Closed Bug 1509362 Opened 1 year ago Closed 1 year ago

Don't crash when attempting to construct actor in dying process

Categories

(Core :: IPC, enhancement)

enhancement
Not set

Tracking

()

RESOLVED FIXED
mozilla65
Tracking Status
firefox65 --- fixed

People

(Reporter: Nika, Assigned: Nika)

References

Details

Attachments

(1 file)

When shutting down a content process, we call `Close` on the `IToplevelProtocol`. This causes the MessageChannel to be `Close`-ed, which in turn sends a `GOODBYE_MESSAGE`: https://searchfox.org/mozilla-central/rev/876022232b15425bb9efde189caf747823b39567/ipc/glue/MessageChannel.cpp#2852

This message is intercepted on the I/O thread in the content process, before any code is informed in content, and used to set the `mChannelState` property to `ChannelClosing`: https://searchfox.org/mozilla-central/rev/876022232b15425bb9efde189caf747823b39567/ipc/glue/MessageChannel.cpp#1176

Once this state has been set, which is performed as soon as the message is received, whether or not other messages have been processed yet, no messages can be sent back to the parent process. This is usually what causes the 'Too late to send/recv' message spam in the console, as we're still trying to send messages at this time.

Usually this is fine - the message send fails, but we gracefully recover, and the process begins shutting down like normal. Unfortunately, child actor constructors currently have code automatically generated in them which causes a process crash if the send fails. As it's impossible for the main thread to know that the channel has been closed ahead of time (due to this happening out-of-band), we can then cause random content process crashes during shutdown due to actor construction.

The obvious fix which I'm taking in this patch is to relax this assertion to instead gracefully fail & destroy the actor if the message send failed on both sides, rather than just content.

This caused the crashes in bug 1487249.
When shutting down a content process, we call `Close` on the
`IToplevelProtocol`. This causes the MessageChannel to be `Close`-ed,
which in turn sends a `GOODBYE_MESSAGE`:
https://searchfox.org/mozilla-central/rev/876022232b15425bb9efde189caf747823b39567/ipc/glue/MessageChannel.cpp#2852

This message is intercepted on the I/O thread in the content process,
before any code is informed in content, and used to set the
`mChannelState` property to `ChannelClosing`:
https://searchfox.org/mozilla-central/rev/876022232b15425bb9efde189caf747823b39567/ipc/glue/MessageChannel.cpp#1176

Once this state has been set, which is performed as soon as the
message is received, whether or not other messages have been processed
yet, no messages can be sent back to the parent process. This is
usually what causes the 'Too late to send/recv' message spam in the
console, as we're still trying to send messages at this time.

Usually this is fine - the message send fails, but we gracefully
recover, and the process begins shutting down like normal.
Unfortunately, child actor constructors currently have code
automatically generated in them which causes a process crash if the
send fails. As it's impossible for the main thread to know that the
channel has been closed ahead of time (due to this happening
out-of-band), we can then cause random content process crashes
during shutdown due to actor construction.

The obvious fix which I'm taking in this patch is to relax this
assertion to instead gracefully fail & destroy the actor if the
message send failed on both sides, rather than just content.
Attachment #9027034 - Attachment description: Bug 1509362 - Don't crash when constructing actor during content shutdown → Bug 1509362 - Don't crash when constructing actor during content shutdown,
Pushed by nika@thelayzells.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/c3fe435e473a
Don't crash when constructing actor during content shutdown, r=jld
Pushed by nika@thelayzells.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7e23a1b90335
Don't crash when constructing actor during content shutdown, r=jld
Flags: needinfo?(nika)
Pushed by nika@thelayzells.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/1c1f445a9b6a
Don't crash when constructing actor during content shutdown, r=jld
https://hg.mozilla.org/mozilla-central/rev/1c1f445a9b6a
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Blocks: 1534882
You need to log in before you can comment on or make changes to this bug.