Open Bug 1795083 Opened 2 years ago Updated 11 months ago

Investigate using ipcz rather than mojo ports

Categories

(Core :: IPC, enhancement)

Product:
Core
Component:
IPC
Type:
enhancement

Tracking

()

People

(Reporter: nika, Assigned: nika)

References

(Depends on 1 open bug)

Details

The chromium team is implementing a new routing framework for their IPC layer called ipcz (explainer). This new framework aims to improve the security of the IPC layer by removing the dependency on globally unique UUID tokens, among other improvements, like using shared memory more heavily across platforms to improve message sending performance, especially for floods of small IPC messages.

Apparently chromium intends to provide a git mirror of the ipcz subtree, which is being kept seperate from the rest of chromium, exposes a C-only API, and only depends on the abseil library (no dependency on base). This should make it easier for us to import and keep up with upstream security and performance improvements.

Due to the broader scope compared to the ports library, ipcz would replace a significant fraction of the complexity introduced in bug 1706374, bug 1713148, and bug 1732343 including process introductions, handle message relaying, control message broadcasting, etc. In addition, due to lacking the dependency on base, it should be easier for us to keep up-to-date going forward, not requiring a fork like the ports library did.

I took a look at potential roadblocks which we might run into if we decided to integrate ipcz, and I think the most notable one is probably that the injection point we're using for nyx ipc fuzzing doesn't exist anymore with ipcz, due to how it uses shared memory for messages. In order to continue to support ipc fuzzing, we may need to add extra fuzzing-only codepaths to allow injecting messages later in the pipeline, bypassing the bulk of ipcz. I am optimistic that this shouldn't be too big of a deal, given the amount of ipc-specific integration we already need to do to discover things like protocols so we can send the correct message types.

This means that we would not be fuzzing the underlying ipcz protocols, however hopefully chromium will be fuzzing and testing that part of the library independently from us.

See Also: → CVE-2023-5170
You need to log in before you can comment on or make changes to this bug.