Closed Bug 1633401 Opened 2 years ago Closed 2 years ago

The Document.HasStorageAccess() would throw NS_ERROR_NOT_AVAILABLE in Fission mode

Categories

(Core :: Privacy: Anti-Tracking, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla77
Fission Milestone M6a
Tracking Status
firefox77 --- fixed

People

(Reporter: timhuang, Assigned: timhuang)

References

Details

Attachments

(2 files)

We need to get the top-level document in Document::HasStorageAccess() in order to tell if the document is first-party related to the top-level document. This won't work if the document is a third-party document. We can resolve this by using the browsing context to do the check.

In Document::HasStorageAccess(), we try to get the top-level document.
To check if the document is first-party to the top-level document. But,
this won't work for Fission since the top-level document could be
out-of-process.

In this patch, we use broswing context to get the top-level principal to
test if the document is thrid-party. If we cannot get the top-level
outer window, the top-level document should be cross-origin. So, we know
the answer. If the top-level document is available, we check the
principal to see if the document is first-party.

Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/09f0bd3285b9
Make Document.HasStorageAccess fission compatible. r=baku

Backed out changeset 09f0bd3285b9 (bug 1633401) for hasStorageAccess.sub.window.html failures

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&searchStr=linux%2C18.04%2Cx64%2Casan%2Copt%2Cweb%2Cplatform%2Ctests%2Ctest-linux1804-64-asan%2Fopt-web-platform-tests-e10s-15%2Cw%28wpt15%29&fromchange=e526ce438e75aa07cfff3152d3a33a3dd054579c&tochange=088a3153c897cdd1ffba42a488f48f552893fdeb&selectedTaskRun=N-pqmG0ASf-g7ULS-3Iixw-0

Backout link: https://hg.mozilla.org/integration/autoland/rev/088a3153c897cdd1ffba42a488f48f552893fdeb

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=299975719&repo=autoland&lineNumber=8416

