSandboxParams delta: 134 us
  AppendSandboxParams delta: 134 us
  AppendSandboxParams delta: 166 us
  AppendSandboxParams delta: 132 us

With the fix:

  AppendSandboxParams delta: 131 us
  AppendSandboxParams delta: 1 us
  AppendSandboxParams delta: 1 us
  AppendSandboxParams delta: 1 us
  AppendSandboxParams delta: 2 us
  AppendSandboxParams delta: 2 us
  AppendSandboxParams delta: 2 us
  AppendSandboxParams delta: 1 us
  AppendSandboxParams delta: 1 us
  AppendSandboxParams delta: 3 us
Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9e1e0da28cb4
[Mac] Cache content process sandbox params setup in ContentParent::AppendSandboxParams() r=Alex_Gaynor
https://hg.mozilla.org/mozilla-central/rev/9e1e0da28cb4
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in before you can comment on or make changes to this bug.