The Document.HasStorageAccess() would throw NS_ERROR_NOT_AVAILABLE in Fission mode
Categories
(Core :: Privacy: Anti-Tracking, task, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox77 | --- | fixed |
People
(Reporter: timhuang, Assigned: timhuang)
References
Details
Attachments
(2 files)
We need to get the top-level document in Document::HasStorageAccess() in order to tell if the document is first-party related to the top-level document. This won't work if the document is a third-party document. We can resolve this by using the browsing context to do the check.
|
Assignee | |
Comment 1•4 years ago
|
||
In Document::HasStorageAccess(), we try to get the top-level document.
To check if the document is first-party to the top-level document. But,
this won't work for Fission since the top-level document could be
out-of-process.
In this patch, we use broswing context to get the top-level principal to
test if the document is thrid-party. If we cannot get the top-level
outer window, the top-level document should be cross-origin. So, we know
the answer. If the top-level document is available, we check the
principal to see if the document is first-party.
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/09f0bd3285b9 Make Document.HasStorageAccess fission compatible. r=baku
|
||
Comment 3•4 years ago
|
||
Backed out changeset 09f0bd3285b9 (bug 1633401) for hasStorageAccess.sub.window.html failures
Backout link: https://hg.mozilla.org/integration/autoland/rev/088a3153c897cdd1ffba42a488f48f552893fdeb
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=299975719&repo=autoland&lineNumber=8416
[task 2020-04-29T12:27:48.805Z] 12:27:48 INFO - TEST-START | /storage-access-api/hasStorageAccess.sub.window.html
[task 2020-04-29T12:27:49.849Z] 12:27:49 INFO - PID 26008 | AddressSanitizer:DEADLYSIGNAL
[task 2020-04-29T12:27:49.851Z] 12:27:49 INFO - PID 26008 | =================================================================
[task 2020-04-29T12:27:49.853Z] 12:27:49 ERROR - PID 26008 | ==26261==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000238 (pc 0x7f8db1123137 bp 0x7ffcda70f590 sp 0x7ffcda70f590 T0)
[task 2020-04-29T12:27:49.854Z] 12:27:49 INFO - PID 26008 | ==26261==The signal is caused by a READ memory access.
[task 2020-04-29T12:27:49.854Z] 12:27:49 INFO - PID 26008 | ==26261==Hint: address points to the zero page.
[task 2020-04-29T12:27:50.400Z] 12:27:50 INFO - PID 26008 | #0 0x7f8db1123136 in operator bool /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:310:45
[task 2020-04-29T12:27:50.402Z] 12:27:50 INFO - PID 26008 | #1 0x7f8db1123136 in mozilla::dom::BrowsingContext::Top() /builds/worker/checkouts/gecko/docshell/base/BrowsingContext.cpp:113:10
[task 2020-04-29T12:27:50.458Z] 12:27:50 INFO - PID 26008 | #2 0x7f8daa3b5e3d in mozilla::dom::Document::HasStorageAccess(mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/base/Document.cpp:15581:57
[task 2020-04-29T12:27:50.514Z] 12:27:50 INFO - PID 26008 | #3 0x7f8dabb5a321 in hasStorageAccess /builds/worker/workspace/obj-build/dom/bindings/DocumentBinding.cpp:7915:60
[task 2020-04-29T12:27:50.514Z] 12:27:50 INFO - PID 26008 | #4 0x7f8dabb5a321 in mozilla::dom::Document_Binding::hasStorageAccess_promiseWrapper(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/DocumentBinding.cpp:7929:13
[task 2020-04-29T12:27:50.522Z] 12:27:50 INFO - PID 26008 | #5 0x7f8dac02954d in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ConvertExceptionsToPromises>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3203:13
[task 2020-04-29T12:27:50.538Z] 12:27:50 INFO - PID 26008 | #6 0x7f8db1df9907 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:493:13
[task 2020-04-29T12:27:50.538Z] 12:27:50 INFO - PID 26008 | #7 0x7f8db1df9907 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:585:12
[task 2020-04-29T12:27:50.539Z] 12:27:50 INFO - PID 26008 | #8 0x7f8db1dfb9ea in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:648:10
[task 2020-04-29T12:27:50.540Z] 12:27:50 INFO - PID 26008 | #9 0x7f8db1de3819 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:652:10
[task 2020-04-29T12:27:50.541Z] 12:27:50 INFO - PID 26008 | #10 0x7f8db1de3819 in Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3323:16
[task 2020-04-29T12:27:50.542Z] 12:27:50 INFO - PID 26008 | #11 0x7f8db1dc8f36 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:465:10
[task 2020-04-29T12:27:50.542Z] 12:27:50 INFO - PID 26008 | #12 0x7f8db1df99ea in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:620:13
[task 2020-04-29T12:27:50.542Z] 12:27:50 INFO - PID 26008 | #13 0x7f8db1dfb9ea in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:648:10
[task 2020-04-29T12:27:50.544Z] 12:27:50 INFO - PID 26008 | #14 0x7f8db1dfbc69 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:665:8
[task 2020-04-29T12:27:50.559Z] 12:27:50 INFO - PID 26008 | #15 0x7f8db2ce75f2 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:269:10
[task 2020-04-29T12:27:50.560Z] 12:27:50 INFO - PID 26008 | #16 0x7f8db2ce8061 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:289:8
[task 2020-04-29T12:27:50.563Z] 12:27:50 INFO - PID 26008 | #17 0x1a9f48e71fb3 (<unknown module>)
[task 2020-04-29T12:27:50.565Z] 12:27:50 INFO - PID 26008 | AddressSanitizer can not provide additional info.