[task 2020-04-29T12:27:48.805Z] 12:27:48     INFO - TEST-START | /storage-access-api/hasStorageAccess.sub.window.html
[task 2020-04-29T12:27:49.849Z] 12:27:49     INFO - PID 26008 | AddressSanitizer:DEADLYSIGNAL
[task 2020-04-29T12:27:49.851Z] 12:27:49     INFO - PID 26008 | =================================================================
[task 2020-04-29T12:27:49.853Z] 12:27:49    ERROR - PID 26008 | ==26261==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000238 (pc 0x7f8db1123137 bp 0x7ffcda70f590 sp 0x7ffcda70f590 T0)
[task 2020-04-29T12:27:49.854Z] 12:27:49     INFO - PID 26008 | ==26261==The signal is caused by a READ memory access.
[task 2020-04-29T12:27:49.854Z] 12:27:49     INFO - PID 26008 | ==26261==Hint: address points to the zero page.
[task 2020-04-29T12:27:50.400Z] 12:27:50     INFO - PID 26008 |     #0 0x7f8db1123136 in operator bool /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:310:45
[task 2020-04-29T12:27:50.402Z] 12:27:50     INFO - PID 26008 |     #1 0x7f8db1123136 in mozilla::dom::BrowsingContext::Top() /builds/worker/checkouts/gecko/docshell/base/BrowsingContext.cpp:113:10
[task 2020-04-29T12:27:50.458Z] 12:27:50     INFO - PID 26008 |     #2 0x7f8daa3b5e3d in mozilla::dom::Document::HasStorageAccess(mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/base/Document.cpp:15581:57
[task 2020-04-29T12:27:50.514Z] 12:27:50     INFO - PID 26008 |     #3 0x7f8dabb5a321 in hasStorageAccess /builds/worker/workspace/obj-build/dom/bindings/DocumentBinding.cpp:7915:60
[task 2020-04-29T12:27:50.514Z] 12:27:50     INFO - PID 26008 |     #4 0x7f8dabb5a321 in mozilla::dom::Document_Binding::hasStorageAccess_promiseWrapper(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/DocumentBinding.cpp:7929:13
[task 2020-04-29T12:27:50.522Z] 12:27:50     INFO - PID 26008 |     #5 0x7f8dac02954d in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ConvertExceptionsToPromises>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3203:13
[task 2020-04-29T12:27:50.538Z] 12:27:50     INFO - PID 26008 |     #6 0x7f8db1df9907 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:493:13
[task 2020-04-29T12:27:50.538Z] 12:27:50     INFO - PID 26008 |     #7 0x7f8db1df9907 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:585:12
[task 2020-04-29T12:27:50.539Z] 12:27:50     INFO - PID 26008 |     #8 0x7f8db1dfb9ea in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:648:10
[task 2020-04-29T12:27:50.540Z] 12:27:50     INFO - PID 26008 |     #9 0x7f8db1de3819 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:652:10
[task 2020-04-29T12:27:50.541Z] 12:27:50     INFO - PID 26008 |     #10 0x7f8db1de3819 in Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3323:16
[task 2020-04-29T12:27:50.542Z] 12:27:50     INFO - PID 26008 |     #11 0x7f8db1dc8f36 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:465:10
[task 2020-04-29T12:27:50.542Z] 12:27:50     INFO - PID 26008 |     #12 0x7f8db1df99ea in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:620:13
[task 2020-04-29T12:27:50.542Z] 12:27:50     INFO - PID 26008 |     #13 0x7f8db1dfb9ea in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:648:10
[task 2020-04-29T12:27:50.544Z] 12:27:50     INFO - PID 26008 |     #14 0x7f8db1dfbc69 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:665:8
[task 2020-04-29T12:27:50.559Z] 12:27:50     INFO - PID 26008 |     #15 0x7f8db2ce75f2 in js::jit::InvokeFunction(JSContext*, JS::Handle<JSObject*>, bool, bool, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:269:10
[task 2020-04-29T12:27:50.560Z] 12:27:50     INFO - PID 26008 |     #16 0x7f8db2ce8061 in js::jit::InvokeFromInterpreterStub(JSContext*, js::jit::InterpreterStubExitFrameLayout*) /builds/worker/checkouts/gecko/js/src/jit/VMFunctions.cpp:289:8
[task 2020-04-29T12:27:50.563Z] 12:27:50     INFO - PID 26008 |     #17 0x1a9f48e71fb3  (<unknown module>)
[task 2020-04-29T12:27:50.565Z] 12:27:50     INFO - PID 26008 | AddressSanitizer can not provide additional info.
[task 2020-04-29T12:27:50.565Z] 12:27:50     INFO - PID 26008 | SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/obj-build/dist/include/mozilla/RefPtr.h:310:45 in operator bool
[task 2020-04-29T12:27:50.565Z] 12:27:50     INFO - PID 26008 | ==26261==ABORTING
[task 2020-04-29T12:27:50.742Z] 12:27:50     INFO - PID 26008 | A content process crashed and MOZ_CRASHREPORTER_SHUTDOWN is set, shutting down
[task 2020-04-29T12:27:51.193Z] 12:27:51     INFO - NoSuchWindowException on command, setting status to CRASH
[task 2020-04-29T12:27:51.198Z] 12:27:51     INFO - TEST-UNEXPECTED-CRASH | /storage-access-api/hasStorageAccess.sub.window.html | expected TIMEOUT
[task 2020-04-29T12:27:51.198Z] 12:27:51     INFO - TEST-INFO expected TIMEOUT | took 2389ms
Flags: needinfo?(tihuang)

Thanks.

Flags: needinfo?(tihuang)
Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/74edce9ec6a3
Make Document.HasStorageAccess fission compatible. r=baku

Backed out changeset 74edce9ec6a3 (bug 1633401) for hasStorageAccess.sub.window.html failures
https://hg.mozilla.org/integration/autoland/rev/44e560ac78e8795178e8a618e73aa7b5b2a12d72

push that caused the backout: https://treeherder.mozilla.org/#/jobs?repo=autoland&selectedTaskRun=bJd3UrK6QQOWgGgQW4u0Jw-0&searchStr=linux%2C18.04%2Cx64%2Casan%2Copt%2Cweb%2Cplatform%2Ctests%2Ctest-linux1804-64-asan%2Fopt-web-platform-tests-e10s-15%2Cw%28wpt15%29&fromchange=8609782d78d127c495269680a7054cad13167d42&tochange=44e560ac78e8795178e8a618e73aa7b5b2a12d72

log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=300003906&repo=autoland&lineNumber=8424
[task 2020-04-29T15:30:01.115Z] 15:30:01 INFO - TEST-START | /html/cross-origin-embedder-policy/no-secure-context.html
[task 2020-04-29T15:30:01.117Z] 15:30:01 INFO - Clearing pref browser.tabs.remote.useCrossOriginEmbedderPolicy
[task 2020-04-29T15:30:01.194Z] 15:30:01 INFO - Setting pref browser.tabs.remote.useCrossOriginEmbedderPolicy (true)
[task 2020-04-29T15:30:01.230Z] 15:30:01 INFO - Closing window 44
[task 2020-04-29T15:30:02.313Z] 15:30:02 INFO - PID 15238 | -----------------------------------------------------
[task 2020-04-29T15:30:02.314Z] 15:30:02 INFO - PID 15238 | Suppressions used:
[task 2020-04-29T15:30:02.314Z] 15:30:02 INFO - PID 15238 | count bytes template
[task 2020-04-29T15:30:02.315Z] 15:30:02 INFO - PID 15238 | 24 744 nsComponentManagerImpl
[task 2020-04-29T15:30:02.315Z] 15:30:02 INFO - PID 15238 | 633 18287 libfontconfig.so
[task 2020-04-29T15:30:02.315Z] 15:30:02 INFO - PID 15238 | 1 11 libglib-2.0.so
[task 2020-04-29T15:30:02.315Z] 15:30:02 INFO - PID 15238 | -----------------------------------------------------
[task 2020-04-29T15:30:02.975Z] 15:30:02 INFO -
[task 2020-04-29T15:30:02.975Z] 15:30:02 INFO - TEST-PASS | /storage-access-api/hasStorageAccess.sub.window.html | [top-level-context] document.hasStorageAccess() should be supported on the document interface
[task 2020-04-29T15:30:02.977Z] 15:30:02 INFO - TEST-PASS | /storage-access-api/hasStorageAccess.sub.window.html | [top-level-context] document.hasStorageAccess() should be allowed by default: true
[task 2020-04-29T15:30:02.977Z] 15:30:02 INFO - TEST-UNEXPECTED-PASS | /storage-access-api/hasStorageAccess.sub.window.html | [top-level-context] document.hasStorageAccess() should work on a document object. - expected FAIL
[task 2020-04-29T15:30:02.978Z] 15:30:02 INFO - TEST-INFO | expected FAIL
[task 2020-04-29T15:30:02.978Z] 15:30:02 INFO - TEST-TIMEOUT | /storage-access-api/hasStorageAccess.sub.window.html | took 11785ms
[task 2020-04-29T15:30:03.045Z] 15:30:03 INFO - PID 26218 | 1588174203038 Marionette INFO Stopped listening on port 49370
[task 2020-04-29T15:30:03.707Z] 15:30:03 INFO - PID 26218 | ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost

Flags: needinfo?(tihuang)
Flags: needinfo?(tihuang)
Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c06a6718ad5f
Make Document.HasStorageAccess fission compatible. r=baku
https://hg.mozilla.org/integration/autoland/rev/51411fecaf48
Remove the TEST-UNEXPECTED-PASS for wpt 'hasStorageAccess.sub.window.html' r=baku

I should not remove the failure expectation of the wpt entirely since we haven't supported the storage access api in android. Will fix this soon.

Flags: needinfo?(tihuang)
Attachment #9144427 - Attachment description: Bug 1633401 - Remove the TEST-UNEXPECTED-PASS for wpt 'hasStorageAccess.sub.window.html' r?baku! → Bug 1633401 - Remove the TEST-UNEXPECTED-PASS for wpt 'hasStorageAccess.sub.window.html' in non-android builds. r?baku!
Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ea3411b110b3
Make Document.HasStorageAccess fission compatible. r=baku
https://hg.mozilla.org/integration/autoland/rev/30f462b4fabc
Remove the TEST-UNEXPECTED-PASS for wpt 'hasStorageAccess.sub.window.html' in non-android builds. r=baku
Priority: -- → P1
Severity: -- → normal
Fission Milestone: --- → M6a
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla77
You need to log in before you can comment on or make changes to this bug.