[task 2020-04-29T12:27:50.565Z] 12:27:50 INFO - PID 26008 | SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:310:45 in operator bool
[task 2020-04-29T12:27:50.565Z] 12:27:50 INFO - PID 26008 | ==26261==ABORTING
[task 2020-04-29T12:27:50.742Z] 12:27:50 INFO - PID 26008 | A content process crashed and MOZ_CRASHREPORTER_SHUTDOWN is set, shutting down
[task 2020-04-29T12:27:51.193Z] 12:27:51 INFO - NoSuchWindowException on command, setting status to CRASH
[task 2020-04-29T12:27:51.198Z] 12:27:51 INFO - TEST-UNEXPECTED-CRASH | /storage-access-api/hasStorageAccess.sub.window.html | expected TIMEOUT
[task 2020-04-29T12:27:51.198Z] 12:27:51 INFO - TEST-INFO expected TIMEOUT | took 2389ms
|
|
||
Comment 4•4 years ago
|
||
Also seeing this crash on the backed out changes: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=299994400&repo=autoland&lineNumber=7874
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/74edce9ec6a3 Make Document.HasStorageAccess fission compatible. r=baku
|
||
Comment 7•4 years ago
|
||
Backed out changeset 74edce9ec6a3 (bug 1633401) for hasStorageAccess.sub.window.html failures
https://hg.mozilla.org/integration/autoland/rev/44e560ac78e8795178e8a618e73aa7b5b2a12d72
log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=300003906&repo=autoland&lineNumber=8424
[task 2020-04-29T15:30:01.115Z] 15:30:01 INFO - TEST-START | /html/cross-origin-embedder-policy/no-secure-context.html
[task 2020-04-29T15:30:01.117Z] 15:30:01 INFO - Clearing pref browser.tabs.remote.useCrossOriginEmbedderPolicy
[task 2020-04-29T15:30:01.194Z] 15:30:01 INFO - Setting pref browser.tabs.remote.useCrossOriginEmbedderPolicy (true)
[task 2020-04-29T15:30:01.230Z] 15:30:01 INFO - Closing window 44
[task 2020-04-29T15:30:02.313Z] 15:30:02 INFO - PID 15238 | -----------------------------------------------------
[task 2020-04-29T15:30:02.314Z] 15:30:02 INFO - PID 15238 | Suppressions used:
[task 2020-04-29T15:30:02.314Z] 15:30:02 INFO - PID 15238 | count bytes template
[task 2020-04-29T15:30:02.315Z] 15:30:02 INFO - PID 15238 | 24 744 nsComponentManagerImpl
[task 2020-04-29T15:30:02.315Z] 15:30:02 INFO - PID 15238 | 633 18287 libfontconfig.so
[task 2020-04-29T15:30:02.315Z] 15:30:02 INFO - PID 15238 | 1 11 libglib-2.0.so
[task 2020-04-29T15:30:02.315Z] 15:30:02 INFO - PID 15238 | -----------------------------------------------------
[task 2020-04-29T15:30:02.975Z] 15:30:02 INFO -
[task 2020-04-29T15:30:02.975Z] 15:30:02 INFO - TEST-PASS | /storage-access-api/hasStorageAccess.sub.window.html | [top-level-context] document.hasStorageAccess() should be supported on the document interface
[task 2020-04-29T15:30:02.977Z] 15:30:02 INFO - TEST-PASS | /storage-access-api/hasStorageAccess.sub.window.html | [top-level-context] document.hasStorageAccess() should be allowed by default: true
[task 2020-04-29T15:30:02.977Z] 15:30:02 INFO - TEST-UNEXPECTED-PASS | /storage-access-api/hasStorageAccess.sub.window.html | [top-level-context] document.hasStorageAccess() should work on a document object. - expected FAIL
[task 2020-04-29T15:30:02.978Z] 15:30:02 INFO - TEST-INFO | expected FAIL
[task 2020-04-29T15:30:02.978Z] 15:30:02 INFO - TEST-TIMEOUT | /storage-access-api/hasStorageAccess.sub.window.html | took 11785ms
[task 2020-04-29T15:30:03.045Z] 15:30:03 INFO - PID 26218 | 1588174203038 Marionette INFO Stopped listening on port 49370
[task 2020-04-29T15:30:03.707Z] 15:30:03 INFO - PID 26218 | ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost
|
|
Assignee | |
Comment 8•4 years ago
|
||
Depends on D72664
|
|
Assignee | |
Updated•4 years ago
|
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c06a6718ad5f Make Document.HasStorageAccess fission compatible. r=baku https://hg.mozilla.org/integration/autoland/rev/51411fecaf48 Remove the TEST-UNEXPECTED-PASS for wpt 'hasStorageAccess.sub.window.html' r=baku
|
||
Comment 10•4 years ago
|
||
Backed out 2 changesets (Bug 1633401) for perma wpt failures in /storage-access-api/hasStorageAccess.sub.window.html CLOSED TREE
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=300165242&repo=autoland&lineNumber=5758
|
|
Assignee | |
Comment 11•4 years ago
|
||
I should not remove the failure expectation of the wpt entirely since we haven't supported the storage access api in android. Will fix this soon.
|
||
Updated•4 years ago
|
|
||
Comment 12•4 years ago
|
||
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ea3411b110b3 Make Document.HasStorageAccess fission compatible. r=baku https://hg.mozilla.org/integration/autoland/rev/30f462b4fabc Remove the TEST-UNEXPECTED-PASS for wpt 'hasStorageAccess.sub.window.html' in non-android builds. r=baku
|
||
Updated•4 years ago
|
|
||
Updated•4 years ago
|
|
||
Comment 13•4 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/ea3411b110b3
https://hg.mozilla.org/mozilla-central/rev/30f462b4fabc
Description
•